Markus Lassfolk – Page 4

Geek Week – Building Datacenter and Private Cloud

Yours truly and @mikael_nystrom are teaching a 5 day training called “Geek Week – Building Datacenter and Private Cloud“.
It’s a quite cool concept, where we are always at least 2 teachers (Mike and me, and sometimes members from our team) with a lot of real-life experience, teaching students how to build a Software Defined Private Cloud/Datacenter on Microsoft Technology in just 5 days. We have been doing this training about 4 times so far and each time got top score !

The training is covering things like; Software Defined Storage, Networking Compute, Bare Metal Deployment, SCVMM, SCOM, SCOR, Powershell(!), Azure Pack, Backup/Restore, Operational Insight, AD Design for your Fabric, GPO’s, Patch Management and a lot more!

So instead of just learning one product, you will learn the full stack, the concept, how to design, build and of course manage it.

We’ve made a short promo video with details here:

https://youtu.be/_PjRHv84VgM

You will of course also keep the Lab Server and all the scripts!
We are both staying at the same hotel as the students, so you will have – almost 24h access to our knowledge, experience and brains during breakfast, daytime and in the bar in the evenings, Sunday-Friday.

We have delivered the training only in Sweden so far, due to the huge hardware requirements, but have had participants from several other countries, including students from US (and doing the training in English than).

Unfortunately, for you but great for us, the next training in October, is SOLD OUT!
The next opportunity will probably be in February or March in Sweden, so talk to your manager and sign up while there are seats left.
http://www.labcenter.se/Labs#!lab=Geek_Week_-_Building_Datacenter_and_Private_Cloud (Unfortunately only in Swedish)

Send me a mail if you have any questions: markus . lassfolk at truesec . se

Working with Virtual NIC’s in Windows

At times when I’m for example at a customer and need to connect my Laptop to different VLAN’s it’s really nice to add new virtual Network Cards (vNIC’s) on the fly, and be connected to multiple networks at the same time.

By transforming the Network Cards in your computer, into a virtual switch, and then add Virtual Network Cards connected to that switch, it’s possible to do a bit of network magic.

Here is a part of the script that I run each time I reinstall my PC’s to create the vNIC’s that I need and use the most. The script is also installing the software I need and doing some other minor changes (always a work in progress).

Pre-Requisits: Hyper-V Role installed

# Create a Switch for Ethernet Network 
Get-NetAdapter -Name "Ethernet" | New-VMSwitch -Name "Uplink Switch" -Verbose -AllowManagementOS:$false -MinimumBandwidthMode Weight -ComputerName $ENV:COMPUTERNAME
Add-VMNetworkAdapter -ManagementOS -SwitchName "Uplink Switch" -Name "External LAN" -verbose -ComputerName $ENV:COMPUTERNAME
Set-VMnetworkAdapter -ManagementOS -Name "External LAN" -MinimumBandwidthWeight 20 -verbose -ComputerName $ENV:COMPUTERNAME 

# Create a Switch for WiFi Network 
Get-NetAdapter -Name "Wi-Fi" | New-VMSwitch -Name "Uplink Switch WiFi" -Verbose -AllowManagementOS:$false -MinimumBandwidthMode Weight -ComputerName $ENV:COMPUTERNAME
Add-VMNetworkAdapter -ManagementOS -SwitchName "Uplink Switch WiFi" -Name "External WLAN" -verbose -ComputerName $ENV:COMPUTERNAME
Set-VMnetworkAdapter -ManagementOS -Name "External WLAN" -MinimumBandwidthWeight 20 -verbose -ComputerName $ENV:COMPUTERNAME

# Add a vNIC for VLAN11 on Physical Network Card
Add-VMNetworkAdapter -ManagementOS -SwitchName "Uplink Switch" -Name "VLAN11" -Verbose -ComputerName $ENV:COMPUTERNAME
Set-VMNetworkAdapterVlan -ManagementOS -Access -VlanId 11 -VMNetworkAdapterName "VLAN11" -Verbose -ComputerName $ENV:COMPUTERNAME
Set-VMnetworkAdapter -ManagementOS -Name "VLAN11" -MinimumBandwidthWeight 10 -verbose -ComputerName $ENV:COMPUTERNAME

# Add a vNIC for VLAN800 on Physical Network Card
Add-VMNetworkAdapter -ManagementOS -SwitchName "Uplink Switch" -Name "VLAN800" -Verbose -ComputerName $ENV:COMPUTERNAME
Set-VMNetworkAdapterVlan -ManagementOS -Access -VlanId 800 -VMNetworkAdapterName "VLAN800" -Verbose -ComputerName $ENV:COMPUTERNAME
Set-VMnetworkAdapter -ManagementOS -Name "VLAN800" -MinimumBandwidthWeight 10 -verbose -ComputerName $ENV:COMPUTERNAME

# Create a Switch for Ethernet Network

Get-NetAdapter -Name "Ethernet" | New-VMSwitch -Name "Uplink Switch" -Verbose -AllowManagementOS:$false -MinimumBandwidthMode Weight -ComputerName $ENV:COMPUTERNAME

Add-VMNetworkAdapter -ManagementOS -SwitchName "Uplink Switch" -Name "External LAN" -verbose -ComputerName $ENV:COMPUTERNAME

Set-VMnetworkAdapter -ManagementOS -Name "External LAN" -MinimumBandwidthWeight 20 -verbose -ComputerName $ENV:COMPUTERNAME

# Create a Switch for WiFi Network

Get-NetAdapter -Name "Wi-Fi" | New-VMSwitch -Name "Uplink Switch WiFi" -Verbose -AllowManagementOS:$false -MinimumBandwidthMode Weight -ComputerName $ENV:COMPUTERNAME

Add-VMNetworkAdapter -ManagementOS -SwitchName "Uplink Switch WiFi" -Name "External WLAN" -verbose -ComputerName $ENV:COMPUTERNAME

Set-VMnetworkAdapter -ManagementOS -Name "External WLAN" -MinimumBandwidthWeight 20 -verbose -ComputerName $ENV:COMPUTERNAME

# Add a vNIC for VLAN11 on Physical Network Card

Add-VMNetworkAdapter -ManagementOS -SwitchName "Uplink Switch" -Name "VLAN11" -Verbose -ComputerName $ENV:COMPUTERNAME

Set-VMNetworkAdapterVlan -ManagementOS -Access -VlanId 11 -VMNetworkAdapterName "VLAN11" -Verbose -ComputerName $ENV:COMPUTERNAME

Set-VMnetworkAdapter -ManagementOS -Name "VLAN11" -MinimumBandwidthWeight 10 -verbose -ComputerName $ENV:COMPUTERNAME

# Add a vNIC for VLAN800 on Physical Network Card

Add-VMNetworkAdapter -ManagementOS -SwitchName "Uplink Switch" -Name "VLAN800" -Verbose -ComputerName $ENV:COMPUTERNAME

Set-VMNetworkAdapterVlan -ManagementOS -Access -VlanId 800 -VMNetworkAdapterName "VLAN800" -Verbose -ComputerName $ENV:COMPUTERNAME

Set-VMnetworkAdapter -ManagementOS -Name "VLAN800" -MinimumBandwidthWeight 10 -verbose -ComputerName $ENV:COMPUTERNAME

Thanks to my friend and colleague Mikael Nyström who showed me this a few years ago.

List all expiring certificates on all domain joined servers

A colleague asked me if I could list all expiring certificates on all Domain Joined servers in the environment.
– Sure!

A few minutes later, a script that will connect to all Servers and list certificates that will expire in less than 90 days. I’m sure there are a thousand of scripts out there who does the same, and here is script number 1001.

Invoke-Command -ComputerName (get-adcomputer -LDAPFilter "(&(objectCategory=computer)(operatingSystem=Windows Server*)(!serviceprincipalname=*MSClusterVirtualServer*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" -Property name | sort-object Name).Name -Command {
   get-childitem cert:LocalMachine\My -recurse | where-object {$_.NotAfter -gt (get-date)} | select Subject,FriendlyName,Thumbprint,@{Name="Expires in (Days)";Expression={($_.NotAfter).subtract([DateTime]::Now).days}} | where "Expires in (Days)" -lt 90  
  }

Invoke-Command -ComputerName (get-adcomputer -LDAPFilter "(&(objectCategory=computer)(operatingSystem=Windows Server*)(!serviceprincipalname=*MSClusterVirtualServer*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" -Property name | sort-object Name).Name -Command {

get-childitem cert:LocalMachine\My -recurse | where-object {$_.NotAfter -gt (get-date)} | select Subject,FriendlyName,Thumbprint,@{Name="Expires in (Days)";Expression={($_.NotAfter).subtract([DateTime]::Now).days}} | where "Expires in (Days)" -lt 90

}

The script will get all Windows Server Computer Accounts, that are not expired and is not a virtual object (like a Cluster Service).
It will then connect to those servers and list all Certificates that will expire in less than 90 days.

Short and easy to use, and we did find 2 certificates that need to be replaced ASAP!

Script to change from Dynamic to Static MAC Address on all VMs

A customer had a lot of VM’s with Dynamic MAC address, rather than the preferred method of using Static MAC addresses.
Here is a small powershell script that will shutdown each of the VM’s with a Dynamic MAC Address, change to a Static MAC Address and then start the VM.
I’m running the script on the System Center Virtual Machine Manager (SCVMM) Server and to make sure VMM does not shutdown itself, I’ve added an exclude for the SCVMM Server.

$VMS = Get-SCVirtualMachine | Select -ExpandProperty VirtualNetworkAdapters | Where { $_.MACAddressType -eq "Dynamic" } | where Name -NotLike $env:COMPUTERNAME 

foreach ($VM in $VMS) { 
Get-SCVirtualMachine -Name $VM  | Stop-SCVirtualMachine -Shutdown 
$VirtualNetworkAdapter = Get-SCVirtualNetworkAdapter -VMMServer localhost -VM "$VM" 
Set-SCVirtualNetworkAdapter -VirtualNetworkAdapter $VirtualNetworkAdapter -MACAddress "00:00:00:00:00:00" -MACAddressType Static 
Start-SCVirtualMachine -VM $VM.Name
}

$VMS = Get-SCVirtualMachine | Select -ExpandProperty VirtualNetworkAdapters | Where { $_.MACAddressType -eq "Dynamic" } | where Name -NotLike $env:COMPUTERNAME

foreach ($VM in $VMS) {

Get-SCVirtualMachine -Name $VM | Stop-SCVirtualMachine -Shutdown

$VirtualNetworkAdapter = Get-SCVirtualNetworkAdapter -VMMServer localhost -VM "$VM"

Set-SCVirtualNetworkAdapter -VirtualNetworkAdapter $VirtualNetworkAdapter -MACAddress "00:00:00:00:00:00" -MACAddressType Static

Start-SCVirtualMachine -VM $VM.Name

}

The MACAddress 00:00:00:00:00:00 will automatically be transformed into a real static address from VMM’s mac address pool.

Import a Cryptographic New Generation (CNG) certificate as a Legacy cert to use with ADFS

The current version of ADFS (Active Directory Federation Services for Windows Server 2012 R2) unfortunately does not support Cryptographic New Generation (CNG) Certificates.
Though if you already have a CNG cert, and does not want to re-request a legacy cert from your provider, it’s possible to import a CNG as a Legacy cert by using this command.

certutil.exe -csp "Microsoft Enhanced RSA and AES Cryptographic Provider" -importpfx c:\temp\cng_cerficiate_file.pfx

1	certutil.exe -csp "Microsoft Enhanced RSA and AES Cryptographic Provider" -importpfx c:\temp\cng_cerficiate_file.pfx

And ADFS will then be able to use that certificate.

A Huge thanks to my colleague and security expert Hasain Alshakarti (Twitter: @Alshakarti Blog: http://secadmins.com/) for providing me with the solution.

URL Rewrite (redirect) of HTTP to HTTPS with Powershell script

When deploying Web Application Proxy as a frontend to for example ADFS and Windows Azure Pack, or other services, the current version of Web AppProxy only supports HTTPS urls. It’s possible to use the “URL Rewrite” module for IIS to redirect users from HTTP to HTTPS. There are plenty of guides on internet on how to do that.
But I wanted to add that configuration to my WebApplication Proxy configuration script, and couldn’t find any powershell examples, so here is the script I’ve made.

It will use Web Platform installer to install the URL Rewrite module, then add the IIS Web Management tools, and in the end create a Global Rule redirecting all HTTP requests to HTTPS without the user noticing it.

##### 
# Install URL Rewrite 
#
write-host Downloading WebPlatform Installer
$source = "http://download.microsoft.com/download/F/4/2/F42AB12D-C935-4E65-9D98-4E56F9ACBC8E/wpilauncher.exe"
$destination = "$env:temp\wpilauncher.exe"
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($source, $destination)

####Start WEB Platform Installer
Start-Process -FilePath $destination 

# Wait for Installation to Complete 
Start-Sleep -Seconds 30

# Web Platform Installer CommandLine Tool 
$WebPiCMd = 'C:\Program Files\Microsoft\Web Platform Installer\WebpiCmd-x64.exe'
Start-Process -wait -FilePath $WebPiCMd -ArgumentList "/install /Products:UrlRewrite2 /AcceptEula /OptInMU /SuppressPostFinish" 

# Add Management Tools 
Add-WindowsFeature Web-Server -IncludeManagementTools
import-module webAdministration

# Create URL Rewrite Rules
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webserver/rewrite/GlobalRules" -name "." -value @{name='HTTP to HTTPS Redirect'; patternSyntax='ECMAScript'; stopProcessing='True'}
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webserver/rewrite/GlobalRules/rule[@name='HTTP to HTTPS Redirect']/match" -name url -value "(.*)"
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webserver/rewrite/GlobalRules/rule[@name='HTTP to HTTPS Redirect']/conditions" -name "." -value @{input="{HTTPS}"; pattern='^OFF$'}
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/rewrite/globalRules/rule[@name='HTTP to HTTPS Redirect']/action" -name "type" -value "Redirect"
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/rewrite/globalRules/rule[@name='HTTP to HTTPS Redirect']/action" -name "url" -value "https://{HTTP_HOST}/{R:1}"
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/rewrite/globalRules/rule[@name='HTTP to HTTPS Redirect']/action" -name "redirectType" -value "SeeOther"

#####

# Install URL Rewrite

write-host Downloading WebPlatform Installer

$source = "http://download.microsoft.com/download/F/4/2/F42AB12D-C935-4E65-9D98-4E56F9ACBC8E/wpilauncher.exe"

$destination = "$env:temp\wpilauncher.exe"

$wc = New-Object System.Net.WebClient

$wc.DownloadFile($source, $destination)

####Start WEB Platform Installer

Start-Process -FilePath $destination

# Wait for Installation to Complete

Start-Sleep -Seconds 30

# Web Platform Installer CommandLine Tool

$WebPiCMd = 'C:\Program Files\Microsoft\Web Platform Installer\WebpiCmd-x64.exe'

Start-Process -wait -FilePath $WebPiCMd -ArgumentList "/install /Products:UrlRewrite2 /AcceptEula /OptInMU /SuppressPostFinish"

# Add Management Tools

Add-WindowsFeature Web-Server -IncludeManagementTools

import-module webAdministration

# Create URL Rewrite Rules

Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webserver/rewrite/GlobalRules" -name "." -value @{name='HTTP to HTTPS Redirect'; patternSyntax='ECMAScript'; stopProcessing='True'}

Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webserver/rewrite/GlobalRules/rule[@name='HTTP to HTTPS Redirect']/match" -name url -value "(.*)"

Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webserver/rewrite/GlobalRules/rule[@name='HTTP to HTTPS Redirect']/conditions" -name "." -value @{input="{HTTPS}"; pattern='^OFF$'}

Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/rewrite/globalRules/rule[@name='HTTP to HTTPS Redirect']/action" -name "type" -value "Redirect"

Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/rewrite/globalRules/rule[@name='HTTP to HTTPS Redirect']/action" -name "url" -value "https://{HTTP_HOST}/{R:1}"

Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/rewrite/globalRules/rule[@name='HTTP to HTTPS Redirect']/action" -name "redirectType" -value "SeeOther"

Automatically Assign Availability Set Names to VMs with Powershell

This blog-post is about using System Center Virtual Machine Manager (SCVMM) Availability Sets to spread similar VM’s to different Hyper-V Hosts to increase reliability both when using Failover Clustering, and when using stand-alone Hyper-V hosts.

