PowerShell Tips 1


As you probably know, PowerShell is built on .NET, to be more precise Windows PowerShell is built on the .NET Framework, where PowerShell Core is built on .NET Core.

When you work with PowerShell in many cases you won’t be very concerned about this fact, but in some cases you can’t ignore it.

The other day while working on a PowerCLI script to get and set the logforwarding for a vCenter Server Appliance (vCSA), see also this older post.
The “get” part worked well. To retrieve the hostname, the port and protocol of the forwarding log servers run the following line of code:

(Get-CisService -name 'com.vmware.appliance.logging.forwarding').get()

For the set part, I created:

$spec = New-Object PSObject -Property @{

(Get-CisService -name 'com.vmware.appliance.logging.forwarding').set($spec)

However this failed, creating the following error message:


Parameter 'cfg_list' expects values of type  'System.Collections.Generic.List`1[[System.Management.Automation.PSObject, 
System.Management.Automation, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]' 
but received value of type 'System.Management.Automation.PSObject'.
At line:1 char:1
+ (Get-CisService -name 'com.vmware.appliance.logging.forwarding').set( ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (:) [], CisException
    + FullyQualifiedErrorId : VMware.VimAutomation.Cis.Core.Types.V1.CisException

From the documentation, it was already known to me that a vCSA supports a total of 3 log forwarding hosts – hence the ‘cfg_list’, but how to interpret this error message? The parameter ‘cfg_list’ must be of a certain type, but how to solve this. Luckily my colleague Bouke (you can see what is on his mind on https://www.jume.nl ), quickly showed me the solution by specifying the variable in the correct type.

The following piece of code does the ‘set’ job. The solution is in the first line; setting the correct type (variable $speclist) for the ‘cfg_list’ parameter.

$speclist = [System.Collections.Generic.List[PSobject]]::new()

$spec = New-Object PSObject -Property @{
$spec = New-Object PSObject -Property @{

(Get-CisService -name 'com.vmware.appliance.logging.forwarding').set($speclist)

As always, I thank you for reading.

What is the sharedPolicyRefCount?


Just a quick write-up for my own convenience.
Recently while working on a configuration management baseline for a vSphere environment, I stumbled on a particular advanced setting, present in ESXi. The setting is named config.globalsettings.guest.commands.sharedpolicyrefcount,
with description “Reference count to enable guest operations” and can have an integer value between 0 and 2147483647.

From its name I know it has something to do with the guest OS. A quick Google search did not reveal very useful information, in particular which value needs to be set (as I found “0” and “100” mentioned as preferred values).

From VMware Support, thank you Pranita Kumari, I learned that vRealize Infrastructure Navigator uses VMware tools to access the machines and configure the hosts and virtual machine for the discovery process. vRealize Infrastructure Navigator needs to set the ‘sharedpolicyrefcount’ parameter in order to do agent-less discovery.
If you don’t use vRealize Infrastructure Navigator ( as this product is end of distribution and GS), the best practice would be to set this option to default value 0.

That’s all, I thank you for reading.

Vester and DSC, a comparison


Over the past couple of months, I have published several posts about Configuration drift and tools like Vester and DSC Resources for VMware. Because Vester and DSC Resources for VMware serve the same goal, let us review what these tools have in common and see some of the differences.
Some topics; general information about the tool, configuration of the tool, the tool in daily operations, performance and a summary.


Both tools are built with PowerShell. Vester has been on the market for the longest time and dates from 2017. Vester comes as a PowerShell module and depends on two other modules; Pester and PowerCLI. Vester consists of three parts;

  • Commands that do the actual work, like creating configuration files, verifying the actual configuration and do remediation in case the actual configuration does not match the desired confguration.
  • Set of Test files. Each test file contains code that checks and applies a configuration item.
  • Config files, are key-value pairs with the desired values of the configuration items. Some examples: NTP settings, DNS servers, etc.

Desired State Configuration (DSC) was introduced in PowerShell 4 and brings a declarative model for the configuration of Windows Servers. DSC can copy files, edit the registry, install Windows features and components. After initial configuration, DSC can also test the desired configuration and if necessary perform remediation.
DSC Resources are what can be configured on a Windows server, but today not only on Windows Servers! DSC Resources for VMware was first released in December 2018. Instead of Windows servers, these resources can configure ESXi hosts and vCenter Servers, although the first edition had only a few resources. The second edition, released in June 2019 offered considerably more resources.
Both tools are available in the PowerShell Gallery and can be found in Github.

Read the rest of this entry »

Another Vester Test file generator and more vCenter checks


Some time after finishing the “Vester Test file generator”, I was wondering how to get more configuration settings out of a vCenter Server. Then I realized that vCenter Servers also contain a large number of advanced settings.

