From 6a9c3ea1bf5901e5e8b53198f0a95ab69fd3c2eb Mon Sep 17 00:00:00 2001 From: Jaromirm Date: Fri, 21 Apr 2023 14:11:00 +0200 Subject: [PATCH 1/2] small fixes --- Scenarios/AzSHCI and Deployment tool/Scenario.ps1 | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/Scenarios/AzSHCI and Deployment tool/Scenario.ps1 b/Scenarios/AzSHCI and Deployment tool/Scenario.ps1 index c96c12f4..fc254b5b 100644 --- a/Scenarios/AzSHCI and Deployment tool/Scenario.ps1 +++ b/Scenarios/AzSHCI and Deployment tool/Scenario.ps1 @@ -278,18 +278,15 @@ "@ $Content | Out-File -FilePath d:\config.json -#set trusted hosts back to $Null -Set-Item WSMan:\localhost\Client\TrustedHosts -Value "" -force - #start deployment #make sure some prereqs (that will be fixed in future) are set #Make sure Windows Update is disabled and ping enabled (https://learn.microsoft.com/en-us/azure-stack/hci/hci-known-issues-2303) - Invoke-Command -ComputerName $Servers -ScriptBlock { + Microsoft.PowerShell.Core\Invoke-Command -ComputerName $Servers -ScriptBlock { reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoUpdate /t REG_DWORD /d 1 /f reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AUOptions /t REG_DWORD /d 3 /f Set-Service "WUAUSERV" -StartupType Disabled #enable v4 and v6 ping on both domain and private/public profiles - Enable-NetFirewallRule -Name FPS-ICMP4-ERQ-In,FPS-ICMP6-ERQ-In,FPS-ICMP4-ERQ-In-NoScope,FPS-ICMP6-ERQ-In-NoScope + Enable-NetFirewallRule -Name FPS-ICMP4-ERQ-In,FPS-ICMP6-ERQ-In } #add IPs to trusted hosts (bug that in BareMetal.psm1 is invoke-command with IP that is not in trusted hosts) $IPs=@() From 54c35c0e6856fcb23684fa7229b1fe7e52eea9b7 Mon Sep 17 00:00:00 2001 From: Jaromirm Date: Fri, 21 Apr 2023 15:46:02 +0200 Subject: [PATCH 2/2] trusted hosts change --- Scenarios/AzSHCI and Deployment tool/Scenario.ps1 | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Scenarios/AzSHCI and Deployment tool/Scenario.ps1 b/Scenarios/AzSHCI and Deployment tool/Scenario.ps1 index fc254b5b..6aca980f 100644 --- a/Scenarios/AzSHCI and Deployment tool/Scenario.ps1 +++ b/Scenarios/AzSHCI and Deployment tool/Scenario.ps1 @@ -288,10 +288,11 @@ $Content | Out-File -FilePath d:\config.json #enable v4 and v6 ping on both domain and private/public profiles Enable-NetFirewallRule -Name FPS-ICMP4-ERQ-In,FPS-ICMP6-ERQ-In } - #add IPs to trusted hosts (bug that in BareMetal.psm1 is invoke-command with IP that is not in trusted hosts) - $IPs=@() - foreach ($Server in $Servers){$IPs+=(Resolve-DnsName -Name $Server -Type A).IPAddress} - Set-Item WSMan:\localhost\Client\TrustedHosts -Value $($IPs -join ',') -Force + #add hostnames and IPs to trusted hosts (bug that in BareMetal.psm1 is invoke-command with IP that is not in trusted hosts) + $TrustedHosts=@() + $TrustedHosts+=(Get-NetIPAddress -CimSession $Servers -InterfaceAlias Ethernet* -AddressFamily IPv4).IPAddress + $TrustedHosts+=$Servers + Set-Item WSMan:\localhost\Client\TrustedHosts -Value $($TrustedHosts -join ',') -Force #deploy .\Invoke-CloudDeployment -JSONFilePath D:\config.json -AzureStackLCMUserCredential $AzureStackLCMUserCredential -LocalAdminCredential $LocalAdminCred -RegistrationSPCredential $SPNCred -RegistrationCloudName $CloudName -RegistrationSubscriptionID $SubscriptionID