Store Secure Credentials in the Registry with PowerShell
This process will store secure credentials in the registry. It allows you to query those credentials and then pass them using PowerCLI to make a connection to vCenter.
This is a simple code snippet that will ask for credentials and then add them to the registry. To make this easier, you can have PowerShell create the key that will house the information and then add the proper values. I’m going to use HKEY_CURRENT_USER but feel free to store these in HKEY_LOCAL_MACHINE if necessary. To store information into HKLM, you may need to elevate your PowerShell environment to administrator. I find putting stuff in HKCU is much easier… and it has the added benefit of storing credentials with the user instead of the machine.
# Creates the structure
$strRegistryKey = "HKCU:\SOFTWARE\MySoftware\Users"
New-Item -Path $strRegistryKey -ItemType RegistryKey -Force
# Gather credential information
$secureCredential = Get-Credential -Message "Enter the username and password:"
$securePassword = $secureCredential.Password | ConvertFrom-SecureString
$strUsername = $secureCredential.Username
# Add credentials to the registry
New-ItemProperty -Path $strRegistryKey -PropertyType String -Name $strUsername -Value $securePassword
This will add something like the following to your registry:
Notice that the Data column for email@example.com will be the password you entered but in encrypted form.
Retrieve Secure Credentials from the Registry with PowerShell
Now that we have it stored, we need to pull the information and log into vCenter with PowerCLI.
Read the rest →
Getting vCenter upgraded is fairly straight forward. However, if you have a vCenter HA configuration, it becomes a little more complex. Not difficult but there are some things you have to find before you can upgrade. I love VMware, don’t get me wrong. But, the documentation for upgrading vCenter HA is pretty…. vague and disjointed. So I wanted to go into detail to get through so that you know what to expect when upgrading.
This upgrade process is going to go over how to do this in a vCenter HA configuration. However, you can follow the same steps to do a non-vCenter HA deployment. You just won’t do any of the HA specific steps (skipping the upgrade on the passive and witness nodes). You’ll only update your primary vCenter instance and not the passive or witness nodes.
I’ve spent quite a bit of time with vCenter HA and have run into issues. I’ll mention those related to updating in this post. I do feel vCenter HA isn’t fully baked. It’s extremely quirky.
vCenter HA Issues
- You cannot upgrade a vCenter HA cluster unless it’s in maintenance mode. Even if you disable the vCenter HA cluster, it still won’t let you upgrade. Here is the message when I tried to updated the witness node when I’ve disabled vCenter HA:
- So, we put the cluster into maintenance mode before we upgrade. No worries right? Wrong. While you can update the witness and passive nodes, you cannot update the active node (it will throw a similar error as the one above). Well, why don’t I just failover the cluster? So if the passive and witness nodes are in this weird state (see pic below), you cannot failover. It’s like this chicken and egg situation:
- You must acquire the vCenter patch ISO. You have to drill down into the docs to find this out… and frankly, it would be super confusing for someone that is just starting out.
Read the rest →