PowerCLI cannot be installed or updated because the authenticode signature of the file error

On a new Windows Server 2022 VM I tried to install a fresh copy of VMware.PowerCLI (13.0.0) with the following PowerShell command:

Install-Module VMware.PowerCLI -Scope CurrentUser

The following error occurred:

PackageManagement\Install-Package : The module ‘VMware.VimAutomation.License’ cannot be installed or updated because the authenticode signature of the file ‘VMware.VimAutomation.License.cat’ is not valid. At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:1809 char:21 + … $null = PackageManagement\Install-Package @PSBoundParameters + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (Microsoft.Power….InstallPackage:InstallPackage) [Install-Package], Exception + FullyQualifiedErrorId : InvalidAuthenticodeSignature,ValidateAndGet-AuthenticodeSignature,Microsoft.PowerShell.P ackageManagement.Cmdlets.InstallPackage

 

 

Using the -Force and -SkipPublisherCheck options fixed the error. The command to execute is:

Install-Module VMware.PowerCLI -Scope CurrentUser -Force -SkipPublisherCheck -AllowClobber

For existing installations, you can first remove PowerCLI and then install PowerCLI again:

Get-InstalledModule VMware.PowerCLI | Uninstall-Module -Force
Install-Module VMware.PowerCLI -Scope CurrentUser -Force -SkipPublisherCheck -AllowClobber

After the PowerCLI modules installation finishes you can run the following command to check what version is installed:

Get-InstalledModule VMware.PowerCLI | Select Name, Version

Certificate error

When trying to connect to the vCenter Server you’ve got the following error:

Invalid server certificate. Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you’d like to connect once or to add a permanent exception for this server.

I had no trusted certificate installed. The following command ignores invalid certificates and suppresses the VMware Customer Experience Improvement Program:

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false -ParticipateInCeip $false

Now I was able to connect to vCenter Server with PowerCLI.

 

Quick tip: Reset the password of an Azure Virtual Machine

In my Azure test tenant, I forgot the password of an Azure Windows Domain Controller VM. In Azure, there is a Reset Password option available in the VM options.

 

The password reset update failed. The password reset option uses a VM Access extension. When digging into the activity log I found the following error:

VMAccess Extension does not support Domain Controller

So I went to another approach using the following steps:

Prerequisites:

  • Ensure the VM status is running
  • Create a new password
    • Portal – between 12 – 123 characters
    • PowerShell – between 8 – 123 characters
    • CLI – between 12 – 123
    • Have lower characters
    • Have upper characters
    • Have a digit
    • Have a special character (Regex match [\W_])

Using the Azure portal

    • Log in to the Azure portal
    • Navigate to the Virtual Machine that you want to reset the password for.
    • Select the Virtual Machine
    • Select Run Command
    • Select RunPowerShellScript
    • In the “Run Command Script” window enter:
net user <username> <password>

 

Using Cloud Shell

  • Log in to the Azure portal
  • In the Azure Portal open Cloud Shell
  • Select Bash
  • In the following command change: <vm> <resource group the vm belongs > <username> and <password>
az vm run-command invoke --command-id RunPowerShellScript --name <vm> -g <resource group the VM belongs too> --scripts "net user <username> <password>"

 

 

Using the RunPowerShellScript is a lifesaver when you forgot the password of a Windows Domain Controller VM in Azure. This procedure works also for regular Windows VMs.

Troubleshoot your Azure Virtual Desktop (AVD) or Remote Desktop Environment with the MSRD-Collect tool

I recently stumbled on a cool tool called “MSRD-Collect”. MSRD stands for Microsoft CSS Remote Desktop Data Collection and Diagnostic Script. MSRD-Collect is a PowerShell script with separate modules designed to collect information that will help Microsoft Customer Support Services (CSS) to troubleshoot issues in Azure Virtual Desktop or Remote Desktop Services environments.

MSRD-Collect is not only a handy tool for Microsoft CSS but can be used by AVD or RDS administrators having issues or who want to check the health of their session hosts.  MSRD-Collect can be executed from the AVD session or Remote Desktop hosts. The tool is created and maintained by Robert Klemencz and Alexandru Olariu from Microsoft.

