VMware Cloud Community
nicholas1982
Hot Shot
Hot Shot
Jump to solution

Cannot Create Account with esxcli

Having a strange issue. I need to create a RO account on every ESXi servers deployed via Powercli however using EsxCLI won't accept my password. But when using New-VMhostAccount connected directly to the host it works fine. I'm wanting to set this account during the build of the host which is automated via powercli so doing a connect-visever direct to the host in the middle my build script breaks my connection to the vcenter i'm building in, any ideas?

    $Args = $esxcli.system.account.set.CreateArgs()

    $Args.id = 'a_guard'

    $Args.password = '@`[tNI\xUh7#&by\'

    $Args.passwordconfirmation = '@`[tNI\xUh7#&by\'

    $esxcli.system.account.set.invoke($Args)

Message: A specified parameter was not correct: argument[1];

InnerText: argument[1]

At line:5 char:5

+     $result = $esxcli.system.account.set.invoke($Args)

+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : OperationStopped: (:) [], InvalidArgument

    + FullyQualifiedErrorId : VMware.VimAutomation.ViCore.Types.V1.ErrorHandling.InvalidArgument

Nicholas
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
Jump to solution

Just did some further tests, looks indeed like it is a Get-EsxCli "feature". W

With the esxcli command it works.

Looks like Get-EsxCli has an issue with the ampersand (&) in the password.

Congrats, you found a bug :smileygrin:


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
0 Kudos
10 Replies
LucD
Leadership
Leadership
Jump to solution

The password is causing this.

Could it be that your password is violating the complexity rules?

What is in Security.PasswordQualityControl?

Get-AdvancedSetting -Entity MyEsx -Name 'Security.PasswordQualityControl' |

Select -ExpandProperty Value

This for example works for me

$esxcli = Get-EsxCli -VMHost MyEsx -V2

$sAccount = $esxcli.system.account.add.CreateArgs()

$sAccount.Item('description') = 'Test account'

$sAccount.Item('password') = 'BlackFriday17!'

$sAccount.Item('passwordconfirmation') = 'BlackFriday17!'

$sAccount.Item('id') = 'a_guard'

$esxcli.system.account.add.Invoke($sAccount)


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
vijayrana968
Virtuoso
Virtuoso
Jump to solution

I hope, on top of this you have mentioned $esxcli = Get-EsxCli -VMHost 'YourHostFQDN'

Reply
0 Kudos
nicholas1982
Hot Shot
Hot Shot
Jump to solution

Hi Luc, its a fresh install of ESXi 6.5update1 but what is more strange it works when using New-VMHostAccount

Get-Advancedsetting -Entity $esxiserver -Name 'Security.PasswordQualityControl' | Select -ExpandProperty Value

retry=3 min=disabled,disabled,disabled,7,7

I would really like to set this via esxcli, do you think i could modify 'Security.PasswordQualityControl'  to allow this then set it back to default.?

I know the account works with this password because it been set in the environment previously i believe it was created using host profiles, plus i can get it to work with New-VMHostAccount

Nicholas
Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

That is the default password complexity rule, so, yes, your selected password should work.

Might be a flaw in Get-Esxcli.

Did you, to confirm my assumption, try the same through the esxcli command from a SSH session?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
nicholas1982
Hot Shot
Hot Shot
Jump to solution

From SSH i get this.. maybe a bug

[root@o-n01:~] esxcli system acoount

Error: Unknown command or namespace system acoount

Nicholas
Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Just did some further tests, looks indeed like it is a Get-EsxCli "feature". W

With the esxcli command it works.

Looks like Get-EsxCli has an issue with the ampersand (&) in the password.

Congrats, you found a bug :smileygrin:


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

I tried

esxcli system account add -i test2 -p '@`[tNI\xUh7#&by\' -c '@`[tNI\xUh7#&by\'

and that works.

Update: you have a typo in account


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
nicholas1982
Hot Shot
Hot Shot
Jump to solution

Thnaks luc, can you think of any workaround other than change the password, unfortunately this password is mature in the environment so can't easily be changed and i was hoping to automate it.

I might put it in the auto deploy host profile that might work

Nicholas
Reply
0 Kudos
sgas_harbin
Contributor
Contributor
Jump to solution

Any chance a workaround was ever identified for this?  I'm running 11.3.0 and am apparently hitting the same issue when setting an SNMP community string via PowerCLI.

Confirmed that removing the ampersand (&) from the string allows the command to continue.  Also verified that setting via SSH the community string work, as does a direct PowerCLI connection and using get-vmhostsnmp | set-vmhostsnmp.

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

I'm afraid not.
I would suggest to open a SR, the more people report this "feature"...


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference