December 2019 - Virtually Trivial

Store Secure Credentials in the Registry with PowerShell and then connect to vCenter with PowerCLI

Posted on December 16, 2019 by Tim Durfee — Leave a reply

Store Secure Credentials in the Registry with PowerShell

This process will store secure credentials in the registry. It allows you to query those credentials and then pass them using PowerCLI to make a connection to vCenter.

This is a simple code snippet that will ask for credentials and then add them to the registry. To make this easier, you can have PowerShell create the key that will house the information and then add the proper values. I’m going to use HKEY_CURRENT_USER but feel free to store these in HKEY_LOCAL_MACHINE if necessary. To store information into HKLM, you may need to elevate your PowerShell environment to administrator. I find putting stuff in HKCU is much easier… and it has the added benefit of storing credentials with the user instead of the machine.

# Creates the structure
$strRegistryKey = "HKCU:\SOFTWARE\MySoftware\Users"
New-Item -Path $strRegistryKey -ItemType RegistryKey -Force

# Gather credential information
$secureCredential = Get-Credential -Message "Enter the username and password:"
$securePassword = $secureCredential.Password | ConvertFrom-SecureString
$strUsername = $secureCredential.Username

# Add credentials to the registry
New-ItemProperty -Path $strRegistryKey -PropertyType String -Name $strUsername -Value $securePassword

# Creates the structure

$strRegistryKey = "HKCU:\SOFTWARE\MySoftware\Users"

New-Item -Path $strRegistryKey -ItemType RegistryKey -Force

# Gather credential information

$secureCredential = Get-Credential -Message "Enter the username and password:"

$securePassword = $secureCredential.Password | ConvertFrom-SecureString

$strUsername = $secureCredential.Username

# Add credentials to the registry

New-ItemProperty -Path $strRegistryKey -PropertyType String -Name $strUsername -Value $securePassword

This will add something like the following to your registry:

Registry Secure Credentials Information

Notice that the Data column for administrator@vsphere.local will be the password you entered but in encrypted form.

Retrieve Secure Credentials from the Registry with PowerShell

Now that we have it stored, we need to pull the information and log into vCenter with PowerCLI.

# Retrieve password for current user
$securePassword = (Get-ItemProperty -Path $strRegistryKey -Name $strUserName).$strUserName

Read the rest →

Upgrade vCenter with an ISO – Upgrade vCenter HA

Posted on December 3, 2019 by Tim Durfee — Leave a reply

Getting vCenter upgraded is fairly straight forward. However, if you have a vCenter HA configuration, it becomes a little more complex. Not difficult but there are some things you have to find before you can upgrade. I love VMware, don’t get me wrong. But, the documentation for upgrading vCenter HA is pretty…. vague and disjointed. So I wanted to go into detail to get through so that you know what to expect when upgrading.

This upgrade process is going to go over how to do this in a vCenter HA configuration. However, you can follow the same steps to do a non-vCenter HA deployment. You just won’t do any of the HA specific steps (skipping the upgrade on the passive and witness nodes). You’ll only update your primary vCenter instance and not the passive or witness nodes.

I’ve spent quite a bit of time with vCenter HA and have run into issues. I’ll mention those related to updating in this post. I do feel vCenter HA isn’t fully baked. It’s extremely quirky.

vCenter HA Issues

You cannot upgrade a vCenter HA cluster unless it’s in maintenance mode. Even if you disable the vCenter HA cluster, it still won’t let you upgrade. Here is the message when I tried to updated the witness node when I’ve disabled vCenter HA:

So, we put the cluster into maintenance mode before we upgrade. No worries right? Wrong. While you can update the witness and passive nodes, you cannot update the active node (it will throw a similar error as the one above). Well, why don’t I just failover the cluster? So if the passive and witness nodes are in this weird state (see pic below), you cannot failover. It’s like this chicken and egg situation:

vCenter HA status

You must acquire the vCenter patch ISO. You have to drill down into the docs to find this out… and frankly, it would be super confusing for someone that is just starting out.

Read the rest →