Open DaStivi opened 1 month ago
DaStivi
commented
1 month ago Same issue with the watch-fleet cluster command.... You'll only get performance counters for the remote node, local nodes counters are empty! There is ah line with invoke-command ("icm") where I also added the -enablenetworkaccesw parameter , after that I got performance counter for local node
DaStivi
commented
1 month ago upon some further investigation i'm pretty sure it has something todo with MS Server Security Hardening GPOs .... you'll find some hints in the Internet that invoking remotesessions to localhost (loopback sessions) does not work anylonger after applying server hardening...
including things like running the Cluster aware update wizard/validation, this also fails!
for vmfleet a valid workaround could be adding the "-enableNetworkAccess" parameter to the according calls... to still be able to run it from the cluster nodes itself
theoretically you could run the vmfleet commands with the "-cluster xxx" parameter from ah admin or management host, but i had also some cases where this didn't run successfully each time for specific functions...
DaStivi
commented
1 month ago a few issues with remote running the vmfleet module;
set-fleet cannot be used with cluster and computetemplate togehter.... using it result in "parameter set cannot be rsolved using the specified named paramters"
hardcoding the cluster name into the paramter set in VMFleet.psm1 @ Line 4155 fixes this... but i allready saw ah lot of these $Cluster = "." definitions.. i guess these all will fail (for example it fleetQoS settings..)
the next thing that will fail of course is the measure-fleetcoreworkload command with the cluster parameter, as this also passes the cluster into these sub routines that gonna fail... :(
getting Access is denied errors when running the vmfleet comands on ah Server 2025 Cluster. it appears that new-pssession to HOSTNAME (or localhost) does not work, i guess its because of security baseline GPOs! local account filter token policy gets reverted to 0 for example every gpupdate...
using FQDN would work though!! tested different credentials made no difference!
ah workaround, atleast for the new-fleet and set-fleet commands is to edit the "C:\Program Files\WindowsPowerShell\Modules\VMFleet\2.1.0.0\VMFleet.psm1" File and at Line 1658 there is the call for new-pssession command...
i've changed this line from "$Sessions = New-PSSession -ComputerName $ComputerName" to "$Sessions = New-PSSession -ComputerName $ComputerName -EnableNetworkAccess" basically added the -enableNetworkAccess this helped to have the scripts running correct... but there where other commands that didn't reference to this psm1 and that failed too...