I try to create a VM from a Linux Powercli and get a error. Same Powercli version on a Windows OS works.
If the user has Admin rights it works on Linux too.
I also tried it with the newest Powercli Version, same Issue.
Could someone help me with this?
Linux:
new-vm -name myvm -ResourcePool mypool -Location myfolder
new-vm : 2/8/19 2:02:18 PM New-VM
At line:1 char:1
+ new-vm -name myvm -ResourcePool mypool -Location myfolder...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-VM], VimException
+ FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.NewVM
Win10:
new-vm -name myvm -ResourcePool mypool -Location myfolder
Name PowerState Num CPUs MemoryGB
---- ---------- -------- --------
myvm PoweredOff 1 0.250
PowerCLI Version
----------------
VMware PowerCLI 10.1.0 build 8346946
---------------
Component Versions
---------------
VMware Cis Core PowerCLI Component PowerCLI Component 10.1 build 8377811
VMware VimAutomation VICore Commands PowerCLI Component PowerCLI Component 10.1 build 8344055
Update: seems to be a issue with different versions, engineering is working on it
Finally I got an answer from VMware Engineering, they will fix this Issue in 11.5:
"[SR] Running new-vm cmdlet throws Core_BaseCmdlet_UnknownError after update to Powercli Version 11.1.0.
This happens because encryption feature has been added in 11.1. Now while preparing VmConfigSpec it tries to initialize CryptoManager which fails if user doesn't have appropriate permission to view CryptoManager. To fix this we will initialize CryptoManager on need basis."
---------------------------------------------------------------------------------------------------------
Was it helpful? Let us know by completing this short survey here.
How did you connect to the vSphere server?
What is in $global:defaultviservers in both environments
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
connect on both:
Connect-VIServer ourVC -credential(get-credential)
var on both:
$global:defaultviservers
Name Port User
---- ---- ----
ourVC 443 domain\myuser
Does the Get-ErrorReport cmdlet give any additional information on the exception?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thank you, I wasn't aware of the Get-ErrorReport cmdlet.
I made it this way, is that ok?
Now I've to examine the zip File, there is a lot of information. Should I primary look fore errors and warnings?
$script = {new-vm -name myvm -ResourcePool mypool -Location myfolder}
$script| Get-ErrorReport -Destination "/tmp/error-reports"
WARNING: The 'IsChildTypeVm' property of the Folder type is deprecated. Use the Type property instead. WARNING: The 'IsChildTypeComputeResource' property of the Folder type is deprecated. Use the Type property instead. WARNING: The 'IsChildTypeDatacenter' property of the Folder type is deprecated. Use the Type property instead. WARNING: The 'IsChildTypeDatastore' property of the Folder type is deprecated. Use the Type property instead. WARNING: The 'DrsMode' property of Cluster type is deprecated. Use the 'DrsAutomationLevel' property instead. Mode LastWriteTime Length Name ---- ------------- ------ ---- ------ 2/8/19 3:27 PM 2840597 VMware-PowerCLI-Support-2019-02-08T15-27-04.zip
If you could find more specific info about the type of exception, that could help.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
The zip contains the files below. The smaller ones doesn't contain something new.
In the PowerCLI-Main-Log.txt I could not identify something helpful.
---------- 1 root root 25444853 Feb 8 15:27 PowerCLI-Main-Log.txt
---------- 1 root root 26 Feb 8 15:27 Powershell-Debug-Stream.txt
---------- 1 root root 377 Feb 8 15:27 Powershell-Error-Stream.txt
---------- 1 root root 0 Feb 8 15:27 Powershell-Info-Stream.txt
---------- 1 root root 44 Feb 8 15:27 Powershell-Verbose-Stream.txt
---------- 1 root root 0 Feb 8 15:27 Powershell-Warning-Stream.txt
Can you, immediately after the error, run this?
$error[0].exception.innerexception
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thank you for your patience LucD!
$error[0].exception
2/11/19 6:42:18 AM New-VM
and
$error[0].exception.innerexception
Returns nothing
That doesn't give us a lot more info.
Which Linux distro are you using?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Yes I'ts not very useful..
My distro is Ubuntu 18.04.1 LTS.
I tried now the same setup (user with reduced permissions) on our Test VC 6.7 (Prod is 6.5) with the same result: Works on a Win PS but not on Linux.
I just tried the same you are doing, with a user in the root group and a regular user.
For both the New-VM works.
I connected to the vCenter with a SSO account (same in both cases).
I'm using PowerShell 6.1.2 and VMware PowerCLI 11.1.0.
The PowerCLI modules are installed in the scope AllUsers (modules in /usr/local/share/powershell/Modules).
