Dimtemp · November 4, 2023 13:32
diff --git a/VMMNetworkControllerInstallationStatus.ps1 b/VMMNetworkControllerInstallationStatus.ps1
 function Get-VMMNetworkControllerInstallationStatus {
    <#
    .SYNOPSIS
    This function summarizes several important configuration settings during deployment of a Network Controller VM from System Center Virtual Machine Manager (VMM).
    
    .NOTES    
    Info from Network Controller deployment scripts
    
    PrepareNodeForNetworkController.ps1 configures:
    Installation directory
    IPv6
    NetworkController installation
    Add domain admin as local admin
    Certificates: server + trusted root
    
    
    InstallNetworkController-AllNodes.ps1 runs:
    New-NetworkControllerNodeObject -Name $vmName -Server $fqdn -FaultDomain $fd -RestInterface $nicName -Verbose
    Install-NetworkControllerCluster -ClusterAuthentication Kerberos -ManagementSecurityGroup $mgmtSecurityGroupName -Node $nodes -CredentialEncryptionCertificate $sslCertificate -Verbose
    Install-NetworkController -Node $nodes -ClientAuthentication Kerberos -ClientSecurityGroup $clientSecurityGroupName -ServerCertificate $sslCertificate -RestIPAddress $restEndPoint
    Install-NetworkController -Node $nodes -ClientAuthentication Kerberos -ClientSecurityGroup $clientSecurityGroupName -ServerCertificate $sslCertificate -RestName $restEndPoint
    Install-NetworkController -Node $nodes -ClientAuthentication Kerberos -ClientSecurityGroup $clientSecurityGroupName -ServerCertificate $sslCertificate   # local
    
    To do
    
    Get-Service SlbHostAgent  -comp nc-vm01 # on hyper-v host server
    Get-Service NcHostAgent  -comp nc-vm01   # on hyper-v host server
    
    #>
    
    param(
        [string]$ComputerName=$Env:COMPUTERNAME,

        [switch]$Monitor,

        [int]$MonitorInterval=60
    )

    do {
        Invoke-Command -ComputerName $ComputerName {

            # suppress errors because many items will not yet exist during installation
            $ErrorActionPreference = 'SilentlyContinue'

            # check computername and domain membership
            $Computername = Get-ChildItem Env:\COMPUTERNAME
            $DomainName   = Get-ChildItem Env:\USERDOMAIN

            # verify installation folder
            $NCInstallDir = Get-Item 'C:\NCInstall'

            # verify certificate file
            $CertFile = Get-ChildItem -Path 'C:\NCInstall\certificate-ssl' -Filter '*.pfx'

            # verify IPv6: not supported by Network Controller
            $IPv6Config   = Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\' -Name 'DisabledComponents'   #  -Value 0xffffffff

            # verify registry settings
            $NCReady      = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\SCVMM Network Controller' -Name 'NCReady'   # MarkAsReadyForNetworkControllerDeployment = 1
            $NCThumbprint = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\SCVMM Network Controller' -Name 'NCThumbprint'

            # verify certificate installation
            $CertFromStore = Get-ChildItem Cert:\LocalMachine\My | Where-Object Thumbprint -EQ $NCThumbprint.NCThumbprint

            # Verify GivePermissionToNetworkService
            #(Get-Item -path "$ENV:ProgramData\Microsoft\Crypto\RSA\MachineKeys\*" | Get-ACL).Access | Where-Object 'IdentityReference' -EQ 'NT AUTHORITY\NETWORK SERVICE'

            $Access = (Get-Item -path "$ENV:ProgramData\Microsoft\Crypto\RSA\MachineKeys\*" | Get-ACL).Access
            $AccessControl = ($Access | Where-Object { $_.IdentityReference -EQ 'NT AUTHORITY\NETWORK SERVICE' -and $_.AccessControlType -eq 'Allow' }).FileSystemRights | ForEach-Object { $_ -match 'Read|FullControl' }

            # verify SCVMM Guest Agent Service
            $ScvmmGuestService = Get-Service -Name ScvmmGuestServiceV7

            # check for VMM Agent installation
            $MsiEvent = Get-EventLog -LogName application -source msiinstaller -InstanceId 1033 | Where-Object Message -match agent
            
            # Verify installation status of role
            $WindowsFeature = Get-WindowsFeature #-Name NetworkController, RSAT-NetworkController
            $NCRole = $WindowsFeature | Where-Object Name -eq 'NetworkController'
            $NCRSAT = $WindowsFeature | Where-Object Name -eq 'RSAT-NetworkController'

            # custom output
            $properties = [ordered]@{
                'DateTime'          = (Get-Date -format s);
                'ComputerName'      = $Computername.Value;       # ordered, optioneel, geef in deze volgorde terug
                'DomainName'        = $DomainName.Value;
                'InstallDir'        = $NCInstallDir.FullName;
                'CertificateFile'   = $CertFile.FullName;
                'ScvmmGuestService' = $ScvmmGuestService.Status;
                'IPv6Config'        = $IPv6Config.DisabledComponents;
                'ThumbprintFromStore' = $CertFromStore.Thumbprint;
                'ThumbprintFromRegistry' = $NCThumbprint.NCThumbprint;
                'MSIEvent'          = $MsiEvent.timegenerated;
                'AccessControl'     = $AccessControl;
                'NCReady'           = $NCReady.NCReady;
                'NCRole'            = $NCRole.InstallState;
                'NCRSAT'            = $NCRSAT.InstallState;
            }
            $output = New-Object -TypeName PSObject -Property $properties
            Write-Output $output
        }
        if ($Monitor) { Start-Sleep $MonitorInterval }
    } while ($Monitor)
 }
	function Get-VMMNetworkControllerInstallationStatus {
	<#
	.SYNOPSIS
	This function summarizes several important configuration settings during deployment of a Network Controller VM from System Center Virtual Machine Manager (VMM).

