VMware Cloud Community
dalo
Hot Shot
Hot Shot
Jump to solution

command works on windows, but fails on linux powercli (version issue)

I try to create a VM from a Linux Powercli and get a error. Same Powercli version on a Windows OS works.

If the user has Admin rights it works on Linux too.

I also tried it with the newest Powercli Version, same Issue.

Could someone help me with this?

Linux:

new-vm -name myvm -ResourcePool mypool -Location myfolder

new-vm : 2/8/19 2:02:18 PM      New-VM

At line:1 char:1

+ new-vm -name myvm  -ResourcePool mypool -Location myfolder...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo          : NotSpecified: (:) [New-VM], VimException

+ FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.NewVM

Win10:

new-vm -name myvm -ResourcePool mypool -Location myfolder

Name                 PowerState Num CPUs MemoryGB

----                 ---------- -------- --------

myvm         PoweredOff 1        0.250

PowerCLI Version

----------------

   VMware PowerCLI 10.1.0 build 8346946

---------------

Component Versions

---------------

   VMware Cis Core PowerCLI Component PowerCLI Component 10.1 build 8377811

   VMware VimAutomation VICore Commands PowerCLI Component PowerCLI Component 10.1 build 8344055

Update: seems to be a issue with different versions, engineering is working on it

Reply
0 Kudos
1 Solution

Accepted Solutions
dalo
Hot Shot
Hot Shot
Jump to solution

Finally I got an answer from VMware Engineering, they will fix this Issue in 11.5:

"[SR]  Running new-vm cmdlet throws Core_BaseCmdlet_UnknownError after update to Powercli Version  11.1.0.

This happens because encryption feature has been added in 11.1. Now while preparing VmConfigSpec it tries to initialize CryptoManager which fails if user doesn't have appropriate permission to view CryptoManager. To fix this we will initialize CryptoManager on need basis."

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

View solution in original post

Reply
0 Kudos
44 Replies
LucD
Leadership
Leadership
Jump to solution

How did you connect to the vSphere server?
What is in $global:defaultviservers in both environments


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
dalo
Hot Shot
Hot Shot
Jump to solution

connect on both:

Connect-VIServer ourVC -credential(get-credential)

var on both:

$global:defaultviservers

Name                           Port  User

----                           ----  ----

ourVC                  443   domain\myuser

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Does the Get-ErrorReport cmdlet give any additional information on the exception?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
dalo
Hot Shot
Hot Shot
Jump to solution

Thank you, I wasn't aware of the Get-ErrorReport cmdlet.

I made it this way, is that ok?

Now I've to examine the zip File, there is a lot of information. Should I primary look fore errors and warnings?

$script = {new-vm -name myvm -ResourcePool mypool -Location myfolder}

$script| Get-ErrorReport -Destination "/tmp/error-reports"

WARNING: The 'IsChildTypeVm' property of the Folder type is deprecated. Use the Type property instead.                                                                                                                                                    WARNING: The 'IsChildTypeComputeResource' property of the Folder type is deprecated. Use the Type property instead.                                                                                                                            WARNING: The 'IsChildTypeDatacenter' property of the Folder type is deprecated. Use the Type property instead.                                                                                                                                        WARNING: The 'IsChildTypeDatastore' property of the Folder type is deprecated. Use the Type property instead.                                                                                                                                          WARNING: The 'DrsMode' property of Cluster type is deprecated. Use the 'DrsAutomationLevel' property instead.                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Mode                LastWriteTime         Length Name                                                                                                                                                                                                                                                 ----                -------------         ------ ----                                                                                                                                                                                                                                                                        ------           2/8/19   3:27 PM        2840597 VMware-PowerCLI-Support-2019-02-08T15-27-04.zip                                                                                                                                                                                                                            

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

If you could find more specific info about the type of exception, that could help.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
dalo
Hot Shot
Hot Shot
Jump to solution

The zip contains the files below. The smaller ones doesn't contain something new.

In the PowerCLI-Main-Log.txt  I could not identify something helpful.

---------- 1 root root 25444853 Feb  8 15:27 PowerCLI-Main-Log.txt

---------- 1 root root       26 Feb  8 15:27 Powershell-Debug-Stream.txt

---------- 1 root root      377 Feb  8 15:27 Powershell-Error-Stream.txt

---------- 1 root root        0 Feb  8 15:27 Powershell-Info-Stream.txt

---------- 1 root root       44 Feb  8 15:27 Powershell-Verbose-Stream.txt

---------- 1 root root        0 Feb  8 15:27 Powershell-Warning-Stream.txt

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Can you, immediately after the error, run this?

$error[0].exception

$error[0].exception.innerexception


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
dalo
Hot Shot
Hot Shot
Jump to solution

Thank you for your patience LucD!

$error[0].exception

2/11/19 6:42:18 AM      New-VM

and

$error[0].exception.innerexception

Returns nothing

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

That doesn't give us a lot more info.

Which Linux distro are you using?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
dalo
Hot Shot
Hot Shot
Jump to solution

Yes I'ts not very useful..

My distro is Ubuntu 18.04.1 LTS.

I tried now the same setup (user with reduced permissions) on our Test VC 6.7 (Prod is 6.5) with the same result: Works on a Win PS but not on Linux.

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

I just tried the same you are doing, with a user in the root group and a regular user.
For both the New-VM works.

I connected to the vCenter with a SSO account (same in both cases).

I'm using PowerShell 6.1.2 and VMware PowerCLI 11.1.0.

The PowerCLI modules are installed in the scope AllUsers (modules in /usr/local/share/powershell/Modules).

