Hello everyone,
I wish to use the PowerCLI commmands Copy-VMGuestFile and Invoke-VMScript and therefore, I have opened for TCP connections from my dev computer to the relevant ESXi hosts on port 902.
I seem to be able to perform Invoke-VMScript, but i get an error saying DownloadFileFromGuest_DownloadError. The script executes on the VM though.
Copy-VMGuestFile does not work and gives the following error: UploadFileToGuest_UploadError.
Am i missing something obvious? Do i need to open for TCP connections from the ESXi host also?
Any help is greatly appreciated!
The with the ESXi node on which the targetted VM runs is done via port 902.
The file transfers, script and output, are done via HTTPS (port 443).
The URI that the ESXi node passes for the file transfers contains the IP address of the ESXi node.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Moderator: Moved to the PowerCLI Discussions area - the {code} area where you posted it is for API/SDK matters.
This might be an issue with the certificate on the ESXi node.
The file transfer to/from the ESXi node from/to your station is done through a URI that contains the IP address of the ESXi node.
If the IP address is not added as a SAN on the certificate, the transfer fails (HTTPS).
Did you set the PowerCLI configuration to ignore invalid certificates?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi, and thanks for the reply. Yes I have tried a fair share of ignoring security concerns. Currently i run the following code in my script before connecting to the vCenter.
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore
However this has not solved my problem.
I get the following error messages for the two commands
Invoke-VMScript : 10-12-2020 08:27:58 Invoke-VMScript An error occurred while sending the request.
At C:\Users\admin_oon\Desktop\PStest\vmware test script.ps1:42 char:1
+ Invoke-VMScript -VM $vm -ScriptText {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Invoke-VMScript], ViError
+ FullyQualifiedErrorId : Client20_VmGuestServiceImpl_DownloadFileFromGuest_DownloadError,VMware.VimAutomation.ViCore.Cmdlets.Commands.InvokeVmScript
Copy-VMGuestFile : 10-12-2020 08:27:59 Copy-VMGuestFile An error occurred while sending the request.
At C:\Users\admin_oon\Desktop\PStest\vmware test script.ps1:47 char:1
+ Copy-VMGuestFile -LocalToGuest -VM $vm -GuestCredential $remoteCred - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Copy-VMGuestFile], ViError
+ FullyQualifiedErrorId : Client20_VmGuestServiceImpl_UploadFileToGuest_UploadError,VMware.VimAutomation.ViCore.Cmdlets.Commands.CopyVMGuestFile
I feel like I have tried most things I have been finding on this forum, a lot of which seems to have worked for other people.
Have you tried using my Invoke-VMScriptPlus function with the Verbose switch?
That might provide more details of what goes wrong in your case.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hello and thank you for the quick reply.
I have now tried to use the Invoke-VMScriptPlus posted here: https://www.lucd.info/2019/11/17/invoke-vmscriptplus-v3/
My code looks like this:
$sInvoke = @{
VM = $vm
GuestCredential = $remoteCred
ScriptText = 'New-Item -Path "C:\Users\Administrator\Desktop" -Name "testfile1.txt" -ItemType "file"'
ScriptType = 'powershellv6'
}
Invoke-VMScriptPlus @sInvoke -Verbose
I get the following output
VERBOSE: 10-12-2020 08:57:27 Get-View Finished execution
VERBOSE: 10-12-2020 08:57:27 Get-View Finished execution
VERBOSE: 10-12-2020 08:57:27 Get-View Finished execution
VERBOSE: 10-12-2020 08:57:27 Get-View Finished execution
VERBOSE: No GuestOSType value provided. Trying to determine now.
VERBOSE: It's a Windows guest OS
VERBOSE: Created temp folder in guest OS C:\Users\ADMINI~1\AppData\Local\Temp\admin_oon_15100vmware4
VERBOSE: Created temp script file in guest OS C:\Users\ADMINI~1\AppData\Local\Temp\admin_oon_15100vmware4\admin_oon_15100vmware99.ps1
VERBOSE: Created temp output file in guest OS C:\Users\ADMINI~1\AppData\Local\Temp\admin_oon_15100vmware4\admin_oon_15100_outputvmware17
VERBOSE: Copying Data to C:\Users\ADMINI~1\AppData\Local\Temp\admin_oon_15100vmware4\admin_oon_15100vmware99.ps1
Invoke-WebRequest : Unable to connect to the remote server
At C:\Users\admin_oon\Desktop\PStest\Invoke-VMScriptPlus.ps1:255 char:15
+ $copyResult = Invoke-WebRequest @sweb
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : System.Net.WebException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
ScripText copy failed!Status
At C:\Users\admin_oon\Desktop\PStest\Invoke-VMScriptPlus.ps1:258 char:1
+ Throw "ScripText copy failed!`rStatus $($copyResult.StatusCode)`r$(($ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (ScripText copy failed!Status :String) [], RuntimeException
+ FullyQualifiedErrorId : ScripText copy failed!Status
This does not manage to execute the code on the VM, opposed to the normal Invoke-VMScript which actually manages to create the test file.
