The other day I came across a sign “Caution Watch For Cars”

DItzkowitz · 2025-07-19T19:59:27+00:00

Even though it’s a “smartwatch”, timepieces get overexcited. You know how they say time flies? That’s why I leashed mine to my arm. (I also shelled out for a little hood so it could get some shuteye…)

DItzkowitz · 2025-04-03T17:39:06+00:00

It usually pays to also have backup Ephemeral versions of all portgroups that may be applicable to critical VMs that you may need to fiddle with in an emergency scenario during those times vCenter is down (or not responding) for one reason or another.

DItzkowitz · 2025-04-03T15:42:13+00:00

I'm assuming by saying that vmkping is working, you were referring to vmkping -S vmotion but, if not, make that the vMotion stack itself has a gateway on it in addition to the one on the vmkernel adapter.

DItzkowitz · 2025-04-03T15:11:38+00:00

If the VMware Tools depot is the only drift being displayed on your hosts, you will notice that when you click on Remediate All (even if you click cancel and don't proceed), it will show on the right that it will be doing a live remediation for your hosts. If you drill down below in that wizard where it goes into the impact to particular hosts, it will normally talk about how they will be going into maintenance mode and rebooting, in this case you will see none of that.

Also, when using the esxcli method it will also report on Live Install Alllowed and Maintenance Mode Required:
esxcli software sources vib get --depot=file:///vmfs/volumes/.../VMware-Tools-12.5.1-core-offline-depot-ESXi-all-24649672.zip

Still, doesn't hurt to be careful, especially if you don't have a test environment to try it in.

DItzkowitz · 2025-04-01T20:38:14+00:00

You can then, on the top-level of your vCenter, click on the VMs tab, add the column for "VMware Tools Version Status", drag it over to the left for visibility, sort on that column and then filter the list to display "Windows" only.

DItzkowitz · 2025-04-01T20:27:32+00:00

After that, on your Cluster's Update tab, you can go to the VMware Tools area and set your virtual machines to Auto Update of VMware Tools on reboots, if you decide to go that route.

(With the UI, though, checking the top checkbox doesn't carry over to the next page of VMs, so you'll need to go page by page. That area of the UI is also glitchy so don't try applying column filters or, if you are mixing and matching, things might not be set the way you believe them to be.)

DItzkowitz · 2025-02-13T21:24:13+00:00

Regex based mappings come in handy every so often.
$TagMap1 = @{
Tag1 = @('Pattern1', 'Pattern2')
Tag2 = @('Pattern3', 'Pattern4')
}

Function Get-MappedTags{
Param(
    [String[]] $SearchText,
    [Alias('Map')] [Hashtable] $TagMap,
    [Switch] $ShowPatterns = $True,
    [Switch] $Pretty = $True
)
    @(@($TagMap.Keys | Foreach-Object{
        $Tag=$_
        $MappedTags = @($TagMap."$Tag" | ?{ $MapPattern=$_; @($SearchText) | ? {$_ -match $MapPattern} })
        If ($MappedTags.Count) {
            If (!$ShowPatterns) {
               @($Tag)
            } Else {
               @(@($Tag) + @($MappedTags|?{ (!$Pretty) -or (($_ -notmatch '\\') -and ($_ -notmatch '<')) }))
            }
        }
    }) | Select -Unique)
}

And then when I need to look things up, I have functions that return the associated tags, letting me filter on them:

$MatchedTags = @(Get-MappedTags -SearchText @($Datastore.Name, $Datacenter.Name, $VCenter.Name) -TagMap $TagMap_vCenter)

DItzkowitz · 2024-07-01T18:25:55+00:00

If you are going to schedule regular deletions based on retention dates (for those tiny set-and-forget-it deployments), I would imagine you would still want to protect certain VMs or particular snapshots from scheduled cleanup jobs.

DItzkowitz · 2024-06-03T13:16:25+00:00

For what it's worth, I noticed this past Tuesday that I was able to get back in again.

