Swarfega
Enthusiast
Enthusiast

Scheduled Task - Connect-VIServer

Jump to solution

Hi all. I wrote a script to do some work but I am having trouble with authentication. Each time it runs it is running under my accout rather than the one specidied in the script.

I have followed this guide so therefore before the below have exported a copy of the scripts user account password (The PSCredentials file)

$PowerCLIUserAccount = "DOMAIN\User

$PowerCLIUserPassword = Get-Content PSCredentials | ConvertTo-SecureString

$PowerCLICredentials = New-Object System.Management.Automation.PsCredential $PowerCLIUserAccount, $PowerCLIUserPassword

Connect-VIServer -Server VCSERVER

At this point though it is connecting but using my account details rather than the one in the script?

1 Solution

Accepted Solutions
LucD
Leadership
Leadership

Try changing that last line to

Connect-VIServer -Server VCSERVER -Credential $PowerCLICredentials


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
15 Replies
LucD
Leadership
Leadership

Try changing that last line to

Connect-VIServer -Server VCSERVER -Credential $PowerCLICredentials


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Swarfega
Enthusiast
Enthusiast

Connect-VIServer : Cannot validate argument on parameter 'Credential'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.

Get-VCInfo.ps1:51 char:52

+ Connect-VIServer -Server $vCenterServer -Credential <<<<  $PowerCLICredential

    + CategoryInfo          : InvalidData: (:) [Connect-VIServer], ParameterBindingValidationException

    + FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer

Smiley Sad

0 Kudos
LucD
Leadership
Leadership

There was an 's' missing at the end.

That is the variable your script creates in line 3


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Swarfega
Enthusiast
Enthusiast

Well spotted. You spotted it without having access to the script!

Sadly I am seeing the following now...

Connect-VIServer : 17/07/2013 14:27:45    Connect-VIServer        Permission to perform this operation was denied.

At Get-VCInfo.ps1:51 char:17

+ Connect-VIServer <<<<  -Server $vCenterServer -Credential $PowerCLICredentials

    + CategoryInfo          : NotSpecified: (:) [Connect-VIServer], NoPermission

    + FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_Exception,VMware.VimAutomation.ViCore.Cmdlets

   .Commands.ConnectVIServer

0 Kudos
LucD
Leadership
Leadership

For that I'm afraid you will have to contact your vCenter administrator.

It looks as if the account you use is not allowed to connect to the vSphere server.

And, btw there is no magic involved, the error showed the line where the problem was :smileygrin:

+ Connect-VIServer -Server $vCenterServer -Credential <<<<  $PowerCLICredential


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Swarfega
Enthusiast
Enthusiast

Well done Sir. I borrowed someone else's credentials and can see it now works.

Thanks a lot for the help LucD!

0 Kudos
Antonio_Ma
Contributor
Contributor

Hi all,

I have a similar issue, but I have administrative permission on the VCenter. In fact if i run manually the script, it work. but if i scheduled it from windows task scheduler don't work with the same error of the thread.

the script is:

<# encript password - I use this the first time to encript the password on a file
$credential = Get-Credential
$credential.Password | ConvertFrom-SecureString | Set-Content c:\tmp\enc_password.txt
#>

#Inserisco la username
$UserName = "USERNAME"

#take encripted password
$SecurePassword = gc "c:\tmp\enc_password.txt" | ConvertTo-SecureString
$Credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $UserName, $SecurePassword

#create a connection to the VCenter VmWare
Connect-VIServer -Server VCENTER -Protocol https -Credential $Credentials -Force

$srv = "SERVER01"

#Shutdown the server
#Stop-VM -VM "$srv" -Confirm:$false
Get-VM $srv | Shutdown-VMGuest -Confirm:$false


#Wait the server is down
while ($test -ne $False){
$test = Test-Connection -ComputerName "$srv" -Quiet -Count 1

}

sleep 30

#Execute the snapshot
New-Snapshot -VM $srv -Name WindowsPatching

sleep 30

#start the server
Start-VM -VM "$srv"

The error is:

ConvertTo-SecureString : Key not valid for use in specified state.

At C:\temp\Create_Snapshot.ps1:10 char:47
+ $SecurePassword = gc "c:\tmp\enc_password.txt" | ConvertTo-SecureString
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [ConvertTo-SecureString], CryptographicException
+ FullyQualifiedErrorId : ImportSecureString_InvalidArgument_CryptographicError,Microsoft.PowerShell.Commands.Conv
ertToSecureStringCommand

New-Object : Cannot find an overload for "PSCredential" and the argument count: "2".
At C:\temp\Create_Snapshot.ps1:12 char:16
+ ... edentials = New-Object System.Management.Automation.PSCredential ("$U ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [New-Object], MethodException
+ FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

Connect-VIServer : Cannot validate argument on parameter 'Credential'. The argument is null or empty. Provide an
argument that is not null or empty, and then try the command again.
At C:\temp\Create_Snapshot.ps1:15 char:74
+ ... r VCENTER -Protocol https -Credential $Credentials -Force
+ ~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Connect-VIServer], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIS
erver

 

I think the error is in the manage the credential task scheduler, it don't work correctly with the powershell. I tried to use the same account to scheduled the task, but don't work. 

The Hypervisor is: VMware ESXi, 6.5.0, 20502893

You have any idea? 
Thank a lot

Antonio 

0 Kudos
LucD
Leadership
Leadership

It looks like the scheduled task is running under another account then the one you use the create the encrypted password.
The DPAPI, which does the encryption/decryption, uses a masterkey which is stored under the user's profile.
You can't decrypt such an encrypted password with another account, and also not on a different station.

You can create a Scheduled Task to run under a specific account.
Use the account you used to encrypt the password, and on the same station.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
wetnose88
Contributor
Contributor

1: Create your $Credential and use Export-Clixml  to .xml file

 

$Credential = Get-Credential "domain\jsmith_admin"
$Credential | Export-Clixml -Path C:\Users\jsmith_admin\jsmith_admin.xml

2: Within your script, using the import-clixml to create $creds, then using the following command to connect to vCenter

 

$creds = import-clixml -Path "-Path C:\Users\jsmith_admin\jsmith_admin.xml"
Connect-VIServer -Server $vcenter -Credential $Creds

 

0 Kudos
LucD
Leadership
Leadership

I'm afraid that falls under the same restrictions, same user, and same station.
The Export- and Import-CliXml cmdlets also rely on DPAPI.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Antonio_Ma
Contributor
Contributor

Thank You for the replay. 😊
I tried to use XML and use the same account that runs the task schedule and the same user in the script, but don't work.

🤔

0 Kudos
LucD
Leadership
Leadership

How did you run the script in the Task Scheduler?
Did you use the runas parameter?
Without seeing your definitions/code it is hard to analyse.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Antonio_Ma
Contributor
Contributor

No, I d0n't use Run As.

the command line is:

Program/script:

Powershell

Add Arguments (optional): 

-command "C:\temp\CreateSnapshot\Create_Snapshot.ps1 2>&1 > C:\temp\Create_Snapshot_log.txt"

I  try to use Run As. 👍

0 Kudos
Antonio_Ma
Contributor
Contributor

I solved.

The issue was that i used a user A to encript the password but the task run with user B.
The User B is a technical user and his don't have a permission to logged on the PC, i have lanced run as the powershell with user B end encript the password.

Now work

Thank you so much at all

🙂

0 Kudos
wetnose88
Contributor
Contributor

Good to hear you figure it out finally!

0 Kudos