Tuesday, January 31, 2012

Powershell XML XPATH search example (Dell SUU)

Over the last few years, I have taken a few shots at using powershell's XML features to do some automating of the Dell SUU update system.  In the past, I had some vaguely working prototypes that worked on one system and didn't work on another.  After taking another look at it, I discovered the use of Xpath to help match up available updates for a system.  In the SUU CD/DVD sets, you will find a Catalog.xml file in the Repository folder.  This file contains SoftwareComponents and SoftwareBundle branches.  The Bundle nodes are collections of OS + Device Model information to provide a full list of all updates.  The SoftwareComponents get into the individual updates themselves + OS + SupportedDevices.  Using Dell's WMI extensions (installed with OMSA 4.? and higher); namespace: root\CIMV2\Dell and class Dell_CMDevice to get information about the on board devices.  Each entry in this Class has a deviceID, vendorID, subDeviceID and subVendorID which can be used as an XPath search in the catalog file for the latest update for that component.

Here's an example of getting started with this:

$catalog = [xml](get-content c:\temp\suu\repository\catalog.xml)
$devices = Get-wmiobject -namespace "root\cimv2\dell" -class Dell_cmdevice
$mydevice = $devices[0]
$xpathstr = "//SoftwareComponent[@packageType='LWXP']/SupportedDevices/Device/PCIInfo"
$xpathstr += "[@deviceID=`'" + $mydevice.deviceID + "`' and @vendorID=`'" + $mydevice.vendorID +"`' and @subDeviceID=`'" + $mydevice.subDeviceID + "`' and @subVendorID=`'" + $mydevice.subvendorID + "`']/../../.."
select-xml $catalog -xpath $xpathstr |select-object -expandproperty Node

This will give you something like this:

schemaVersion        : 1.0
packageID              : R222914
releaseID                : R222914
hashMD5                : 6944D638979E5CE651234D216AFDC3C7
path                         : RAC_FRMW_WIN_R222914.EXE
dateTime                  : 2009-06-30T14:33:14-05:00
releaseDate              : June 30, 2009
vendorVersion          : 1.75
dellVersion               : A01
packageType           : LWXP
Name                      : Name
ComponentType      : ComponentType
Description              : Description
LUCategory            : LUCategory
Category                 : Category
SupportedDevices   : SupportedDevices
ImportantInfo           : ImportantInfo
Criticality                 : Criticality

As you can see, the device that is being check is a RAC card.  This is the latest update package for it.  You can use other classes in the Dell WMI namespace to pull the current version details of your devices to compare it to what is available in the SUU repository.  This part its a bit hackish though as you need to look at Dell_CMDeviceApplication and pull data out of the middle of strings, or combine Dell_CMDeviceApplication with Dell_CMApplication class results to get an easier version number.  The Dell_CMDeviceApplication class seems to just bridge between two different classes giving data like this:

Antecedent       : //Server/root/cimv2/dell:Dell_CMDevice.componentID="
                   ",name="Dell Remote Access Controller 4/I",vendorID="1028",d
                   eviceID="0012",subDeviceID="0012",subVendorID="1028",bus="",
                   device="",function=""
Dependent        : //Server/root/cimv2/dell:Dell_CMApplication.componen
                   tType="FRMW",subComponentID="",version="1.35",name="Dell Rem
                   ote Access Controller 4/I Firmware",deviceKey=":Dell Remote
                   Access Controller 4/I:1028:0012:0012:1028:::"

In the future, I will pull this together a bit more and try to provide a working SUU check for all devices on a Dell system along with update options.  Update: Solution sample

Thursday, January 26, 2012

Finding a domaincontroller in powershell (without add ons and AD module)

I was looking for a good way to find the nearest 2008 domain controller in relation to a new server that is being prepared to be promoted.  Since the Active Directory Powershell module had not been installed yet (and was failing to install due to some other pending install), I needed to find an alternative to:

(get-addomaincontroller -mimumdirectoryserviceversion Windows2008 -discover -avoidself -nextclosestsite).hostname

I considered .NET's active directory collection, but the methods to find domain controllers with that, have really limited locator options.  I didn't see any method for finding only 2008 domain controllers and higher, so I fell back to command line tools.

This can be done with the nltest.exe:

(nltest /dsgetdc:yourdomain.com /DS_6 /avoidself)[0].substring(17)

It is a bit messy, and hackish with the substring, but it works just fine as long as you have a 2008 dc in that domain.  Otherwise, it returns a single string instead of an array, and you can see the "Cannot index into a null array" exception.

PSRemoting out of memory (NTDSUTIL)

I'm in the process of creating a domain controller build automation script.  One of the steps I had hoped to achieve was to connect to the nearest 2008R2 domain controller and run the ntdsutil scripted command:

ntdsutil ifm "activate instance ntds" ifm "create sysvol full d:\ifm"

on the remote system.  This can be done through invoke-command with this command as the scriptblock, however it was failing with a JET out of memory exception.

     Target Database: d:\ifm\Active Directory\ntds.dit

                  Defragmentation  Status (% complete)

          0    10   20   30   40   50   60   70   80   90  100
          |----|----|----|----|----|----|----|----|----|----|
          ........Operation terminated with error -1011( JET_errOutOfMemory, Out of Memory ).
 error 0x800720d9(A database error has occurred.)

Searching around a bit, led to finding the WSMAN limitations of per shell memory.  Configured as:


Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 1024

Configuring this on the local machine (the non-domain controller) didn't help.  Trying to configure it on the remote machine with invoke-command gives access denied.  To work on the remote machine, I found this helpful article which shows the Connect-wsman commandlet connecting to a remote machine:

connect-wsman remotemachine
set-item wsman:\remotemachine\Shell\MaxMemoryPerShellMB 1024

This setting chance was enough to complete the IFM collection on the remote machine.

Wednesday, January 25, 2012

For NYMB christian visitors

For my brothers in humanity, seek knowledge for your success.





For further details, check out this recent post.