We are trying to use Invoke-VMScript to configure a VM without network connectivity.
When using Invoke-VMScript cmdlet we get the error "Could not locate "Powershell" script interpreter in any of the expected locations. Probably you do not have enough permissions to execute command within guest."
We are using the local administrator account on the vm. We’ve tested running the same script on the VM, and it works.
Same issue.
I'm available for a call and screen share if that's easier. I also have an SR in with support but I'm still waiting on a response.
Invoke-VMScript : 9/3/2019 4:28:27 PM Invoke-VMScript An error occurred while sending the request.
At line:1 char:1
+ Invoke-VMScript @InvokeSettings -ScriptType Bat
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Invoke-VMScript], ViError
+ FullyQualifiedErrorId : Client20_VmGuestServiceImpl_DownloadFileFromGuest_DownloadError,VMware.VimAutomation.ViCore.Cmdlets.Commands.InvokeVmScript
So the problem seems to be there whatever type of script you call.
And the issue looks to be while downloading the result from the script.
Does the ESXi node, where the VM is running, have a valid certificate?
If not, did you specify -InvalidCertificateAction Ignore with Set-PowerCLIConfiguration?
If there is a certificate, does is contain the FQDN and the IP address (as a Subject Alternative Name)?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
There is another thread which seems to describe a similar issue as yours.
See Invoke-VMScript failed when guestcredential is not provided
Can you check which version of the VMware Tools you have running in the Win 2016 guest OS?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
We are using VMware Tools 10.2.5.
The host have valid certs issued by the VMCA on behalf of our internal CA. I've verified they have a SAN entry with only the FQDN of the host. I've also verified they report valid from a browser on the machine where we are running Invoke-VMScript.
You would need to trace the network traffic, but could it be that the return connection (for sending the result file back), is done with the IP address of the ESXi node, and not the FQDN?
If that is included in the certificate, that could cause an issue.
Again, this is just speculation from my side and would need a network trace to verify.
On the other hand, you did configure PowerCLI to ignore invalid certificates.
All this just guessing from my side.
I would suggest opening an SR.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I think I had internal CA issues with some of the scripts, I've been adding the below code to the top of the scripts if I'm not concerned with the validity of the certs
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
LucD We tested with the ignore certificates switch and see the same issue. We've had a SR open for 2 weeks and it's going nowhere. We are at 1 week with no update from the engineer.
sjesse Thank you for the suggestion but unfortunately we are still receiving the same error.
I have been doing some further testing on this.
What strikes me is that the content from your vmware.log
2019-09-03T20:20:53.996Z| vmx| I125: VigorTransportProcessClientPayload: opID=730a5939-b1-fa24 seq=671536: Receiving GuestOps.CreateTemporaryFile request.
2019-09-03T20:20:54.125Z| vcpu-0| I125: VigorTransport_ServerSendResponse opID=730a5939-b1-fa24 seq=671536: Completed GuestOps request.
2019-09-03T20:20:54.382Z| vmx| I125: VigorTransportProcessClientPayload: opID=7663c460-b1-fa2d seq=671551: Receiving GuestOps.DeleteFile request.
2019-09-03T20:20:54.423Z| vcpu-0| I125: VigorTransport_ServerSendResponse opID=7663c460-b1-fa2d seq=671551: Completed GuestOperations request.
is different from the typical entries I see.
2019-09-12T19:32:53.970Z| vmx| I125: VigorTransportProcessClientPayload: opID=6394ee57-8b-4830 seq=26897: Receiving GuestOps.CreateTemporaryFile request.
2019-09-12T19:32:54.018Z| vcpu-0| I125: VigorTransport_ServerSendResponse opID=6394ee57-8b-4830 seq=26897: Completed GuestOps request with messages.
2019-09-12T19:32:54.029Z| vmx| I125: VigorTransportProcessClientPayload: opID=44d013e6-a3-4837 seq=26908: Receiving GuestOps.StartProgram request.
2019-09-12T19:32:54.054Z| vcpu-0| I125: VigorTransport_ServerSendResponse opID=44d013e6-a3-4837 seq=26908: Completed GuestOps request with messages.
2019-09-12T19:32:54.072Z| vmx| I125: VigorTransportProcessClientPayload: opID=38ca8455-f8-483e seq=26919: Receiving GuestOps.ListProcesses request.
2019-09-12T19:32:54.088Z| vcpu-0| I125: VigorTransport_ServerSendResponse opID=38ca8455-f8-483e seq=26919: Completed GuestOps request with messages.
2019-09-12T19:32:59.099Z| vmx| I125: VigorTransportProcessClientPayload: opID=30e697a3-8b-4846 seq=26931: Receiving GuestOps.ListProcesses request.
2019-09-12T19:32:59.200Z| vcpu-0| I125: VigorTransport_ServerSendResponse opID=30e697a3-8b-4846 seq=26931: Completed GuestOps request with messages.
2019-09-12T19:32:59.210Z| vmx| I125: VigorTransportProcessClientPayload: opID=72ed6769-6e-484d seq=26942: Receiving GuestOps.InitiateFileTransferFromGuest request.
2019-09-12T19:32:59.215Z| vcpu-0| I125: VigorTransport_ServerSendResponse opID=72ed6769-6e-484d seq=26942: Completed GuestOps request with messages.
