In Part I we learned how to create a DNS record on provisioning. In this guide I will show you how to setup vRealize Automation 7.x to automatically delete a static host A record and a reverse look up pointer in your Windows based DNS when a user destroys a machine. This is most often needed to be able to automate decomissioning of Linux machines as Linux does not play well with Windows Based DNS when you are using static IP address assignment. However, you can also use this with Windows machines if you don’t allow self registration of Windows on your network.
Pre-Reqs
- Part I already installed and working see my guide here.
- vRA 7 installed and configured with at least one blueprint that has static IP address network profile assigned
- vRA Plugin for vRO configured
- vCenter Plugin for vRO configured
- At least one Windows Server with DNS Server tools installed (DNSCMD.exe) Pro TIP: This could be oe of your vRA IaaS or DEM servers as long as they are visible from the vCenter Plugin.
- vRO workflow package downloaded from here
- A quiet place where you will not be interrupted see my guide here
First, make sure you can use the dnscmd from the Windows server and have the account rights to create A records.
Verify the workflow was properly installed
- Click the drop down to change to run
- Click the Workflows tab
- Drill down to the workflow
Update the workflow with the Windows Server and the username and login
- Select the workflow
- Click edit
Update the attributes
- Select the Windows server that has DNSCMD installed
- Enter a user with rights to login to that server and rights to administer the DNS server
- Enter the password for that user
- Click Save and Close
Now open vRA portal as a cloud admin
- Click Design
- Select a blueprint with a static IP Network Profile
- Click edit
Enter the following custom properties
- Click Properties
- Click Custom Properties
- Enter the new property as shown
- Click Finish
Extensibility.Lifecycle.Properties.VMPSMasterWorkflow32.Disposing *
Create and publish a new event subscription
- Click Administration Tab
- Click Events, Subscriptions
- Click +New
On the next screen click Run Based on conditions the choose All of the following
Fire off a new request
Note: This won’t work for already provisioned machines as they are missing the new custom property we added. You could add the property to existing machines if you wanted them to remove their IP addresses.
Now destroy the machine you just provisioned
- Click the items view
- Click deployments
- Select the deployment
- Click Actions then destroy
Pingback: How to integrate Windows DNS with vRA 7.x – VMtoCloud.com
Nice job, i just have an error, it seems that the script don’t force the removal of the record.
So it failed with the error Are you sure you want to delete record? (y/n)
hum my bad i missread the log.
At the end it seems that the dns_server_fqdn stay to null
I’m getting this “Are you sure you want to delete record? (y/n)” then it fails
Try adding a /f at the end of the dnscmd
Hi I can’t find where i Add the /f in the VRO Script can someone please share. Thanks
Hopefully the lawsuit will help Eunjung to get back her dignity…to lose everything at the same time is mind boggling…CF, WGM, Five Fingers…What doesn’t kill you will make you stronger as the saying goes…Eunjung has the supports of all the CCrs he8e3#r2&0;.Fighting!
Hi Kelly, thanks a lot for the post.
I’m looking for the vCO script to delete a computer from AD after machine destroy?
Do you happen to have one?
Thanks a lot.
Tung Vu
Hi Tung, If you are running vRA 7.2 that functionality is built in now, see this guide https://www.vmtocloud.com/how-to-configure-active-directory-ou-placement-policies-in-vra-7-2/
Great script and mostly works. However, I keep getting the same error when it runs: Command failed: RPC_S_SERVER_UNAVAILABLE 1722 0x6BA
I have an account setup that the rights needed to edit DNS and to log onto the system. For some reason the RPC connection is failing. I’ve even tested using dnscmd commands on it.
Any thought as to what could be going on with this?
I’m getting a similar error to nOon where the dnsserver value is not passed to the script.
The log file gives me:
[2017-05-24 13:15:17.553] [I] Getting the custom properties needed
[2017-05-24 13:15:17.578] [I] toolsOK
[2017-05-24 13:15:17.581] [I] VMware tools on VM ADHQSVRA002 are in state: toolsOk and guest is running
[2017-05-24 13:15:17.779] [I] Replacing variable [DNS_server_FQDN] with value null
[2017-05-24 13:15:17.781] [I] Replacing variable [zone_name_FQDN] with value null
[2017-05-24 13:15:17.782] [I] Replacing variable [record_name] with value ADHQSVDML016
[2017-05-24 13:15:17.784] [I] Replacing variable [record_type] with value A
[2017-05-24 13:15:17.786] [I] Replacing variable [record_value] with value null
[2017-05-24 13:15:17.788] [I] Updated script content
echo y | dnscmd null /RecordDelete null ADHQSVDML016 A null
The strange thing is the Orchestrator plugin for EB-MachineProvisioned-DNSADD works perfectly – the dnsserver custom propoerty in the blueprint is passed to the script and the A and PTR records get created OK.