First of all, what is Availability Sets?
In SCVMM 2012 SP1, Microsoft added Availability Sets. Failover Cluster Manager users are probably familiar with AntiAffinityClassNames, and Availability Sets are a very similar concept. This allow the user to specify a set of VMs which they would prefer to keep on separate hosts, and the Intelligent Placement engine works hard to make sure that all our features respect that preference.

Attempting to place multiple VMs with the same Availability Set onto a single host will generate a placement warning, meaning that the host will be prioritized last in the placement dialog

When placing a VM with an Availability Set into a cloud placement or as part of a service will avoid hosts with another VM from the same Availability Set, and warn the user if that was the only choice.
Dynamic Optimization will never move 2 VMs from the same Availability Set onto the same host. It will also actively attempt to separate any VMs with the same Availability Set that are on the same host.
Power Optimization will never power off a host that would lead to 2 VMs with the same Availability Set sharing a host.
Putting a host in maintenance mode will attempt to spread VMs with the same availability set to different target hosts.
If your VMs are highly available and hosted on a Hyper-V failover cluster, VMM will create AntiAffinityClassNames on the VMs with an Availability Set, so that even during cluster failover, SCVMM opt to failover to different hosts, if possible.

You can manually create Availability Sets through SCVMM by selecting Properties on a VM.
Just click Create to make a new Name and assign it to the VM’s you want to keep on separate Hosts. When a Availability Set is not assigned to a VM any longer, the Availability Set will be deleted automatically, thus cleaning up the list for you.

For example, for your SQL Server Cluster, you may want to create a Availability Set name called SQL and assign it to your SQL Server Nodes. Easy!
Also, if you are using Service Templates, you can opt in to automatically create Availability Set names for your services.

Though I like to control things like that automatically. Depending on your naming convention for your Virtual Servers, this might or might not be possible for you.
In our case we have a strict naming policy to name servers with:
PREFIX FUNCTION NUMBER as seen in this picture:

Which makes it very easy for me to define that all servers called CLAZSQ* are similar and should be kept on different servers.

But, if all servers were called SRV0001-SRV9999 it would not be possible to utilize the ServerName for setting Availability Set names, and you would have to query the CMDB for info first.

Also, in our environment we have multiple Tenants, who could each have servers called DomainController01 and DomainController02. So just having a availability set called DomainController, would not be enough. I have to make it DomainController_TenantName or something similar.

I wrote this quick and short Powershell script to automatically assign a Availability Set to all VM’s. It will remove Numbers from the VM Name, and use the VMName + UserID (Tenant Subscription id) as the Availability Set Name. Clean, simple and easy, just schedule it to run regularly, or even make a SMA Job to trigger when a VM is created through AzurePack.

$VMMServer = "SCVMM.SERVER.FQDN" 

$VMS = Get-SCVirtualMachine -VMMServer $VMMServer 

foreach ($vm in $VMS) { 
  $AvailabilitySetName = ($VM.Name.ToUpper() -creplace '[0-9]', '') + "_" + $VM.UserRoleID
  Set-SCVirtualMachine -VM $VM -AvailabilitySetNames $AvailabilitySetName -RunAsynchronously 
}

$VMMServer = "SCVMM.SERVER.FQDN"

$VMS = Get-SCVirtualMachine -VMMServer $VMMServer

foreach ($vm in $VMS) {

$AvailabilitySetName = ($VM.Name.ToUpper() -creplace '[0-9]', '') + "_" + $VM.UserRoleID

Set-SCVirtualMachine -VM $VM -AvailabilitySetNames $AvailabilitySetName -RunAsynchronously

}

And then trigger an Host Cluster Optimization of all Clusters in the Environment if you don’t want to wait for the normal one.

$VMMServer = "SCVMM.SERVER.FQDN" 

$VMHOSTCLUSTERS = Get-SCVMHostCluster -VMMServer $VMMServer 
foreach ($VMHOSTCLUSTER in $VMHOSTCLUSTERS) { 
  Start-SCDynamicOptimization -VMHostCluster $VMHOSTCLUSTER -VMMServer $VMMServer 
}

$VMMServer = "SCVMM.SERVER.FQDN"

$VMHOSTCLUSTERS = Get-SCVMHostCluster -VMMServer $VMMServer

foreach ($VMHOSTCLUSTER in $VMHOSTCLUSTERS) {

Start-SCDynamicOptimization -VMHostCluster $VMHOSTCLUSTER -VMMServer $VMMServer

}

VM Usage History fixed in UR7

I just noticed that the VM Usage History has been fixed in UR7. It’s been broken as long as I remember and used to only show the last 3 days of data, even if you selected 1 month. I don’t think it was mentioned in the ChangeLog for UR7?