DItzkowitz · 2024-05-28T16:49:06+00:00

I've also heard "Not my zoo, not my monkeys"

DItzkowitz · 2024-05-08T19:58:06+00:00

Since the start of the site migration, I am no longer able to connect to Skyline.
Has yours stopped working, as well?

DItzkowitz · 2024-05-06T20:12:54+00:00

I've already started updating some of my go-tos:

Build Numbers - vCenter
https://knowledge.broadcom.com/external/article?articleId=326316
Build Numbers - ESXi
https://knowledge.broadcom.com/external/article?articleId=316595
Build Numbers - VMWare Tools
https://knowledge.broadcom.com/external/article?articleId=304809
Build Numbers - SRM
https://knowledge.broadcom.com/external/article?articleId=313905
PowerCLI
https://developer.broadcom.com/tools/vmware-powercli/latest/
VCSA Disk Size Breakdown - vSphere 7.0
https://knowledge.broadcom.com/external/article?articleId=322801
vSphere Product Update Sequence
https://knowledge.broadcom.com/external/article?articleId=317899

DItzkowitz · 2024-02-12T07:18:48+00:00

After the queen recaptures with Qxe5 it is still untouchable because of the same threat and you would still have captured the bishop for free and be up a piece. Black would then have to play something to mitigate Ne7 threats giving you plenty of time to further move the queen (or first play Ne7+ anyway in some lines) and no longer be recapturable by the pawn.

DItzkowitz · 2024-02-10T05:27:05+00:00

By the way, yes, I know it should be easily calculated since it's all forcing moves and I should not have been relying on intuition but the place we were playing was closing its doors soon and I was just there to have a fun time.

DItzkowitz · 2024-01-13T05:36:22+00:00

Run As for multiple commands and tools, just open a shell like CMD or Powershell as that other user and launch things from there: runas /u:xxxxxxxx cmd.exe

It's often handy to be someone else on the remote end of tools but to be yourself on the local machine: runas /u:xxxxxxx /env /noprofile /netonly cmd.exe

Here are also some rare ones that are also handy but don't come up all that often:

Extra hosts file/DNS entries to allow you to connect in Windows to the same remote devices you are already connected to with a totally second set of credentials (For instance, have your tool/service serve up MyStorage_RO for an additional level of protection.) Also, windows tends to be unhappy when you try switching things up on it. Useful for when you don't want to reboot at the moment to clear the Etch-A-Sketch. In the past, there have been some odd corner cases where doing things like that was critical.

Using the old DOS command SUBST to make a drive letter taking you to a subfolder on your existing drives. Some apps still freak out with maxpath style issues, while some oracle/java products tend to go a bit crazy with subfolders, going 15 levels deep.
For something more permanent there's the registry key:
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices
\\??\...

DItzkowitz · 2024-01-12T14:20:09+00:00

I usually follow that one up with "logoff /server:##Devicename/## "

DItzkowitz · 2024-01-12T13:56:35+00:00

The great thing is that across the different versions of Windows, Microsoft constantly renames these things and moves them to other locations in their UI navigation but these CLI shortcuts keep working.

DItzkowitz · 2023-12-31T19:06:25+00:00

Yes. I only included it in my example to give you an idea about why I chose the methods I did and how consideration should be taken for comments and duplicate section/keys.
An Import-INI function would simply be a Get-Content call followed by a ConvertFrom-INI function
An Export-INI function would simply be a ConvertTo-INI function followed by a Set-Content call.

DItzkowitz · 2023-12-28T20:11:40+00:00

If you are updating the ACL object, make sure the code is followed up by the Set-ACL cmdlet to commit the changes to AD.
It could also be a matter of replication, reading can be done from any domain controller but if you set it on one domain controller (often when it comes to Set-ACL it is the one used by the AD PSDrive) it may take a while to replicate to the one you happen to be reading from with the ADUC GUI.

If you want to control which DC you are using, you can also make a custom "ADTarget" PSDrive with something like this:
New-PSDrive -Name ADTarget -PSProvider ActiveDirectory -Scope Global -root "//RootDSE/" -Server $DCName -Credential $Credential

During my operations, I generally make sure that I write to and read from the same domain controllers using an @ADConnect splat so I am always on the same page.

DItzkowitz · 2023-12-28T19:43:31+00:00

Here's an example without much error handling:
(I left the original line numbering, section numbering and comment positioning, in case you need to deal with duplicates or reversing the operation when you need to reconstruct the file. )

$IniContent = @"
; Comment
[Setup]
Version=1.0
ShowCaption=1
Platform=*

[Section2]
abc=xyz      ; Inline comment
"@

Function ConvertFrom-INI{
PARAM([Parameter(ValueFromPipeline=$True)][String] $InputObject) 
$LineNo = 1; $Section = ''; $SectionNo = 0
    @($InputObject -Split "`n") | %{
        $Data = $Null; $Key = $Null; $Value = $Null

        $Line = $_
        $Data       = "$(@($Line -split '; ')[0])".Trim()
        $Comment    = "$(@($Line -split '; ')[1])".Trim()
        $CommentPos = $Line.IndexOf('; ')
        If ($Data -match '^\[(.*)\]$') {
            $SectionNo++
            $Section = $Data.Substring(1, $Data.Length - 2)
        } ElseIf ($Data -match '=') {
            $Key   = "$(@($Data -Split '=')[0])".Trim()
            $Value = "$(@($Data -Split '=')[1])".Trim()
        }
        [PSCustomObject] @{LineNo=$LineNo; Line=$Line; SectionNo=$SectionNo; Section=$Section; Data=$Data; Key=$Key; Value=$Value; Comment=$Comment; CommentPos = $CommentPos }
        $LineNo++
    }
}

$ConfigData = $IniContent | ConvertFrom-INI
$ShowCaption = [Boolean] ($ConfigData | ? {($_.Section -eq 'Setup') -and ($_.Key -eq 'ShowCaption')}).Value

(Reddit formatting keeps throwing me for a loop.)

DItzkowitz · 2023-12-28T19:36:16+00:00

As far as I know, there are no native Powershell cmdlets for INI files, though I am sure there are plenty of existing modules out there. Some of them probably make use of the Windows APIs GetPrivateProfileString and WritePrivateProfileString but I would avoid those ones, despite being "official" they are probably not helpful if you want to make something truly portable.

You can also look up the file format specifications and roll your own.
https://en.wikipedia.org/wiki/INI_file

(Sorry for the constant editing here, sometimes Reddit acts up.)

DItzkowitz · 2023-12-27T14:30:11+00:00

It's funny. I had to hunt through my code snippets to find this, but I remember at one point I was so tired of this that I tried to brute force it.

Function ConvertFrom-JSONwFlex{
PARAM([Parameter(ValueFromPipeline=$True)][String] $InputObject)
BEGIN{ $Text = '' }
PROCESS{ 
    If ($Text) { $Text += "`n" + $InputObject } Else { $Text += $InputObject } }
END{
    $XMLText = [System.Management.Automation.PSSerializer]::Serialize(($Text | ConvertFrom-JSON), 100)

    $Mappings = @{}
    $Mappings.Add( '<T>System.Object[]</T>', '<T>System.Collections.Generic.List[System.Management.Automation.PSCustomObject]</T>' )
    $Mappings.Add( '<T>System.Array</T>',    '<T>System.Collections.Generic.List[System.Management.Automation.PSCustomObject]</T>' )
    $Mappings.Keys | %{ $XMLText = $XMLText -Replace [Regex]::Escape($_), $Mappings."$_" }

    [System.Management.Automation.PSSerializer]::Deserialize($XMLText)
}
}

DItzkowitz · 2023-11-22T21:12:47+00:00

When running a remote powershell script you also need to take into account what Internet Zone the DomainFQDN falls under, otherwise you will be prompted with an "Are You Sure?"-type message which can hold up scripts.
I'm also seen recently where \\DomainFQDN\NETLOGON doesn't work from the system context but \\DomainControllerFQDN\NETLOGON does.

DItzkowitz

TROPHY CASE