Are any of these different on your station?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
dalo
Hot Shot
Hot Shot
Jump to solution

Our Setup:

PowerShell 6.1.2

VMware PowerCLI 11.0.0 build 10380590

Modules are in /usr/local/share/powershell/Modules

The user (from AD) has a Role with special permissions:

Datastore.AllocateSpace

Datastore.Browse

Host.Local.CreateVM

Host.Local.DeleteVM

Host.Local.ReconfigVM

Network.Assign

Resource.AssignVMToPool

System.Anonymous

System.Read

System.View

VirtualMachine.Config.AddExistingDisk

VirtualMachine.Config.AddNewDisk

VirtualMachine.Config.AddRemoveDevice

VirtualMachine.Config.CPUCount

VirtualMachine.Config.DiskExtend

VirtualMachine.Config.EditDevice

VirtualMachine.Config.Memory

VirtualMachine.Config.MksControl

VirtualMachine.Config.RemoveDisk

VirtualMachine.Config.Resource

VirtualMachine.Config.Settings

VirtualMachine.Interact.AnswerQuestion

VirtualMachine.Interact.ConsoleInteract

VirtualMachine.Interact.CreateScreenshot

VirtualMachine.Interact.PowerOff

VirtualMachine.Interact.PowerOn

VirtualMachine.Interact.Reset

VirtualMachine.Interact.SetCDMedia

VirtualMachine.Interact.ToolsInstall

VirtualMachine.Inventory.Create

VirtualMachine.Inventory.CreateFromExisting

VirtualMachine.Inventory.Delete

VirtualMachine.Inventory.Move

VirtualMachine.Provisioning.Clone

VirtualMachine.State.CreateSnapshot

VirtualMachine.State.RemoveSnapshot

VirtualMachine.State.RenameSnapshot

VirtualMachine.State.RevertToSnapshot

Assigned on:

- 1 Datastore

- 1 Folder

- 1 Network

- 1 Ressource Pool

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Ok, that's different.
So you are running powershell on the Linux box with the same account.

Do you start pwsh with sudo or not?

And the difference is in the Connect-VIServer account.

Once with an account that is in the Admin group (is that a SSO account ?) and once with an AD account, that is not in the Admin group.

Is that correct?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
dalo
Hot Shot
Hot Shot
Jump to solution

On The Linuxbox I tried both: running PS as local user and as root.

Then I login to VC with the SSO user (not the same as on the linux box)

On The Windows I opened a PS as local user and connect to VC with the same SSO User as above in the Linux.

Does this make sense?

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

No, not yet.

The 2nd user, the AD account where it fails, do you use that for the Connect-VIServer?

While being logged on to the Linux box as root?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
dalo
Hot Shot
Hot Shot
Jump to solution

Yes, I login to the vcenter with a different user.

Reply
0 Kudos
dalo
Hot Shot
Hot Shot
Jump to solution

Like this:

linux:

PS /root> Connect-VIServer -server ourvcenter -credential(Get-Credential)

PowerShell credential request

Enter your credentials.

User: domainuser

Password for user domainuser: *

Name                           Port  User

----                           ----  ----

ourvcenter           443   domain\domainuser

PS /root> Get-ResourcePool

Name                 CpuSharesL CpuReserva CpuLimitMH MemSharesL MemReservationG MemLimitGB

                     evel       tionMHz    z          evel       B

----                 ---------- ---------- ---------- ---------- --------------- ----------

Resources            Normal     0          0          Normal     0.000           0.000

TestResourcePool     Normal     0          60478      Normal     0.000           274.320

PS /root> get-folder

Name                           Type

----                           ----

Datencenter                    Datacenter

vm                             VM

network                        Network

host                           HostAndCluster

datastore                      Datastore

myfolder                       VM

PS /root> New-VM -name blahLinux -ResourcePool TestResourcePool -Location myfolder

New-VM : 2/11/19 1:48:25 PM     New-VM

At line:1 char:1

+ New-VM -name blahLinux -ResourcePool TestResourcePool -Location myfol ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo          : NotSpecified: (:) [New-VM], VimException

+ FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.NewVM

Windows:

PS C:\Users\> Connect-VIServer -server ourvcenter -credential(Get-Credential)

cmdlet Get-Credential at command pipeline position 1

Supply values for the following parameters:

Credential

Name                           Port  User

----                           ----  ----

ourvcenter           443   domain\domainuser

PS C:\Users\> Get-ResourcePool

Name                 CpuSharesL CpuReserva CpuLimitMH MemSharesL MemReservationG MemLimitGB

                     evel       tionMHz    z          evel       B

----                 ---------- ---------- ---------- ---------- --------------- ----------

Resources            Normal     0          0          Normal     0.000           0.000

TestResourcePool     Normal     0          60478      Normal     0.000           274.320

PS C:\Users\> get-folder

Name                           Type

----                           ----

Datencenter                    Datacenter

vm                             VM

network                        Network

host                           HostAndCluster

datastore                      Datastore

myfolder                       VM

PS C:\Users\> New-VM -name blahWin -ResourcePool TestResourcePool -Location myfolder

Name                 PowerState Num CPUs MemoryGB

----                 ---------- -------- --------

blahWin              PoweredOff 1        0.250

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

I just created an AD user with a Role that has the exact same privileges you listed.
And I also get the exception when doing a New-VM from that account.
BUT I get it in Linux session as well as in a Windows session.

And from the Web Client is works.

I'm using PowerCLI 11.1.0.

I'm  doing some further tests to see if a missing privilege might cause this.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

I'm now pretty sure this is a PowerCLI bug.
The New-VM doesn't even get to the vCenter.

And when I run it with the RunAsync switch, there is no Task object created.
So it all seems to be happening in the cmdlet before it even goes out to the vCenter.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference