curryinhurry
Contributor
Contributor

PowerCLI Rotate ESXi root password errors

Jump to solution

Hi,

Im getting errors when running my script to rotate ESXi host passwords. The script actually completes and passwords do get rotated but I get errors which im not sure about. 

Error:

Get-VMHostAccount : 2/24/2021 3:46:34 PM Get-VMHostAccount The requested operation is only supported when connected directly to ESX host.
At XXX\Rotate ESXi Passwords.ps1:56 char:1
+ Get-VMHostAccount -User root | Set-VMHostAccount -Password ([Runtime. ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-VMHostAccount], VimException
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_TryValidateEsxConnection_ConnectedToVC,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.GetVMHostAccount

 

Script:

#User creds
$UserName=Read-Host "Username: "
$Password=Read-Host "Password: " -AsSecureString


$vCenterList = "vcenter2","vcenter3"

#Connect to each vCenter
foreach ($server in $vCenterList)
{
Connect-VIServer $server -user $UserName -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)))
}

 

#Get all ESXi Hosts and place in variable
$hosts = @()
Get-VMHost | sort | Get-View | Where {$_.Summary.Config.Product.Name -match "i"} | % { $hosts+= $_.Name }

#Disconnect from vCenters
foreach ($serverD in $vCenterList)
{
Disconnect-VIServer -Server $serverD -confirm:$false
}

#Request passwords for hosts
$CurrentPassword = Read-Host "Enter Current Password: " -AsSecureString
$NewPassword = Read-Host "Enter New Password: " -AsSecureString


#Change Passwords
foreach ($vmhost in $hosts)
{
Connect-VIServer -Server $vmhost -User root -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($CurrentPassword)))
Get-VMHostAccount -User root | Set-VMHostAccount -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPassword)))
Disconnect-VIServer -Server $vmhost -Confirm:$False

if($?)
{
Write-Output "Root password was updated on ESXi host - $vmhost"
}
else
{
Write-Output "Error: Root password was *not* changed on the ESXi host - $vmhost"
}
}

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership

The issue stems from the fact that you are connected to 2 vSphere servers when you run the Set-VMHostAccount cmdlet.
For the connection to the ESXi node the cmdlet works, for the connection to the vCenter the cmdlet produces the error you see.

An easy solution is to use the Server parameter on the cmdlet, and point to the ESXi node connection.
That way the cmdlet will only be executed against the ESXi node connection, and you avoid the error from the vCenter connection.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
2 Replies
LucD
Leadership
Leadership

The issue stems from the fact that you are connected to 2 vSphere servers when you run the Set-VMHostAccount cmdlet.
For the connection to the ESXi node the cmdlet works, for the connection to the vCenter the cmdlet produces the error you see.

An easy solution is to use the Server parameter on the cmdlet, and point to the ESXi node connection.
That way the cmdlet will only be executed against the ESXi node connection, and you avoid the error from the vCenter connection.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
curryinhurry
Contributor
Contributor

Thank you very much that worked!

Tags (1)
0 Kudos