My PowerCLI script is below:-
Connect-VIServer 10.0.0.1
foreach($nic in (Get-Cluster -Name CPTHI05 | Get-VM -Name Vase*| Get-NetworkAdapter)){
switch -regex ($nic.Name){
'.+[1|2|3]'{Set-NetworkAdapter -NetworkAdapter $nic -Connected:$false -StartConnected:$false -Confirm:$false}
'.+[4|5|6]'{Set-NetworkAdapter -NetworkAdapter $nic -Connected:$true -StartConnected:$true -Confirm:$false}
}
}
Disconnect-VIServer 10.0.0.1 -Confirm:$false
Primary Site Recovery Manager SRM service account is :- JNJ\NAsupport
and Recovery Site Recovery Manager SRM service account is :- JNJ\MPsupport
Issue is:-
I have created the recover step in the Site Recovery manager recovery plan as below:-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -psc "C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\vim.psc1" -file C:\Vaseline\vase.ps1
(If I loginto the PowerCLI console or command prompt manually with my domain account and run the script it will work fine... the same script if it runs from SRM Recovery Plan TEST or RUN this command will give below error:-
Once the SRM Test get complete I get below error under the SRM TEST History Report:-
Success: "File C:\Vaseline\vase.ps1 cannot be loaded because the execution of scripts is
disabled on this system. Please see "get-help about_signing" for more details.
+ CategoryInfo : NotSpecified: (:) [], ParentContainsErrorRecordE
xception
+ FullyQualifiedErrorId : RuntimeException
"
I need help on how to configure my powercli script mentioned above to run with above mentioned SRM service accounts.
Thank You
I appreciate LUCD for my previous PowerCLI questions.
It looks as if the account under which the SRM scripts run, didn't set the PowerShell execution policy.
Can you run in the guest OS with SRM acocunt the following
Get-ExecutionPolicy
and eventually change it with
Set-ExecutionPolicy RemoteSigned
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I have manually set the execution policy as unrestricted on both the SRM servers. Thank You Lucd for your prompt reply please help me here
Make sure you do what Luc suggests under the 32bit PowerCLI as SRM uses 32bit PowerCLI.
Remember I told you to run the 32-bit version, hence the C:\Windows\SysWOW64 folder.
Did you start a 32-bit PS session when executing the Set-ExecutionPolicy ?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.
PS C:\Windows\SysWOW64\WindowsPowerShell\v1.0> Get-ExecutionPolicy
Unrestricted
PS C:\Windows\SysWOW64\WindowsPowerShell\v1.0>
on both the SRM servers I have set it to unrestricted....
I can't login to the SRM server with the SRM service account because as per my company securty standads we deny service account to login to the computer locally..
Can you do
[system.IntPtr]::Size
from that PS prompt ?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
PS C:\Windows\SysWOW64\WindowsPowerShell\v1.0> [system.IntPtr]::Size
4
Under the Recovery plan i have created the command step at recovery plan as below:-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -psc "C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\vim.psc1" -file C:\Vaseline\vase.ps1
Ok, that proves you are running a 32-bit session (had to make sure )
Next step, make sure the SRM runs with the account, you think it is running with.
Try to make SRM run the following line (instead of the script).
That should allow us to find the actual account.
C:\WINDOWS\SysWOW64\windowspowershell\v1.0\powershell.exe -command "[Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent() | select -ExpandProperty Identity > C:\account.txt"
In the file C:\account.txt you should find the account.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
When i go to RUN and type this C:\account.txt I will get below error.
Windows cannot find 'C:\account.txt'. Make sure you typed the name correctly, and then try again.
And SRM server runs with the service account.. because once i open the VCenter server in both Protected and recovery site and when I open Site Recovery Manager appliation from both the VCenter servers it will prompt me to enter the SRM service account once it authenticate properly then only SRM will load.
This means the SRM is running with Service account fine witout any issue.
It could be that the account doesn't have write rights in the C:\ root.
Try changing the path to a folder everyone can write to.
All errors you showed seem to indicate that the account doesn't have the correct execution policy.
When you set the execution policy, in a 32-bit PS session, to Unrestricted, the SRM script still says there are no execution rights.
That's why I would like to confirm that the account the script runs under is actually the account you think it is.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Now I have placed the powercli script in D drive under the folder script.and also i had modified in the recovery plan the command is below...
Command: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -psc "C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\vim.psc1" -file D:\script\vase.ps
when i perform SRM TEST i am getting below error
Error: User designed callout 'C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -psc "C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\vim.psc1" -file D:\script\vase.ps1
' has not returned in 300 seconds.
The error message seems to indicate that SRM is trying to execute your D:\script\vase.ps1 script and not the command I gave ?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
What is your command I am not able to view it .. could you please type it here once again.
not able to see the command could you please type the commnand ..thank you
C:\WINDOWS\SysWOW64\windowspowershell\v1.0\powershell.exe -command "[Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent() | select -ExpandProperty Identity > C:\account.txt"
It's all on 1 line
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
AuthenticationType : Negotiate
ImpersonationLevel : None
IsAuthenticated : True
IsGuest : False
IsSystem : True
IsAnonymous : False
Name : NT AUTHORITY\SYSTEM
Owner : S-1-5-32-544
User : S-1-5-18
Groups : {S-1-5-32-544, S-1-1-0, S-1-5-11}
Token : 996
Above is the result in the account.txt
That's what I suspected, the scripts triggered by SRM run under the System account (the Name property), and not the JNJ\NAsupport account.
Now how to fix this ?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
how to proceed now Lucd