Get-VMHostHardware Permission to perform this operation was denied

For a user with read-only

Get-VMHostHardware fails with Permission to perform this operation was denied

Add the Host-Cim-CimInteraction privilege.

hostcim

Download EJBCA certificate with powershell

i came up with this today

add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
    public bool CheckValidationResult(
        ServicePoint srvPoint, X509Certificate certificate,
        WebRequest request, int certificateProblem) {
        return true;
    }
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

you can look up the thumbprint to compare which one it is
get-childitem Cert:\CurrentUser\My

$superadmin = get-childitem Cert:\CurrentUser\My\YOUR_SUPERADMIN_CERT_HASH
invoke-webrequest -Uri "https://infralab.local:32768/ejbca/publicweb/webdist/certdist?cmd=lastcert&installtobrowser=&subject=CN%3dgregu.host.com&format=chain&hidemenu=false" -method "Get" -Certificate $superadmin

what's left is to generate the cert order via csr. this just just downloading the already made cert.

Matching physical disk in Dell R720 with vSan disk using naa and perccli

Really short:

check you naa in vsphere/vsan you are looking for, then using perccli installed in your esxi use:

./perccli /c0 show all | grep -i -B6 ‘WWN = 58cf32ee203db4d4’

Drive /c0/e15/s4 device attributes :
==================================
Manufacturer Id = TOSHIBA
Model Number = PX05SMB080Y
NAND Vendor = NA
SN = 6820A0FGTEFE
WWN = 58cf32ee203db4d4

Where, s4 is your slot where the disk resides, and you can also double check via idrac if s/n matches the drive in slot.

Baseline groups with powercli

Ok, i have no idea how EXACTLY that works, nobody could explain this to me, including my vmware TAM. But this it what i came up with. It’s only useful i suppose when you are dealing with a lot of update managers/baselines groups.

$JSESSION is something that comes up in your cookie after you have logged in to your webclient. You can install an addon into your chrome/firefox/etc… that shows you your cookies . I could not figure out how to obtain JSESSION variable automatically.  I used HTML5 webclient + fiddler in order to check how the calls were made and tried to reproduce them. Everything works as expected .

code:

 


function get-VUMnodeid($VC,$JSESSION){
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
$JSESSION= $JSESSION -replace ";"
$uri = 'https://'+$VC+'/ui/vum-ui/rest/vcenters'
$cookie = New-Object System.Net.Cookie
$cookie.Name='JSESSIONID'
$cookie.Value=$JSESSION
$cookie.Domain = 'cookie.domain.something.com'
$session = New-object Microsoft.PowerShell.Commands.WebRequestSession
$session.Cookies.Add($Cookie)
#Invoke-WebRequest -uri $uri -WebSession:$session
$request = ((Invoke-WebRequest -uri $uri -WebSession:$session).Content |convertfrom-Json).GetEnumerator() | ?{$_.name -eq $VC}
return $request.nodeid
}
function get-baselinegroup($VC,$JSESSION){
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
$JSESSION= $JSESSION -replace ";"
$vumid = get-VUMnodeid -vc $VC
$uri = 'https://'+$VC+'/ui/vum-ui/rest/nodes/'+$vumid+'/baselineGroups/'
$session = New-object Microsoft.PowerShell.Commands.WebRequestSession
#$cookiestr = 'Cookie: JSESSIONID=C164315B4958845216338B7C3F568090;'
#$cookiestr = 'Cookie: JSESSIONID=AE57E580958B38E21D2B892840BC8A6D; JSESSIONID=60F391E14417C6D581A34BBF01E03DF0; VSPHERE-UI-XSRF-TOKEN=7fff48d9-54fc-4244-98ba-4a7513858476; VSPHERE-USERNAME=gregk%40management.is; VSPHERE-CLIENT-SESSION-INDEX=_ea276e26b355abc989243d26ecbd4958; _pk_id.1.da8d=65733ab98c5fe089.1548769895.4.1549275686.1549271755..a6c285c80359fd81a3dbc83835bbca941eae248ec84b999da3d8fe12190ebb39'
#$cookiestrarray = $cookiestr.split()|?{$_ -match 'JSESSION'} |% {$_ -replace ";"}|%{$_.split('=')[1]}
$cookie = New-Object System.Net.Cookie
$cookie.Name='JSESSIONID'
$cookie.Value=$JSESSION
$cookie.Domain = $VC
$session.Cookies.Add($Cookie)

$session.headers.Add('Accept-Language',' en-US,en')
$session.headers.Add('Accept-Encoding','application/json')
#Invoke-WebRequest -uri $uri -WebSession:$session
write-host $uri
$request = ((Invoke-WebRequest -uri $uri -WebSession:$session).Content |convertfrom-Json).GetEnumerator()
return $request
}

 
function Get-BaselinegroupBaselines($VC,$BGid,$JSESSION){
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
#cookiestr the JSESSIONID has to be the right one
$vumid = get-VUMnodeid -vc $VC
$uri = 'https://'+$VC+'/ui/vum-ui/rest/nodes/'+$vumid+'/baselineGroups/'+$BGid
$session = New-object Microsoft.PowerShell.Commands.WebRequestSession
#$cookiestr = 'JSESSIONID=C164315B4958845216338B7C3F568090;'

$JSESSION= $JSESSION -replace ";"
$cookie = New-Object System.Net.Cookie
$cookie.Name='JSESSIONID'
$cookie.Value=$JSESSION
$cookie.Domain = $VC
$session.Cookies.Add($Cookie)

$session.headers.Add('Accept-Language',' en-US,en')
$session.headers.Add('Accept-Encoding','application/json')

$parentBG = (Get-Baselinegroup -jsession $JSESSION -vc $vc|?{$_.id -eq $bgId}).Name
$request = ((Invoke-WebRequest -uri $uri -WebSession:$session).Content |convertfrom-Json).Updates | select -unique -property baselineName| select *, @{n='parentBG';e={$parentBG}}
return $request
}

$VC should be your virtualcenter at which VUM is registered, your VC can be in linked mode as well. When you will open fiddler you will see that you can translate even creating baselinegroups , add something to baseline groups etc etc.. All we have to have is that JSESSION cookie with us. Heh.. before that i automated even Internet Explorer to get this cookie automatically but i failed at it ,as i could not get THAT PARTICULAR JSESSION cookie, i saw other cookies but not jsession so i gave up, and if i have to do now work at a lot of baselinegroups i just catch that JSESSION from cookie in browser addon.