VMware Cloud Community
DraK-KarD
Contributor
Contributor
Jump to solution

Problem with Invoke-VMScript

Hello,

I'm trying to run a basic command with the Invoke-VMScript on a Windows 2019 VM that is actually out of domain AD.

Invoke-VMScript -VM tstW2019 -ScriptText "Get-Process" -GuestUser Deploy -GuestPassword "thePass" -Verbose

Everytime I got the error message :

Invoke-VMScript A connection could not be established because the target computer expressly refused it. (127.0.0.1:80)

The credentials are fine as I can logon locally on server with them.

On Windows, I don't see any logon error, I see some LogonType 4 granted or vmtoolsd validated credentials.

Any idea of what I'm missing to make it work

 

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
Jump to solution

Interesting case.

So it looks as if the location the GuestOperations provide to upload the file, has an issue (or is in a format my code doesn't yet understand).

In the function, after line 216

$fileInfo = $gFileMgr.InitiateFileTransferToGuest($moref, $auth, $File, $attr, $Data.Length, $clobber)

can you add a line with

Write-Verbose "File transfer location $fileInfo"

That should show in the verbose output the upload location.

 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
0 Kudos
15 Replies
LucD
Leadership
Leadership
Jump to solution

Is port 902 open to the ESXi node where the VM is hosted?
Does the Certificate on the ESXi node contain a SAN entry with the IP address of the node, besides the FQDN?

You could have a go with my Invoke-VMScriptPlus function and use the Verbose switch.
It should return more information on what is happening.
You could also use the NoIPInCert switch.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
DraK-KarD
Contributor
Contributor
Jump to solution

Hello Luc,

 

thanks for your help, I have just tested your fonction and got same result, but as there is a "but" 😉

I have seens that, the function was able to connect to the VM create both output file ( empty ) and .ps1 file ( empty also ).

Below the result :
VERBOSE: 25/04/2023 08:05:58 Get-View Finished execution
VERBOSE: 25/04/2023 08:05:58 Get-View Finished execution
VERBOSE: 25/04/2023 08:05:58 Get-View Finished execution
VERBOSE: 25/04/2023 08:05:59 Get-View Finished execution
VERBOSE: No GuestOSType value provided. Trying to determine now.
VERBOSE: It's a Windows guest OS
VERBOSE: Created temp folder in guest OS C:\Users\Deploy\AppData\Local\Temp\myAccount_1460vmware100
VERBOSE: Created temp script file in guest OS C:\Users\Deploy\AppData\Local\Temp\myAccount_1460vmware100\myAccount_1460vmware31.ps1
VERBOSE: Created temp output file in guest OS C:\Users\Deploy\AppData\Local\Temp\myAccount_1460vmware100\myAccount_1460_outputvmware69
VERBOSE: Copying Data to C:\Users\Deploy\AppData\Local\Temp\myAccount_1460vmware100\myAccount_1460vmware31.ps1
VERBOSE: HTTP/1.1 PUT with 11-byte payload
Invoke-WebRequest: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:223
Line |
223 | … copyResult = Invoke-WebRequest -Uri $fileInfo -Method Put -Body $Data
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Aucune connexion n’a pu être établie car l’ordinateur cible l’a expressément refusée.
Exception: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:226
Line |
226 | … Throw "ScripText copy failed!`rStatus $($copyResult.Statu …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| ScripText copy failed!Status

 

And I saw also that when I was testing the invoke-VMscript function in this way :
Invoke-VMScript -ScriptType Powershell -scriptText "New-Item -ItemType Directory -Path 'C:\Test'" -VM tstW2019 -GuestUser Administrateur -GuestPassword "ThePass" -Verbose

The folder was created, but the function was returning the error anyway.

So, in both case the function was able to connect to the VM, then do something on the VM and then got an error.

Any idea ?