Any ideas?
Hi Kelly ,
Thanks for great port.
This workflow is for virtual machine (domain controller) which is running on endpoint vCenter. But in my data center we are using Physical Domain controller (DNS) (VC:virtual Machine).So How we can apply this work flow on this scenario.
Regards,
Nagaraju
Hi Kelly ,
Thanks for great port.
This workflow is for virtual machine (domain controller)(VC:virtual Machine) which is running on endpoint vCenter. But in my data center we are using Physical Domain controller (DNS) .So How we can apply this work flow on this scenario.
Regards,
Nagaraju
Hi Nagaraju,
The workflow just needs to run on a Windows Server that has the dnscmd.exe installed on it. That Windows Server needs to be a VM in vCenter. It will execute the command and contact your physical domain controllers. Make sense?
Thanks Kelly,
We ran this script , However i am receiving below error. Can you please suggest?
[2017-09-16 19:50:35.124] [I] Replacing variable [DNS_server_FQDN] with value dc2.test.in
[2017-09-16 19:50:35.125] [I] Replacing variable [zone_name_FQDN] with value null
[2017-09-16 19:50:35.126] [I] Replacing variable [record_name] with value VRA06
[2017-09-16 19:50:35.128] [I] Replacing variable [record_type] with value A
[2017-09-16 19:50:35.129] [I] Replacing variable [record_value] with value 172.22.10.10
[2017-09-16 19:50:35.130] [I] Updated script content
echo y | dnscmd dc2.p3.test.in /RecordDelete null VRA06 A 172.22.10.10
[2017-09-16 19:51:45.219] [E] Are you sure you want to delete record? (y/n)
Command failed: DNS_ERROR_ZONE_DOES_NOT_EXIST 9601 0x2581
Thanks,
Nagaraju
echo y | dnscmd /f dc2.test.in /RecordDelete null VRA07 A 172.22.10.10
[2017-09-16 20:51:15.355] [E] Unknown Command “/f” Specified — type DnsCmd -?.
Thanks a lot kelly,
It is working now.
Regards,
Nagaraju
I can’t see where i can edit echo | y within the VRO script.
could someone please help me locate this within VRO
Updated script content
echo y | dnscmd dc2.p3.test.in /RecordDelete null VRA06 A 172.22.10.10
[2017-09-16 19:51:45.219] [E] Are you sure you want to delete record? (y/n)
Command
I m getting the above error while executing the workflow, please help in fixing this..
Hi Affreen, Where did you find dnscmd within the DNSREMOVE Script ?
Hi David, you have to add DNSServer tools to the Windows Box. See step above.
Hi Ryan,
Like others have had above I’m getting
[2018-11-19 15:32:01.925] [I] Replacing variable [DNS_server_FQDN] with value null
[2018-11-19 15:32:01.948] [I] Replacing variable [zone_name_FQDN] with value null
Which causes an RPC error as DNSCMD tries to run against a server called “__null__”
I’m actually running the DNSCMD on the DNS/AD server itself so obviously RPC won’t be an issue once I get those value populated.
Hope you can help.
To clarify the actual command that fails to run is
echo y | dnscmd null /RecordDelete null VRASERVER50 A 10.0.0.155
ok solved my own issue. Had to create a custom variable dnsserver in the blueprint for the server. Had I done Part 1 I’d have done that already.
The zonename was taken care of by adding a dnssuffix entry to my network profile.
Now I need to work out why I get
Command failed: ERROR_ACCESS_DENIED 5 0x5
However I’m getting that running the command myself manually so I suspect I’ve solved the VRO thing, I just need to get that error fixed myself.
Ok so I can get it to run if I run it via an elevated command prompt – I’m just trying how to work out how to get the automated process run the task elevated.
Slowly moving towards the solution – trying to see if this is achievable in the “Run program in guest” workflow
Has anyone been able to workout how to fix the issue of destroying multiple machines at once and only some of them having their DNS records removed?
“Error in (Workflow:Create temporary directory in guest / Scriptable task (item1)#8) The operation is not allowed in the current state” seems to be where it is getting hung up.