2019-09-12T19:32:59.418Z| vmx| I125: VigorTransportProcessClientPayload: opID=bd02a9b-3a-4855 seq=26960: Receiving GuestOps.DeleteFile request.
2019-09-12T19:32:59.441Z| vcpu-0| I125: VigorTransport_ServerSendResponse opID=bd02a9b-3a-4855 seq=26960: Completed GuestOps request.
It looks like your log seems to indicate that a temp file is created (which should normally contain the code to be executed) and then the file is deleted.
The complete part where the cmdlet runs the code (the part in red) is missing.
Can you confirm that you are not seeing those red lines in your vmware.log when calling Invoke-VMScript?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD We only see the first 4 lines.
So you are creating and deleting the file that holds the code, but it never seems to be executed, nor are the results returned.
That seems to indicate the issue is probably on the side where the Invoke-VMScript is running.
Did you try the same on another (fresh) station?
Eventually, can you try with my Invoke-VMScriptPlus with the Verbose switch?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD
We are using the local administrator account on Test3 so this should not be a permissions issue.
VERBOSE: Performing the operation "Invoke-VMScript" on target "Test3".
VERBOSE: 9/19/2019 7:21:05 AM Invoke-VMScript Finished execution
Invoke-VMScript : 9/19/2019 7:21:07 AM Invoke-VMScript Error occured while executing script on guest OS in VM
'Test3'. Could not locate "Powershell" script interpreter in any of the expected locations. Probably you do not
have enough permissions to execute command within guest.
At C:\psscripts\Powershell\TestInvokeVMScript\TestInvokeVMScript-2.ps1:91 char:1
+ Invoke-VMScript @InvokeSettings
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (Test3:UniversalVirtualMachineImpl) [Invoke-VMScript], VimExcept
ion
+ FullyQualifiedErrorId : Client20_VmGuestServiceImpl_RunScriptCore_ExeLookupFailed,VMware.VimAutomation.ViCore
.Cmdlets.Commands.InvokeVmScript
Something else you could try, run the following CMD.
Just to check what is in the Path variable.
Also, it could perhaps shows some more info, if try to run your original PS script with my Invoke-VMScriptPlus function with the Verbose switch.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD
VERBOSE: Performing the operation "Invoke-VMScript" on target "Test3".
VERBOSE: 9/20/2019 6:53:36 AM Invoke-VMScript Finished execution
Invoke-VMScript : 9/20/2019 6:53:37 AM Invoke-VMScript Error occured while executing script on guest OS in VM
'Test3'. Could not locate "Bat" script interpreter in any of the expected locations. Probably you do not have
enough permissions to execute command within guest.
At C:\PSScripts\Powershell\TestInvokeVMScript\TestInvokeVMScript-2.ps1:102 char:1
+ Invoke-VMScript @InvokeSettings
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (Test3:UniversalVirtualMachineImpl) [Invoke-VMScript], VimExcept
ion
+ FullyQualifiedErrorId : Client20_VmGuestServiceImpl_RunScriptCore_ExeLookupFailed,VMware.VimAutomation.ViCore
.Cmdlets.Commands.InvokeVmScript
There seems to be something fundamentally wrong with that VM or your PowerCLI installation (I suspect the VM).
Can you eventually the same versus another VM?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD We tried building a new Server 2016 VM and see the same issue.
The team testing this missed the request to try Invoke-VMScriptPlus and they are trying to get that to work. So far they are running in to an issue.
Which issue?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD
We built a new VM from a different source to rule it out as the issue. We've also tried running it from multiple source VMs. We consistently see the same error.
They were able to get Invoke-VMScriptPlus working, here is the output. We've sanitized the IP address, FQDN of the ESXi host and token.
VERBOSE: 9/25/2019 10:01:58 AM Get-View Finished execution
VERBOSE: 9/25/2019 10:01:58 AM Get-View Finished execution
VERBOSE: 9/25/2019 10:01:58 AM Get-View Finished execution
VERBOSE: 9/25/2019 10:01:58 AM Get-View Finished execution
VERBOSE: Created temp script file in guest OS
VERBOSE: Created temp output file in guest OS
VERBOSE: X.X.X.X.in-addr.arpa
VERBOSE: PUT https://ESXi.domain/guestFile?id=3&token=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXX with -1-byte payload
VERBOSE: received 33-byte response of content type
VERBOSE: Copied scipttext to temp script file
Exception calling "ReadEnvironmentVariableInGuest" with "3" argument(s): "Permission to perform this operation was
- denied."
At C:\PSScripts\Powershell\TestInvokeVMScript\Invoke-VMScriptPlus.psm1:263 char:13
+ $SystemEnvironment = $gProcMgr.ReadEnvironmentVariableInG ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : VimException
[0].Exception.Message
At C:\PSScripts\Powershell\TestInvokeVMScript\Invoke-VMScriptPlus.psm1:318 char:25
+ Throw "$error[0].Exception.Message"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: ([0].Exception.Message:String) [], RuntimeException
+ FullyQualifiedErrorId : [0].Exception.Message
That at least is a more meaningful error.
It looks as if the account with which you connected to the VCSA, doesn't have the required privileges to call.
Is that account authorised to perform Guest Operations on that VM?
See Virtual Machine Guest Operations Privileges
Perhaps you could try if the VCSA administrator account makes a difference
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD We tried with the SSO admin account as well as a administrator user and received the same error.