To get an overview of ALL Advanced Settings in vSphere, connect to a vCenter Server and run the following line:

PS> Get-AdvancedSetting -Entity *

In the output you will discover three large groups:
VIServer, vCenter Server settings
VMHost, ESXi host settings (see other Vester Generator)
VM, Virtual machine settings

And finally, two small groups “Compute Cluster DRS” (9 settings) and “Datastore Cluster” (3 settings).

Read the rest of this entry »

Securing DSC resources for VMware


Recently DSC Resources for VMware 2.0 was released. This new version comes with a lot of new resources and other features, like availability in the PowerShell Gallery. If DSC Resources for VMware is completely new,
I recommended reading the “Getting started” blog post, but do not follow the installation instructions. Instead install directly from the PowerShell Gallery, use something like this:

PS> Find-Module *VMware.vSphereDSC* | Install-Module

So after exploring “Vester”, the other DSC solution, it is now time to have a look at the DSC Resources for VMware 2.0.

Disclaimer: Windows PowerShell Desired State Configuration (from now on “DSC”) is often used for configuration management of Windows systems and as such is new to me. This post focuses on the use of DSC in a vSphere environment.

My setup;  I used an old Windows Server 2012R2 as a LCM. The vSphere environment is a VCSA version 6.5 and two ESXi hosts.
This post contains links to some script. All files mentioned in this post can be downloaded from this location. Then on the LCM, create a new folder named C:\VMwareDSC and place all the files in this folder.

One of my first goals was to understand how to create a good configuration. Luckily, the VMware DSC module contains an example folder, and I selected the VMHost_Config.ps1 configuration, an sample script for configuring an ESXi host.

Read the rest of this entry »

Vester Test file generator


In previous posts (see below), I presented some tips for creating new Vester Test files. As you may know, ESXi hosts have a large number of so called “Advanced System Settings” Some of these settings are already present as Vester test files. These Advanced System Settings can be handled with the Get-AdvancedSetting and Set-AdvancedSetting cmdlets. With this knowledge and some PowerShell code, it is not to difficult to create a complete set (>1.100) of Vester Test files.

The New-VesterHostAdvanced.ps1 script can be found here.

A brief description how it works. After connecting to a vCenter Server, one of the available ESXi hosts needs to be selected. The selected host will be used to create an overview of all available Advanced System Settings.

Key in creating the scripts is the concept of Here documents, in PowerShell known as Here-String. See for a brief overview. Key in Here-Strings is the usage of single or double quotes with variables. A Here-String with double quotes allows the usage of variables. Run the following code to see the difference.

$var = 'MyValue'
$formatText1 = @"
Here-String with double quotes
The variable $var
Variable replacement


$formatText2 = @'
Here-String with single quotes
The variable $var
Test as-is

Read the rest of this entry »

Creating Dashboards for Vester



In my first post about Vester, I ended the post with a number of items that needs further investigation. On top of my list is some kind of reporting function. After submitting an Invoke-Vester command lots of information scrolls over the screen.

Figure 1. – Output Invoke-Vester

Most administrators will not agree with an unseen remediation of the errors found and desire some kind of overview. It would also be nice to have some kind of overview while running Invoke-Vester as a scheduled job. Fortunately, one of my colleagues (Thank you Alex!) gave me the idea to create a dashboard. As there are many monitoring and dashboards product available like Grafana and Graphite there is also the PowerShell Universal Dashboard module. The PowerShell Universal Dashboard comes in a licensed Enterprise Edition and a free Community edition, documentation can be found here.

Installation is done by installing the module:

Install-Module UniversalDashboard.Community -AcceptLicense

To test UD, run the following code

$MyDashboard = New-UDDashboard -Title "Hello, World" -Content {

New-UDCard -Title "Hello, my first universal dashboard!"


Start-UDDashboard -Port 10000 -Dashboard $MyDashboard -Name 'HelloDashboard'

Start a browser and enter URL: http://localhost:10000, this should show this:

Figure 2.

For a nice introduction in Universal Dashboard, please read this post by Nicolas Prigent.

Read the rest of this entry »

Tips for writing Vester test files, part 2


This post is the second part in a series about writing effective Vester test files. The previous part can be found here.

When there is no easy Get and Set

An example, we want to create a test to check the Cluster DPM settings. The Get-Cluster cmdlet can show many properties, however the options of the corresponding Set-Cluster cmdlet are limited. You can see for yourself running the following command:

PS> help Set-Cluster -Parameter *

Commands like Get-Cluster, Get-VMHost, Get-Datacenter are practical, easy to use but have some limitations, like not showing all info and are not blazing fast.