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Did you try the NoIPInCert switch?
Creating the folder and files is done through the GuestOperation methods, which seems to work.
Only when the function tries to upload the content to the temp file with a PUt the transfer doesn't seem to work.
That upload is normally to a URI that contains the ESXI node (IP addr or FQDN).
When there is an issue, missing SAN entry for IP, with the Cert on the ESXi that fails, hence I introduced the NoIPInCert switch.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
DraK-KarD
Contributor
Contributor
Jump to solution

Luc,

I just tryed the NoIPinCert, but got the error message :

Select-Object: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:219
Line |
219 | … = Resolve-DnsName -Name $ip | Select-Object -ExpandProperty NameHost
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Property "NameHost" cannot be found.
VERBOSE: Copying Data to C:\Users\Deploy\AppData\Local\Temp\myAccount_1460vmware56\myAccount_1460vmware43.ps1
Invoke-WebRequest: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:223
Line |
223 | $copyResult = Invoke-WebRequest -Uri $fileInfo -Method Pu …
| ~~~~~~~~~
| Cannot bind parameter 'Uri'. Cannot convert value
| "https://:443/guestFile?id=126&token=52c66c60-5ca0-fec9-90c7-11f9b419d67c126" to type "System.Uri". Error:
| "Invalid URI: The hostname could not be parsed."
Exception: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:226
Line |
226 | … Throw "ScripText copy failed!`rStatus $($copyResult.Statu …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| ScripText copy failed!Status

If I execute the Resolve-DnsName manually it works with 2 answers there is an alias for the ESXi.

Do you have any idea ?

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Interesting case.

So it looks as if the location the GuestOperations provide to upload the file, has an issue (or is in a format my code doesn't yet understand).

In the function, after line 216

$fileInfo = $gFileMgr.InitiateFileTransferToGuest($moref, $auth, $File, $attr, $Data.Length, $clobber)

can you add a line with

Write-Verbose "File transfer location $fileInfo"

That should show in the verbose output the upload location.

 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
DraK-KarD
Contributor
Contributor
Jump to solution

Below the result :

 

VERBOSE: 25/04/2023 23:09:38 Get-View Finished execution
VERBOSE: 25/04/2023 23:09:38 Get-View Finished execution
VERBOSE: 25/04/2023 23:09:38 Get-View Finished execution
VERBOSE: 25/04/2023 23:09:38 Get-View Finished execution
VERBOSE: No GuestOSType value provided. Trying to determine now.
VERBOSE: It's a Windows guest OS
VERBOSE: Created temp folder in guest OS C:\Users\deploy\AppData\Local\Temp\myAccount_1460vmware42
VERBOSE: Created temp script file in guest OS C:\Users\deploy\AppData\Local\Temp\myAccount_1460vmware42\myAccount_1460vmware177.ps1
VERBOSE: Created temp output file in guest OS C:\Users\deploy\AppData\Local\Temp\myAccount_1460vmware42\myAccount_1460_outputvmware255
VERBOSE: hypsrvesx01.lz2.dom
Select-Object: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:219
Line |
219 | … = Resolve-DnsName -Name $ip | Select-Object -ExpandProperty NameHost
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Property "NameHost" cannot be found.
VERBOSE: Copying Data to C:\Users\deploy\AppData\Local\Temp\myAccount_1460vmware42\myAccount_1460vmware177.ps1
Invoke-WebRequest: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:223
Line |
223 | $copyResult = Invoke-WebRequest -Uri $fileInfo -Method Pu …
| ~~~~~~~~~
| Cannot bind parameter 'Uri'. Cannot convert value
| "https://:443/guestFile?id=133&token=52c79fd9-6fb6-c7e3-24d9-4a5ee41f9f41133" to type "System.Uri". Error:
| "Invalid URI: The hostname could not be parsed."
Exception: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:226
Line |
226 | … Throw "ScripText copy failed!`rStatus $($copyResult.Statu …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| ScripText copy failed!Status

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Strange, I was expecting a line with "VERBOSE: File transfer location" followed by a URI.
Or did you change the line I proposed?

Is this the result of the line you added?

VERBOSE: hypsrvesx01.lz2.dom

That should have been a URI, not just a FQDN . 




Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
DraK-KarD
Contributor
Contributor
Jump to solution

Yes exactly,

I changed the script like below :

213 $attr = New-Object VMware.Vim.GuestFileAttributes
214 $clobber = $true
215 $fileInfo = $gFileMgr.InitiateFileTransferToGuest($moref, $auth, $File, $attr, $Data.Length, $clobber)
216 Write-Verbose "File transfer location $fileInfo"
217 if ($NoIPinCert.IsPresent)
218 {

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Then I wonder where the part "File transfer location" went.

Also, the InitiateFileTransferToGuest method should return a URI, not a single FQDN

LucD_0-1682461191227.png


Which ESXi version is that VM running on?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
DraK-KarD
Contributor
Contributor
Jump to solution

 

Hello Luc,

the ESXi version is : VMware ESXi, 8.0.0, 21203435

My bad...

I forgot to change to update the context, In new console I got what your wanted :


VERBOSE: 26/04/2023 08:36:59 Get-View Finished execution
VERBOSE: 26/04/2023 08:36:59 Get-View Finished execution
VERBOSE: 26/04/2023 08:36:59 Get-View Finished execution
VERBOSE: 26/04/2023 08:36:59 Get-View Finished execution
VERBOSE: No GuestOSType value provided. Trying to determine now.
VERBOSE: It's a Windows guest OS
VERBOSE: Created temp folder in guest OS C:\Users\deploy\AppData\Local\Temp\myAccount_17704vmware76
VERBOSE: Created temp script file in guest OS C:\Users\deploy\AppData\Local\Temp\myAccount_17704vmware76\myAccount_17704vmware181.ps1
VERBOSE: Created temp output file in guest OS C:\Users\deploy\AppData\Local\Temp\myAccount_17704vmware76\myAccount_17704_outputvmware159
VERBOSE: File transfer location https://hypsrvesx01.lz2.dom:443/guestFile?id=136&token=52467ed1-b7f8-5e76-5a6e-5b47cd44866b136
VERBOSE: hypsrvesx01.lz2.dom
Select-Object: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:220
Line |
220 | … = Resolve-DnsName -Name $ip | Select-Object -ExpandProperty NameHost
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Property "NameHost" cannot be found.
VERBOSE: Copying Data to C:\Users\deploy\AppData\Local\Temp\myAccount_17704vmware76\myAccount_17704vmware181.ps1
Invoke-WebRequest: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:224
Line |
224 | $copyResult = Invoke-WebRequest -Uri $fileInfo -Method Pu …
| ~~~~~~~~~
| Cannot bind parameter 'Uri'. Cannot convert value
| "https://:443/guestFile?id=136&token=52467ed1-b7f8-5e76-5a6e-5b47cd44866b136" to type "System.Uri". Error:
| "Invalid URI: The hostname could not be parsed."
Exception: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:227
Line |
227 | … Throw "ScripText copy failed!`rStatus $($copyResult.Statu …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| ScripText copy failed!Status

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

No problem.

What you could try is to use that URI from a web browser.
Or run an Invoke-WebRequest with that URI.

$sWeb = @{
    Uri    = <insert the URI from the verbose message>
    Method = 'Put'
    Body   = 'Test'
}
Invoke-WebRequest @sweb
$error[0] | Select *

Perhaps that will give a bit more information.

Just remember that the link is only valid for around 10 minutes.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
DraK-KarD
Contributor
Contributor
Jump to solution

So,

from IE, the error messge is : DLG_FLAGS_INVALID_CA

from Powershell, the error message is :

The remote certificate is invalid because of errors in the certificate chain: PartialChain

( And I found that a proxy was lastly configured on the JumpBox where I run scripts, that explain the "127.0.0.1:80" )

So the certificate that my colleagues have installed seems bad. 😞

 

Reply
0 Kudos
DraK-KarD
Contributor
Contributor
Jump to solution

Funny,

now, that I found that a proxy was configured, and I set a bypass for the ESXi, the command Invoke-VMScript works.

But your version still failed.

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

This is as expected, my function doesn't handle a proxy in the current version.

I will put this on the ToDo list 😊


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
DraK-KarD
Contributor
Contributor
Jump to solution

I'll make this thread as solved.

Thank you Luc for your time and help !!!

Reply
0 Kudos