Are any of these different on your station?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Our Setup:
PowerShell 6.1.2
VMware PowerCLI 11.0.0 build 10380590
Modules are in /usr/local/share/powershell/Modules
The user (from AD) has a Role with special permissions:
Datastore.AllocateSpace
Datastore.Browse
Host.Local.CreateVM
Host.Local.DeleteVM
Host.Local.ReconfigVM
Network.Assign
Resource.AssignVMToPool
System.Anonymous
System.Read
System.View
VirtualMachine.Config.AddExistingDisk
VirtualMachine.Config.AddNewDisk
VirtualMachine.Config.AddRemoveDevice
VirtualMachine.Config.CPUCount
VirtualMachine.Config.DiskExtend
VirtualMachine.Config.EditDevice
VirtualMachine.Config.Memory
VirtualMachine.Config.MksControl
VirtualMachine.Config.RemoveDisk
VirtualMachine.Config.Resource
VirtualMachine.Config.Settings
VirtualMachine.Interact.AnswerQuestion
VirtualMachine.Interact.ConsoleInteract
VirtualMachine.Interact.CreateScreenshot
VirtualMachine.Interact.PowerOff
VirtualMachine.Interact.PowerOn
VirtualMachine.Interact.Reset
VirtualMachine.Interact.SetCDMedia
VirtualMachine.Interact.ToolsInstall
VirtualMachine.Inventory.Create
VirtualMachine.Inventory.CreateFromExisting
VirtualMachine.Inventory.Delete
VirtualMachine.Inventory.Move
VirtualMachine.Provisioning.Clone
VirtualMachine.State.CreateSnapshot
VirtualMachine.State.RemoveSnapshot
VirtualMachine.State.RenameSnapshot
VirtualMachine.State.RevertToSnapshot
Assigned on:
- 1 Datastore
- 1 Folder
- 1 Network
- 1 Ressource Pool
Ok, that's different.
So you are running powershell on the Linux box with the same account.
Do you start pwsh with sudo or not?
And the difference is in the Connect-VIServer account.
Once with an account that is in the Admin group (is that a SSO account ?) and once with an AD account, that is not in the Admin group.
Is that correct?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
On The Linuxbox I tried both: running PS as local user and as root.
Then I login to VC with the SSO user (not the same as on the linux box)
On The Windows I opened a PS as local user and connect to VC with the same SSO User as above in the Linux.
Does this make sense?
No, not yet.
The 2nd user, the AD account where it fails, do you use that for the Connect-VIServer?
While being logged on to the Linux box as root?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Yes, I login to the vcenter with a different user.
Like this:
linux:
PS /root> Connect-VIServer -server ourvcenter -credential(Get-Credential)
PowerShell credential request
Enter your credentials.
User: domainuser
Password for user domainuser: *
Name Port User
---- ---- ----
ourvcenter 443 domain\domainuser
PS /root> Get-ResourcePool
Name CpuSharesL CpuReserva CpuLimitMH MemSharesL MemReservationG MemLimitGB
evel tionMHz z evel B
---- ---------- ---------- ---------- ---------- --------------- ----------
Resources Normal 0 0 Normal 0.000 0.000
TestResourcePool Normal 0 60478 Normal 0.000 274.320
PS /root> get-folder
Name Type
---- ----
Datencenter Datacenter
vm VM
network Network
host HostAndCluster
datastore Datastore
myfolder VM
PS /root> New-VM -name blahLinux -ResourcePool TestResourcePool -Location myfolder
New-VM : 2/11/19 1:48:25 PM New-VM
At line:1 char:1
+ New-VM -name blahLinux -ResourcePool TestResourcePool -Location myfol ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-VM], VimException
+ FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.NewVM
Windows:
PS C:\Users\> Connect-VIServer -server ourvcenter -credential(Get-Credential)
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
Name Port User
---- ---- ----
ourvcenter 443 domain\domainuser
PS C:\Users\> Get-ResourcePool
Name CpuSharesL CpuReserva CpuLimitMH MemSharesL MemReservationG MemLimitGB
evel tionMHz z evel B
---- ---------- ---------- ---------- ---------- --------------- ----------
Resources Normal 0 0 Normal 0.000 0.000
TestResourcePool Normal 0 60478 Normal 0.000 274.320
PS C:\Users\> get-folder
Name Type
---- ----
Datencenter Datacenter
vm VM
network Network
host HostAndCluster
datastore Datastore
myfolder VM
PS C:\Users\> New-VM -name blahWin -ResourcePool TestResourcePool -Location myfolder
Name PowerState Num CPUs MemoryGB
---- ---------- -------- --------
blahWin PoweredOff 1 0.250
I just created an AD user with a Role that has the exact same privileges you listed.
And I also get the exception when doing a New-VM from that account.
BUT I get it in Linux session as well as in a Windows session.
And from the Web Client is works.
I'm using PowerCLI 11.1.0.
I'm doing some further tests to see if a missing privilege might cause this.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I'm now pretty sure this is a PowerCLI bug.
The New-VM doesn't even get to the vCenter.
And when I run it with the RunAsync switch, there is no Task object created.
So it all seems to be happening in the cmdlet before it even goes out to the vCenter.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference