|
| 1 | +# Author: William Lam |
| 2 | +# Blog: www.williamlam.com |
| 3 | +# Description: Check vCenter Server subscription information using Lookup Service MOB via PowerShell |
| 4 | +# Reference: https://williamlam.com/2023/how-to-check-if-your-vcenter-server-is-using-vsphere-vsan-subscription.html |
| 5 | + |
| 6 | +$vc_server = "vcsa.primp-industries.local" |
| 7 | +$vc_username = "[email protected]" |
| 8 | +$vc_password = "VMware1!" |
| 9 | + |
| 10 | +## DO NOT EDIT BEYOND HERE ## |
| 11 | + |
| 12 | +$mob_url = "https://$vc_server/ls/mob?moid=cis.license.management.SystemManagementService&method=SearchProductUtilizations" |
| 13 | + |
| 14 | +$secpasswd = ConvertTo-SecureString $vc_password -AsPlainText -Force |
| 15 | +$credential = New-Object System.Management.Automation.PSCredential($vc_username, $secpasswd) |
| 16 | + |
| 17 | +$Code = @' |
| 18 | +using System; |
| 19 | +using System.Collections.Generic; |
| 20 | +using System.Net.Http; |
| 21 | +using System.Net.Security; |
| 22 | +using System.Security.Cryptography.X509Certificates; |
| 23 | +
|
| 24 | +namespace CertificateCapture |
| 25 | +{ |
| 26 | + public class Utility |
| 27 | + { |
| 28 | + public static Func<HttpRequestMessage,X509Certificate2,X509Chain,SslPolicyErrors,Boolean> ValidationCallback = |
| 29 | + (message, cert, chain, errors) => { |
| 30 | + var newCert = new X509Certificate2(cert); |
| 31 | + var newChain = new X509Chain(); |
| 32 | + newChain.Build(newCert); |
| 33 | + CapturedCertificates.Add(new CapturedCertificate(){ |
| 34 | + Certificate = newCert, |
| 35 | + CertificateChain = newChain, |
| 36 | + PolicyErrors = errors, |
| 37 | + URI = message.RequestUri |
| 38 | + }); |
| 39 | + return true; |
| 40 | + }; |
| 41 | + public static List<CapturedCertificate> CapturedCertificates = new List<CapturedCertificate>(); |
| 42 | + } |
| 43 | +
|
| 44 | + public class CapturedCertificate |
| 45 | + { |
| 46 | + public X509Certificate2 Certificate { get; set; } |
| 47 | + public X509Chain CertificateChain { get; set; } |
| 48 | + public SslPolicyErrors PolicyErrors { get; set; } |
| 49 | + public Uri URI { get; set; } |
| 50 | + } |
| 51 | +} |
| 52 | +'@ |
| 53 | +if ($PSEdition -ne 'Core'){ |
| 54 | + Add-Type -AssemblyName System.Net.Http |
| 55 | + if (-not ("CertificateCapture" -as [type])) { |
| 56 | + Add-Type $Code -ReferencedAssemblies System.Net.Http |
| 57 | + } |
| 58 | +} else { |
| 59 | + if (-not ("CertificateCapture" -as [type])) { |
| 60 | + Add-Type $Code |
| 61 | + } |
| 62 | +} |
| 63 | + |
| 64 | +# Initial login to Lookup Service MOB using GET and store session using $vmware variable |
| 65 | +Write-Host -ForegroundColor Green "Logging into the Lookup Service MOB ..." |
| 66 | +$results = Invoke-WebRequest -Uri $mob_url -SessionVariable vmware -Credential $credential -Method GET -UseBasicParsing |
| 67 | + |
| 68 | +# Extract hidden vmware-session-nonce which must be included in future requests to prevent CSRF error |
| 69 | +# Credit to https://blog.netnerds.net/2013/07/use-powershell-to-keep-a-cookiejar-and-post-to-a-web-form/ for parsing vmware-session-nonce via Powershell |
| 70 | +if($results.StatusCode -eq 200) { |
| 71 | + $null = $results.Content -match 'name="vmware-session-nonce" type="hidden" value="?([^\s^"]+)"' |
| 72 | + $sessionnonce = $matches[1] |
| 73 | +} else { |
| 74 | + $results |
| 75 | + Write-host "Failed to login to vSphere MOB" |
| 76 | + exit 1 |
| 77 | +} |
| 78 | + |
| 79 | +# The POST data payload must include the vmware-session-nonce varaible + URL-encoded |
| 80 | +$body = @" |
| 81 | +vmware-session-nonce=${sessionnonce}&productSearchSpec=%3CproductSearchSpec+xmlns%3Axsi%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance%22+xsi%3Atype%3D%22CisLicenseManagementProductSearchSpecByIds%22%3E%0D%0A%3CproductIds%3EVMware+VirtualCenter+Servervc.vsphere.cloud.subscription%3C%2FproductIds%3E%0D%0A%3C%2FproductSearchSpec%3E |
| 82 | +"@ |
| 83 | + |
| 84 | +# Second request using a POST and specifying our session from initial login + body request |
| 85 | +$results = Invoke-WebRequest -Uri $mob_url -WebSession $vmware -Method POST -Body $body |
| 86 | + |
| 87 | +if($results.StatusCode -eq 200) { |
| 88 | + if($results.Content -match "CisLicenseFaultNotFoundFault") { |
| 89 | + Write-Host -ForegroundColor Yellow "This vCenter Server has NOT been converted to subscription ..." |
| 90 | + } else { |
| 91 | + Write-Host -ForegroundColor green "This vCenter Server has been converted to subscription ..." |
| 92 | + } |
| 93 | +} else { |
| 94 | + Write-Error "Failed to query vCenter Server for subscription information ..." |
| 95 | +} |
| 96 | + |
| 97 | +# Logout out of Lookup Service MOB |
| 98 | +$mob_logout_url = "https://$vc_server/ls/mob/logout" |
| 99 | +Write-Host -ForegroundColor Green "Logging out of the Lookup Service MOB ..." |
| 100 | +$results = Invoke-WebRequest -Uri $mob_logout_url -WebSession $vmware -Method GET -SkipHttpErrorCheck |
0 commit comments