All posts by David Lehman

PowerCLI: "WARNING: There were one or more problems with the server certificate"

When you run a PowerCLI script that connects to a vCenter Server, which uses a self-signed SSL certificate:

1:57:08 AM Connecting to VI Server
WARNING: There were one or more problems with the server certificate:
* A certification chain processed correctly, but terminated in a root
certificate which isn't trusted by the trust provider.
Certificate: [Subject]
  E=support@vmware.com, CN=foo.example.com, OU="VMware, Inc.", O="VMware, Inc."
[Issuer]
  E=support@vmware.com, CN=foo.example.com, OU="VMware, Inc.", O="VMware, Inc."
[Serial Number]
  C49018FF
[Not Before]
  5/18/2012 9:20:09 AM
[Not After]
  5/16/2022 9:20:09 AM
[Thumbprint]
  AAA9E2D164E7258D0BF2841173AE46034C097FFF
The server certificate is not valid.
WARNING: THE DEFAULT BEHAVIOR UPON INVALID SERVER CERTIFICATE WILL CHANGE IN A
FUTURE RELEASE. To ensure scripts are not affected by the change, use
Set-PowerCLIConfiguration to set a value for the InvalidCertificateAction
option.
PowerCLI C:\> Get-PowerCLIConfiguration
Scope    ProxyPolicy     DefaultVIServerMode InvalidCertificateAction  DisplayDeprecationWarnings WebOperationTimeout
                                                                                                  Seconds
-----    -----------     ------------------- ------------------------  -------------------------- -------------------
Session  UseSystemProxy  Single              Unset                     True                       300
User                     Single
AllUsers

To permanently resolve this, Right-click on PowerCLI > Run as Administrator:

PowerCLI C:\> set-PowerCLIConfiguration -invalidCertificateAction "ignore" -confirm:$false
Scope    ProxyPolicy     DefaultVIServerMode InvalidCertificateAction  DisplayDeprecationWarnings WebOperationTimeout
                                                                                                  Seconds
-----    -----------     ------------------- ------------------------  -------------------------- -------------------
Session  UseSystemProxy  Multiple            Ignore                    True                       300
User
AllUsers                                     Ignore

References

PowerCLI: "Security Warning. Run only scripts that you trust."

Actually, this is an issue with PowerShell and not PowerCLI. When a script is downloaded via Internet Explorer from the Internet or an Intranet, a NTFS Alternative Data Stream is added to the file with a Zone Identifier, indicating the file’s origin. These scripts are unsigned, and thus untrusted.

PowerCLI C:\vCheck-vSphere-master> .\vCheck.ps1
Security Warning
Run only scripts that you trust. While scripts from the Internet can be useful, this script can potentially harm your computer. Do you want to run
C:\vCheck-vSphere-master\Styles\Default\Style.ps1?
[D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): D

To resolve this, Right-click on PowerCLI > Run as Administrator:

PowerCLI C:\> Get-ExecutionPolicy
Unrestricted
PowerCLI C:\> Set-ExecutionPolicy bypass
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topic.
Do you want to change the execution policy?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): Y

References

PowerCLI: "Initialize-PowerCLIEnvironment.ps1 cannot be loaded because the execution of scripts is disabled on this system."

Whenever you start PowerCLI, you see:

File C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\Scripts\Initialize-PowerCLIEnvironment.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "get-help about_signing" for more details.
At line:1 char:2
+ . <<<<  "C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\Script
s\Initialize-PowerCLIEnvironment.ps1"
    + CategoryInfo          : NotSpecified: (:) [], PSSecurityException
    + FullyQualifiedErrorId : RuntimeException
PS C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI>

To permanently allow the execution of scripts, Right-click on PowerCLI > Run as Administrator:

PS C:\> Get-ExecutionPolicy
Restricted
PS C:\> Set-ExecutionPolicy RemoteSigned
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topic. Do you want to change the execution policy?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y
PS C:\> Get-ExecutionPolicy
RemoteSigned

VMware Workstation "Enter License Key" Button Doesn't Work

On VMware Workstation 9.0.2 running on Linux Mint 15 Olivia, “Help > Enter License Key > Enter License key” doesn’t do anything.
To enter your license key, run this command:

sudo /usr/lib/vmware/bin/vmware-enter-serial

A window will then pop up prompting for your license key, which you may now enter.

vSphere ESXi Evaluation Mode License Assigned to Host has Expired

If the 60-day VMware vSphere ESXi evaluation license expires for a host before you change it to your payed license, you will not be able to power on or reset the virtual machines running, and many features will no longer be available for your ESXi host.
The ESXi host will be disconnected from vCenter. When attempting to reconnect the host via vCenter, you will receive the error message, “The Evaluation Mode License assigned to Host has expired. Recommend updating the license.”2013-05-29_esxi-expire
Since the host is disconnected, and the license has expired, you will not be able to change the ESXi license as you normally would (by going to Configuration > Licensed Features > Edit).

  • Use the vSphere Client to directly login to the affected ESXi host
  • Click the Configuration tab.
  • Click Licensed Features under Software.
  • Click Edit under Licensed Features.
  • Select Assign a new license key to this host.
  • Press Enter and enter the License Key.
  • Click OK.

Boot SeaTools off of a USB Drive

Seagate SeaTools is free hard drive testing software. SeaTools for DOS runs independent from your operating system on its own CD or bootable USB drive. You do not need to own a Seagate or Maxtor hard drive to use SeaTools.

  1. Download the SeaTools for DOS ISO file
  2. Use 7-Zip to open the SeaTools for DOS ISO file.
  3. Extract the SeaTools.ima file to your hard drive.
  4. Rename the SeaTools.ima file to SeaTools.img.
  5. Use Image Writer for Windows to write the SeaTools.img image file to a USB drive on Windows.
  6. Now you can boot off of this USB drive and run SeaTools for DOS.

Note: Writing the SeaTools for DOS ISO file directly to a USB drive using either Rufus or UNetbootin does not work. When doing so I receive a “BOOTMGR is missing” error message when booting off of the USB drive.

Resources

Installing vSphere ESXi 5 Hypervisor from a USB Drive

  1. Download vSphere ESXi ISO from here: https://www.vmware.com/go/get-free-esxi
  2. Download UNetbootin (Linux, Windows, Mac OS) or Rufus (Windows).
  3. Start UNetbootin and choose:
    • Diskimage
    • ISO
    • Select the downloaded ESXi ISO
    • Type: USB Drive
    • Drive: Select your USB drive
    • Select OK
  4. Boot your host off of this USB drive.

References

Calculate the MD5 hash (checksum) on Windows with winMd5Sum

winMd5Sum is a free, open source MD5 sum checker that allows you to check and compare the md5 sums of files.
winMd5Sum Portable makes it easy to verify that the files you download are unaltered. Simply drag and drop a file to the window and it will calculate the Md5 sum in seconds. You can even copy and paste the published md5 sum into the compare box to quickly compare it.
An MD5 sum is a cryptographic hash used to verify the integrity of files. So, when you download a file, you can check what the publisher says the MD5 sum is and compare it to the MD5 sum of the file you have. More about MD5..
Published by NullRiver Software. Download here: http://www.nullriver.com/products/winmd5sum.
Also, there is the free application WinMD5Free.
Also, Microsoft has created the File Checksum Integrity Verifier command-prompt utility that computes and verifies cryptographic hash values of files. Download it here: http://support.microsoft.com/kb/841290.