	.NOTES
	Info from Network Controller deployment scripts

	PrepareNodeForNetworkController.ps1 configures:
	Installation directory
	IPv6
	NetworkController installation
	Add domain admin as local admin
	Certificates: server + trusted root


	InstallNetworkController-AllNodes.ps1 runs:
	New-NetworkControllerNodeObject -Name $vmName -Server $fqdn -FaultDomain $fd -RestInterface $nicName -Verbose
	Install-NetworkControllerCluster -ClusterAuthentication Kerberos -ManagementSecurityGroup $mgmtSecurityGroupName -Node $nodes -CredentialEncryptionCertificate $sslCertificate -Verbose
	Install-NetworkController -Node $nodes -ClientAuthentication Kerberos -ClientSecurityGroup $clientSecurityGroupName -ServerCertificate $sslCertificate -RestIPAddress $restEndPoint
	Install-NetworkController -Node $nodes -ClientAuthentication Kerberos -ClientSecurityGroup $clientSecurityGroupName -ServerCertificate $sslCertificate -RestName $restEndPoint
	Install-NetworkController -Node $nodes -ClientAuthentication Kerberos -ClientSecurityGroup $clientSecurityGroupName -ServerCertificate $sslCertificate # local

	To do

	Get-Service SlbHostAgent -comp nc-vm01 # on hyper-v host server
	Get-Service NcHostAgent -comp nc-vm01 # on hyper-v host server

	#>

	param(
	[string]$ComputerName=$Env:COMPUTERNAME,

	[switch]$Monitor,

	[int]$MonitorInterval=60
	)

	do {
	Invoke-Command -ComputerName $ComputerName {

	# suppress errors because many items will not yet exist during installation
	$ErrorActionPreference = 'SilentlyContinue'

	# check computername and domain membership
	$Computername = Get-ChildItem Env:\COMPUTERNAME
	$DomainName = Get-ChildItem Env:\USERDOMAIN

	# verify installation folder
	$NCInstallDir = Get-Item 'C:\NCInstall'

	# verify certificate file
	$CertFile = Get-ChildItem -Path 'C:\NCInstall\certificate-ssl' -Filter '*.pfx'

	# verify IPv6: not supported by Network Controller
	$IPv6Config = Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\' -Name 'DisabledComponents' # -Value 0xffffffff

	# verify registry settings
	$NCReady = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\SCVMM Network Controller' -Name 'NCReady' # MarkAsReadyForNetworkControllerDeployment = 1
	$NCThumbprint = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\SCVMM Network Controller' -Name 'NCThumbprint'

	# verify certificate installation
	$CertFromStore = Get-ChildItem Cert:\LocalMachine\My \| Where-Object Thumbprint -EQ $NCThumbprint.NCThumbprint

	# Verify GivePermissionToNetworkService
	#(Get-Item -path "$ENV:ProgramData\Microsoft\Crypto\RSA\MachineKeys\*" \| Get-ACL).Access \| Where-Object 'IdentityReference' -EQ 'NT AUTHORITY\NETWORK SERVICE'

	$Access = (Get-Item -path "$ENV:ProgramData\Microsoft\Crypto\RSA\MachineKeys\*" \| Get-ACL).Access
	$AccessControl = ($Access \| Where-Object { $_.IdentityReference -EQ 'NT AUTHORITY\NETWORK SERVICE' -and $_.AccessControlType -eq 'Allow' }).FileSystemRights \| ForEach-Object { $_ -match 'Read\|FullControl' }

	# verify SCVMM Guest Agent Service
	$ScvmmGuestService = Get-Service -Name ScvmmGuestServiceV7

	# check for VMM Agent installation
	$MsiEvent = Get-EventLog -LogName application -source msiinstaller -InstanceId 1033 \| Where-Object Message -match agent

	# Verify installation status of role
	$WindowsFeature = Get-WindowsFeature #-Name NetworkController, RSAT-NetworkController
	$NCRole = $WindowsFeature \| Where-Object Name -eq 'NetworkController'
	$NCRSAT = $WindowsFeature \| Where-Object Name -eq 'RSAT-NetworkController'

	# custom output
	$properties = [ordered]@{
	'DateTime' = (Get-Date -format s);
	'ComputerName' = $Computername.Value; # ordered, optioneel, geef in deze volgorde terug
	'DomainName' = $DomainName.Value;
	'InstallDir' = $NCInstallDir.FullName;
	'CertificateFile' = $CertFile.FullName;
	'ScvmmGuestService' = $ScvmmGuestService.Status;
	'IPv6Config' = $IPv6Config.DisabledComponents;
	'ThumbprintFromStore' = $CertFromStore.Thumbprint;
	'ThumbprintFromRegistry' = $NCThumbprint.NCThumbprint;
	'MSIEvent' = $MsiEvent.timegenerated;
	'AccessControl' = $AccessControl;
	'NCReady' = $NCReady.NCReady;
	'NCRole' = $NCRole.InstallState;
	'NCRSAT' = $NCRSAT.InstallState;
	}
	$output = New-Object -TypeName PSObject -Property $properties
	Write-Output $output
	}
	if ($Monitor) { Start-Sleep $MonitorInterval }
	} while ($Monitor)
	}