Solved: Credentials needed for vCenter 6.0 U1 but not vCen...

SENNAF1 · ‎07-26-2016

I have rebuilt my entire virtual environment on vSphere 6.0 U1. Using 2 PSCs behind a LB and one VCSA with a embedded postgreSQL DB in Production and two PSCs behind a LB and one VCSA with a embedded postgreSQL DB in DR. Our old vSphere environment was one Windows based VM running vCenter and SSO together with an external DB.

I have a script that runs in a scheduled task to report on Tags in the environment. When I run the script in a scheduled task or from the prompt I am propted to enter credentials for the vSphere 6.0 VCSA but the vCenter 5 server logs in using my credentials just fine.

# Virtual Centre server or VM host to connect to
$aryVIServer = @("vc1.domain.com", "vc2.domain.com" , "vc3.domain.com")

#Connect to vCenter
Connect-VIServer -server $aryVIServer

Can someone help me understand why or how I can get my script to run using the credentials for running the Task?

Thanks,

Ayrton

SENNAF1 · ‎07-29-2016

I did not find the root cause but I did get this fixed.

There is a bug in VCSA with External PSC using LDAP and I joined my PSC and VCSA servers to AD using Active Directory (Integrated Windows Authentication).

Once I did this my scripts started to work.

Thanks for your help LucD

View solution in original post

LucD · ‎07-26-2016

How did you define the Identity sources for SSO?

Under which account does the scheduled script run?

How did you specify the account? As domain/user or as user@domain?

Is the domain to which the account belongs defined as the default domain in SSO?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

SENNAF1 · ‎07-27-2016

LucD
Thanks for your responce.

1)How did you define the Identity sources for SSO?
The only defined Identity sources out side of the defaultsis Active Directory with our domain as default.

2)Under which account does the scheduled script run?
The script runs as a service account that is a member of the same Active directory domain listed in the Identity sources

3)How did you specify the account? As domain/user or as user@domain?

The scheduled task is domain/user
When I run it from the prompt no domain just username

4)Is the domain to which the account belongs defined as the default domain in SSO?
YES

LucD · ‎07-27-2016

Did you try with user@domain?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

SENNAF1 · ‎07-27-2016

I am able to run the script and it works but I am prompted for credentials.

When I run ./script.ps1 from PowerCLI if I have an active session or not. I am prompted for credentials. I can enter the credentials domain\user or user@domain.com and it runs just fine.

The problem is I want to run this from Task Scheduler but it does not run. There are no errors in the history or Windows logs. I assume the reason is because it needs vCenter credentials but I do not understand why my vCenter 5.5 server does not need credentials but my VCSA 6.0 does.

Sorry I did not explain this better in the original post.

Thanks again for any help

LucD · ‎07-27-2016

I wanted to say how did you specify the credential under which the scheduled task runs.

Is that in the domain\user or user@domain format?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

SENNAF1 · ‎07-28-2016

domain\user is how the credentials are set in the Scheduled Task

Thanks,

SENNAF1 · ‎07-29-2016

I did not find the root cause but I did get this fixed.

There is a bug in VCSA with External PSC using LDAP and I joined my PSC and VCSA servers to AD using Active Directory (Integrated Windows Authentication).

Once I did this my scripts started to work.

Thanks for your help LucD

All

Credentials needed for vCenter 6.0 U1 but not vCenter 5.5 U3