Uncategorized

Quick tip: Reset the password of an Azure Virtual Machine

In my Azure test tenant, I forgot the password of an Azure Windows Domain Controller VM. In Azure, there is a Reset Password option available in the VM options.

 

The password reset update failed. The password reset option uses a VM Access extension. When digging into the activity log I found the following error:

VMAccess Extension does not support Domain Controller

So I went to another approach using the following steps:

Prerequisites:

  • Ensure the VM status is running
  • Create a new password
    • Portal – between 12 – 123 characters
    • PowerShell – between 8 – 123 characters
    • CLI – between 12 – 123
    • Have lower characters
    • Have upper characters
    • Have a digit
    • Have a special character (Regex match [\W_])

Using the Azure portal

    • Log in to the Azure portal
    • Navigate to the Virtual Machine that you want to reset the password for.
    • Select the Virtual Machine
    • Select Run Command
    • Select RunPowerShellScript
    • In the “Run Command Script” window enter:
net user <username> <password>

 

Using Cloud Shell

  • Log in to the Azure portal
  • In the Azure Portal open Cloud Shell
  • Select Bash
  • In the following command change: <vm> <resource group the vm belongs > <username> and <password>
az vm run-command invoke --command-id RunPowerShellScript --name <vm> -g <resource group the VM belongs too> --scripts "net user <username> <password>"

 

 

Using the RunPowerShellScript is a lifesaver when you forgot the password of a Windows Domain Controller VM in Azure. This procedure works also for regular Windows VMs.

List all the active VMware Horizon client versions that are used

Before upgrading a VMware Horizon environment I want to known what VMware Horizon Client versions are in use.  Just to be sure that the VMware Horizon clients are supported when upgrading to a new VMware Horizon version.

Another use-case is to identify the VMware Horizon Client versions that are in use for security releated issues.  In the VMware Horizon Administrator you can allow what VMware Horizon client versions are able to connect.

The following script displays all the VMware Horizon sessions and the VMware Horizon client version that is used to connect to the VMware Horizon environment.

Make sure that the VMware.HV.Helper module is installed (Link).

&lt;#
.SYNOPSIS
    HorizonClient.ps1.ps1
.VERSION
    1.0
.DESCRIPTION
    List all the Connection and displays the VMware Horizon client version. 
.NOTES
    Author(s): Ivo Beerens
    Requirements:  
        Make sure the VMware.HV.Helper module is installed, see: https://github.com/vmware/PowerCLI-Example-Scripts
        Copy the VMware.Hv.Helper to the module location.
.EXAMPLE
    PS&gt; ./HorizonClient.ps1
#&gt;

# Variables
$connectionserver = 'srv-con-01'
$domain = 'lab.local'
$date = Get-date -UFormat "%d-%m-%Y"
$output = "C:\Temp\horclients-$date.csv"

# Import module
Import-Module VMware.Hv.Helper

Write-Output "", "Connecting to the Horizon Connection Server"
Connect-HVServer -Server $connectionserver -domain $domain

# List all Users and clients with the Horion client the are running
$localsessioninfo = (get-HVlocalsession).Namesdata | Select-Object UserName, MachineOrRDSServerName, AgentVersion, DesktopPoolCN, ClientType, ClientAddress, ClientName, ClientVersion, SecurityGatewayDNS, SecurityGatewayAddress | Sort-Object ClientVersion

# Export the output to a grid and CSV file
$localsessioninfo | Out-GridView -Title 'VMware Horizon Client versions'
$localsessioninfo | export-csv $output -Force -NoTypeInformation

Disconnect-HVServer * -Confirm:$false

This script (HorizonClients.ps1) can be found on my GitHub repo (Link)

Create a central VMware Tools repository

VMware Tools releases have been decoupled from VMware vSphere release since version 10.0. You can now standardize to the latest VMware Tools by configuring a centralized repository. This can be useful when you want to point to a new VMware Tools version when for example a security vulnerability in identified VMware Tools. This is recently happened and described in the VMSA-2021-0013 security advisory. (link) for example.

Requirements:

  • VMware ESXi 6.7 Update 1 or later
  • PowerCLI installed

Here are the steps to create a central VMware Tools repository:

  • Create a folder structure on a central datastore (all VMware ESXi hosts have access to this datastore)  in the cluster. For example:
    • On the nfs01 datastore is created a folder called “vmwtools“, under that folder, I created another folder called “11.3.0-18090558
  • Download the latest VMware Tools version, link
  • Extract the VMware Tools ZIP file. Two folders are extracted:
    • floppies
    • vmtools
  • Upload the two folders to the folder structure created. In this example I used: /vmfs/volumes/vmwtools/11.3.0-18090558

  • Change the following variables so it matches the vSphere environment:
    • $cluster
    • $datastore
  • The PowerCLI script below will point all the VMware ESXi hosts in a cluster to the central VMware Tools repository location.
  • Execute this script
# Import PowerCLI module
Import-Module VMware.PowerCLI

# VMware VirtualCenter server name 
$VCserver = read-host "Enter the vCenter server name"

# Connect to the vCenter server 
Connect-VIServer -server $VCserver

$cluster = 'CL-MGNT'
$hosts = Get-Cluster -Name $cluster | Get-VMHost
$datastore = '/vmfs/volumes/nfs01/vmwtools/11.3.0-18090558/'

# Display current VMware Location
$hosts | Get-AdvancedSetting -Name "UserVars.ProductLockerLocation" | Select-Object Entity,Value

# Change VMware Tools location 
Get-cluster -name $cluster | Get-VMhost | %{$_.ExtensionData.UpdateProductLockerLocation($datastore)}  

# Display current VMware Location
$hosts | Get-AdvancedSetting -Name "UserVars.ProductLockerLocation" | Select-Object Entity,Value

# Disconnect vCenter 
Disconnect-VIserver -server * -Confirm:$false

The default location of the VMware Tools is: /locker/packages/vmtoolsRepo/

  • Select a Windows VM in the vSphere cluster. A message is displayed that there is a newer version of VMware Tools available.
  • Select Upgrade VMware Tools (It is possible that the VM is automatically rebooted when choosing for an Automatic Upgrade).

  • After the installation, check if VMTools is running and if the version is current.

Creating a central VMware Tools repository is an easy step that is very useful to stay up to date with the latest VMware Tools versions for the Virtual Machines.

The VMware PowerCLI script listed above can be found on my GitHub repository, link.