Does the Invoke-VMScriptPlus require access to the ESXi host on another port than 902?
Kind regards,
Oliver
No, the function uses the same port.
You could try to see if any of the switches NoIPinCert or SkipCertificateCheck make a difference
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
The NoIPinCert switch changed the error message to the following
VERBOSE: 10-12-2020 09:25:34 Get-View Finished execution
VERBOSE: 10-12-2020 09:25:34 Get-View Finished execution
VERBOSE: 10-12-2020 09:25:34 Get-View Finished execution
VERBOSE: 10-12-2020 09:25:34 Get-View Finished execution
VERBOSE: No GuestOSType value provided. Trying to determine now.
VERBOSE: It's a Windows guest OS
VERBOSE: Created temp folder in guest OS C:\Users\ADMINI~1\AppData\Local\Temp\admin_oon_15100vmware220
VERBOSE: Created temp script file in guest OS C:\Users\ADMINI~1\AppData\Local\Temp\admin_oon_15100vmware220\admin_oon_15100vmware131.ps1
VERBOSE: Created temp output file in guest OS C:\Users\ADMINI~1\AppData\Local\Temp\admin_oon_15100vmware220\admin_oon_15100_outputvmware151
Resolve-DnsName : 170.83.0.10.in-addr.arpa : DNS name does not exist
At C:\Users\admin_oon\Desktop\PStest\Invoke-VMScriptPlus.ps1:238 char:13
+ $hostName = Resolve-DnsName -Name $ip | Select-Object -ExpandProperty ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (170.83.0.10.in-addr.arpa:String) [Resolve-DnsName], Win32Exception
+ FullyQualifiedErrorId : DNS_ERROR_RCODE_NAME_ERROR,Microsoft.DnsClient.Commands.ResolveDnsName
VERBOSE: Copying Data to C:\Users\ADMINI~1\AppData\Local\Temp\admin_oon_15100vmware220\admin_oon_15100vmware131.ps1
Invoke-WebRequest : Cannot bind parameter 'Uri'. Cannot convert value "https://:443/guestFile?id=56&token=52e1ce1a-e8df-e5ad-9329-e8473d5cfd6356" to type "System.Uri". E
rror: "Invalid URI: The hostname could not be parsed."
At C:\Users\admin_oon\Desktop\PStest\Invoke-VMScriptPlus.ps1:255 char:33
+ $copyResult = Invoke-WebRequest @sweb
+ ~~~~~
+ CategoryInfo : InvalidArgument: (:) [Invoke-WebRequest], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
ScripText copy failed!Status
At C:\Users\admin_oon\Desktop\PStest\Invoke-VMScriptPlus.ps1:258 char:1
+ Throw "ScripText copy failed!`rStatus $($copyResult.StatusCode)`r$(($ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (ScripText copy failed!Status :String) [], RuntimeException
+ FullyQualifiedErrorId : ScripText copy failed!Status
The NoIPinCert changed the output, but my comments are constantly removed from this thread..
I have pasted the script output here instead. https://justpaste.it/9qif0
I am still not quite sure how to resolve the problem.
The URI that the API returns to transfer the file is using an IP address.
If a certificate doesn't have the IP address as a SAN, the transfer will failt.
The NoIPinCERT switch forces the function to replace the IP address into a FQDN.
But apparently your DNS setup does not resolve that IP address, hence the URI without a hostname.
I don't know if that is at the base of your issue.
You could check the certificate on the ESXi node where the VM is running, to check if it contains the IP address as a SAN.
Not sure why your comments are removed from your posts.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I am still slightly unsure of the data 'flow' of these invoke-vmscript commands. Could it be that there is no connection from the vm to the esxi host or that the DNS of the VM fails to resolve the esxi host hostname?
The with the ESXi node on which the targetted VM runs is done via port 902.
The file transfers, script and output, are done via HTTPS (port 443).
The URI that the ESXi node passes for the file transfers contains the IP address of the ESXi node.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
That solved my problem!
Thanks a lot, LucD.
You were right that Invoke-VMscript required access to the ESXi host on port 902 and port 443.
After opening port 443 also it worked without issues.
Kind regards,
Oliver N.