With vSphere 6.5, I plan to run VMware Update Manager on the vCenter Server Appliance, vCSA. (YES, Finally!) Currently, VMware Update Manager is running on an old Windows Server 2008 R2 VM along with other tools, file shares and runs scheduled jobs.
I figure it's time to move all these tools onto a newer OS. Unfortunately, the initial instructions I wrote up on scheduling the vcheck job no longer worked with Windows Server 2012.
Here's the steps for setting vCheck using Task Scheduler in Windows Server 2012 R2:
1. Create a service account to be used to run the vCheck report.
2. At a minimum, this account must have "Log on as a batch job" rights on the server running vCheck.
3. Grant this user the minimum permissions in vCenter to run the vCheck Plug-Ins you have enabled in your vCheck report.
3. Setup vCheck to run manually with your preferred options using the vCheck Service account.
4. Launch Powercli using the vCheck service account and run the new-vicredentialstoreitem command to add the service account to the credential store. When the script is run, the credentials provided here will be used to connect to the vCenter server.
Exmple. C:\PS>New-VICredentialStoreItem -Host 'vCenterServer' -User 'admin' -Password 'password'
2. At a minimum, this account must have "Log on as a batch job" rights on the server running vCheck.
3. Grant this user the minimum permissions in vCenter to run the vCheck Plug-Ins you have enabled in your vCheck report.
3. Setup vCheck to run manually with your preferred options using the vCheck Service account.
4. Launch Powercli using the vCheck service account and run the new-vicredentialstoreitem command to add the service account to the credential store. When the script is run, the credentials provided here will be used to connect to the vCenter server.
Exmple. C:\PS>New-VICredentialStoreItem -Host 'vCenterServer' -User 'admin' -Password 'password'
Keep in mind that the credential store is only obfuscated. Use additional security as required by your security team.
Additional details regarding New-VICredentialStoreItem can be found here:
https://www.vmware.com/support/developer/PowerCLI/PowerCLI50/html/New-VICredentialStoreItem.html
5. Setup your scheduled task in Windows. Set the Task to run using your vcheck service account:
6. Configure the Action:
Program/Script:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Add arguments (optional):
"D:\vCheck-US-Daily\vCheck.ps1"
Start in (optional):
"D:\vCheck-US-Daily\vCheck.ps1"
7. Run a test scheduled job. Once you have confirmed it has run successfully, scheduled the permanent time for the job to run.
hi Ken,
ReplyDeleteI have downloaded the vCheck script and it is working for me also but I always get error that your script is not digitaly signed.
Due to this I am not able to schedule it. Please help.
Thanks.