Yay!

Uninstall old SCDPM Agents with Powershell on all Servers

When you want to add a server to Microsoft Data Protection manager to be managed (backup), it might already contain an old DPM Agent, which prevents the installation from going through. SCDPM will tell you to manually use Add/Remove Programs on each server and uninstall the old agent.

To find all servers in the environment with an old SCDPM Version run this script;

Invoke-Command -ComputerName (get-adcomputer -LDAPFilter "(&(objectCategory=computer)(operatingSystem=Windows Server*)(!serviceprincipalname=*MSClusterVirtualServer*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" -Property name,dnshostname,description | sort-object Name).Name -Command {
  (Get-WmiObject -Class win32_product | where {$_.Name -like "Microsoft System Center 2012 R2 DPM Protection Agent" -and $_.Version -lt "4.2.1338.0"} )
  }

(Get-WmiObject -Class win32_product | where {$_.Name -like "Microsoft System Center 2012 R2 DPM Protection Agent" -and $_.Version -lt "4.2.1338.0"} )

}

Of course, update the Version number to the latest current version of SCDPM Agent if it’s newer than 4.2.1338.0.
The get-adcomputer command will find all servers that are not disabled or Cluster Objects. So it should only give you the “real” servernames.
And here is a script that will uninstall all old versions of SCDPM Agent on all servers in the environment, so you can add the server through the SCDPM Management Console and get the new agent installed automatically.

Invoke-Command -ComputerName (get-adcomputer -LDAPFilter "(&(objectCategory=computer)(operatingSystem=Windows Server*)(!serviceprincipalname=*MSClusterVirtualServer*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" -Property name,dnshostname,description | sort-object Name).Name -ScriptBlock {
    $old = (Get-WmiObject -Class win32_product | where {$_.Name -like "Microsoft System Center 2012 R2 DPM Protection Agent" -and $_.Version -lt "4.2.1338.0"})

        if (($old.Version).Count -eq 1) {
            $version = $old.version
            $name = $old.Name
             Write-Output "Found old version of $Name $version on $env:COMPUTERNAME. Uninstalling it."
        ($old).Uninstall()
       Write-Output "Done Uninstalling"
        }
}

$old = (Get-WmiObject -Class win32_product | where {$_.Name -like "Microsoft System Center 2012 R2 DPM Protection Agent" -and $_.Version -lt "4.2.1338.0"})

if (($old.Version).Count -eq 1) {

$version = $old.version

$name = $old.Name

Write-Output "Found old version of $Name $version on $env:COMPUTERNAME. Uninstalling it."

($old).Uninstall()

Write-Output "Done Uninstalling"

}

Once again, change Version (4.2.1338.0) to the correct version you want to keep. It will uninstall all older versions.

Yay! You can now add the servers to SCDPM Successfully.

Update SCVMM Agent with Powershell

I just updated our System Center Virtual Machine Manager 2012 R2 Environment to Update Release 7. SCVMM would then report that the SCVMM Managed Computers has an Out-of-Date Agent which need to be upgraded.

It’s possible to do it manually by right clicking on each server and choose “Update Agent” or use this short powershell script to do it on all machines at the same time.

# Change name to the RunAs Admin Account specified in SCVMM
$SCVMMADMIN = 'SCVMM_Admin'
$credential = Get-SCRunAsAccount -Name "$SCVMMADMIN" 
Get-SCVMMManagedComputer | where VersionState -ne UpToDate | Update-SCVMMManagedComputer -Credential $credential -RunAsynchronously

# Change name to the RunAs Admin Account specified in SCVMM

$SCVMMADMIN = 'SCVMM_Admin'

$credential = Get-SCRunAsAccount -Name "$SCVMMADMIN"

Get-SCVMMManagedComputer | where VersionState -ne UpToDate | Update-SCVMMManagedComputer -Credential $credential -RunAsynchronously

It will Update the Agent on all Managed Servers for you (no restart needed in my case).