Time to meet the Get-View cmdlet, a bit less user-friendly, but much quicker and very useful. The equivalent for the Get-Cluster cmdlet is:

PS> Get-View -ViewType ClusterComputeResource

To select a specific Cluster, use the -Filter parameter, like:

PS> Get-View -ViewType ClusterComputeResource -Filter @{"NAME"="Cluster01"}

Another way is:

PS> Get-Cluster -Name Cluster01 | Get-View

Time to create the first DPM test. To test if DPM is enabled, execute the following commands:

PS> $Cluster = Get-Cluster -Name Cluster01 | Get-View

And run this:

PS> $Cluster

You can see all properties, note there is “Configuration” and “ConfigurationEx”. Run both:

PS> $Cluster.Configuration
PS> $Cluster.ConfigurationEx

And note the difference, $Cluster.ConfigurationEx has a “DpmConfigInfo” section. The following line will show the current DPM configuration for Cluster “Cluster01”

PS> $Cluster.ConfigurationEx.DpmConfigInfo.Enabled

Enabled DefaultDpmBehavior HostPowerActionRate Option
------- ------------------ ------------------- ------
True automated 4

We can now write the first part for the DPM enabled test.

$Title = 'DRS Power Management enabled'
$Description = 'Enable Power Management DPM'
$Desired = $cfg.cluster.drsDpmEnable
$Type = 'bool'

# The command(s) to pull the actual value for comparison
# $Object will scope to the folder this test is in (Cluster, Host, etc.)
[ScriptBlock]$Actual = {
($Object | Get-View).Configurationex.DpmConfigInfo.Enabled

# The command(s) to match the environment to the config
# Use $Object to help filter, and $Desired to set the correct value
[ScriptBlock]$Fix = {

Read the rest of this entry »

Tips for writing Vester test files, part 1


Over the last couple of weeks, I took a look at the Desired State Configuration Resources for VMware (later more on that…).

But above all, I spent quite some time exploring Vester. Vester can be really useful, and it is relatively easy to create additional test files and get more configuration settings under Vester control. While working on new test files, I gathered some lessons learned that can be useful for others.

Naming Test file and the components

Choose a descriptive name for a new test file. Although test files are organized in folders, when the number of test files is increasing descriptive names can be helpful.
What makes a good name? Refer to something that is known and unique.
E.g. For vCenter Clusters, most settings are related to DRS or HA settings, the output of the following command can be helpful:

> Get-Cluster -Name Cluster01 | select *
VsanEnabled               : False
VsanDiskClaimMode         : Manual
HATotalSlots              : 
HAUsedSlots               : 
HAAvailableSlots          : 
HASlotCpuMHz              : 
HASlotMemoryMb            : 
HASlotMemoryGB            : 
HASlotNumVCpus            : 
ParentId                  : Folder-group-h23
ParentFolder              : host
HAEnabled                 : True
HAAdmissionControlEnabled : True
HAFailoverLevel           : 1
HARestartPriority         : Low
HAIsolationResponse       : PowerOff

E.g. Creating a test file for the HA Failover Level, name the test file: “HA-FailoverLevel.Vester.ps1”.
While working on a test file the following variables also play an important role.
The variable $Title is shown during each run of Invoke-Vester and can be used to provide more information then the title of the test file.

Fig. 1

Read the rest of this entry »

About vCenter Server Folders and how to Copy them


Recently, while working on a new deployment, it was determined to copy the folder structure from an existing vCenter Server to a new instance.
As the folder structure is complex and the vCenter Servers were located in separated environments, exporting and importing the folder structure seems the way to go.
Before continuing, let’s see how folders are organized in vCenter Server.

Each folder in vCenter Server has properties, which can be observed using one of the following commands:

PS> Get-Folder | Select *
PS> Get-View -ViewType Folder

In vCenter Server you can create Folders directly under the vCenter Object and under each Datacenter. Folders created under the vCenter Object will appear on each of the four tabs (“Host and Clusters”, “VMs and Templates”, “Storage” and “Networking”).
On the Datacenter level, you can create different folder structures for each of the four tabs. After creating a new Datacenter object, vCenter Server creates four hidden folders, named “host”, “network”, “datastore” and “vm”, which function as parent folders for each tab.

In the diagram (Fig. 1) I’ve tried to present an overview for a vCenter Server with two Datacenters (Datacenter1 and Datacenter2) and a few folders like “Discovered virtual machine” and ”Templates”.
On the far left is the root object which is always called “Datacenters”.
The folders marked with a red X are not visible in the vCenter GUI. Visible folders are marked with a blue folder icon. The properties “Name”, “Id” and “ParentId” are shown in the diagram. Each folder is uniquely identified with it’s “Id” and “ParentId”.

Fig. 1

Read the rest of this entry »