What checks are performed?

The script performs the following diagnostics, from AVD, and RDS (RDP) environments:

  • Overview of the system the script is running on (General information)
  • OS activation / licensing
  • Top 10 processes using the most CPU time on all processors
  • Total and available disk space
  • Graphics configuration
  • Windows Installer information
  • Windows Search information
  • SSL/TLS configuration
  • User Account Control (UAC) configuration
  • Windows Update configuration
  • WinRM and PowerShell configuration/requirements
  • Authentication and Logon information
  • FSLogix configuration and presence of the recommended Windows Defender Antivirus exclusion values for FSLogix (if present)
  • Multimedia configuration (Multimedia Redirection and Audio/Video privacy settings)
  • Remote Desktop client information
  • Remote Desktop licensing configuration
  • RDP and remote desktop listener configuration
  • Information on installed RDS roles and their services (if present)
  • Remote Desktop device and resource redirection configuration
  • Antivirus information (if present)
  • Remote Desktop related security settings and requirements
  • Remote Desktop ‘Session Time Limits’ and other network time limit policy settings
  • AVD host pool information
  • AVD Agent and SxS Stack information
  • Information related to AVD usage on Azure Stack HCI
  • AVD required URLs accessibility
  • AVD services API health status (BrokerURI, BrokerURIGlobal, DiagnosticsUri, BrokerResourceIdURIGlobal)
  • RDP ShortPath configuration (Windows 10+ and Server OS) for both managed and public networks
  • Azure AD-join configuration
  • Check for Domain Controller configuration (trusted and available)
  • DNS configuration (Windows 10+ and Server OS)
  • Firewall configuration (Firewall software available inside the VM – does not apply to external firewalls)
  • Proxy and route configuration
  • Public IP address information
  • VPN connection profile information
  • Various settings that are sometimes related to Black Screen logon scenarios
  • Installed Citrix software and some other 3rd party components potentially running on the system, which may be relevant in various troubleshooting scenarios
  • Microsoft Office Configuration
  • OneDrive configuration and requirements for FSLogix compatibility
  • Printing information (spooler service status, available printers)
  • Teams information and AVD media optimization configuration for Teams (if present)
  • Known AVD agent-related issues over the past 5 days
  • Known FSLogix-related issues over the past 5 days
  • Known MSIX App Attach related issues over the past 5 days
  • Known RDP ShortPath issues over the past 5 days
  • Known Black Screen issues over the past 5 days
  • Known TCP issues over the past 5 days
  • Known Process and system crashes over the past 5 days
  • Known Process hangs over the past 5 days

The data collected is not uploaded to Microsoft!

How to run the MSRD-Collect tool?

  • Download MSRD-Collect, link. or use the following URL:
https://aka.ms/avd-collect
  • Extract the zip file
  • Set the PowerShell execution mode:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force -Scope Process
  • Unblock the files
Get-ChildItem -Recurse -Path C:\MSRD_Path\Modules\*.ps* | Unblock-File -Confirm:$false
  • MSRD-Collect can be run from the command line or with GUI. To run MSRD-Collect with a GUI, execute:
    • MSRD-Collect.ps1 in a PowerShell session with elevated permissions in order to collect all required data
  • Select AVD or RDS as a source and click on Start to begin gathering data

  • The data will default be stored in the  c:\MSDATA folder. This can be changed in the GUI or when running from the command line
  • When the script finishes. a nice HTML page (<servername_MSRD-Diag.HTML)  is generated:

The output contains all settings and links to other log files. Sections marked in Yellow need attention. For example, to view the latest Windows Updates installed, click on the Updates Section and then UpdateHistory.html:

Conclusion

MSRD-Collect is definitely a tool that every AVD or RDS administrator must have in their toolbox. MSRD-Collect gives great detailed information about the state of the AVD/RDS environment and makes troubleshooting a lot easier. With the command line option, you can schedule the script to run at regular times.

Make sure you run this tool before calling Microsoft CSS when having issues with your AVD or RDS environment.