Hi all. I wrote a script to do some work but I am having trouble with authentication. Each time it runs it is running under my accout rather than the one specidied in the script.
I have followed this guide so therefore before the below have exported a copy of the scripts user account password (The PSCredentials file)
$PowerCLIUserAccount = "DOMAIN\User
$PowerCLIUserPassword = Get-Content PSCredentials | ConvertTo-SecureString
$PowerCLICredentials = New-Object System.Management.Automation.PsCredential $PowerCLIUserAccount, $PowerCLIUserPassword
Connect-VIServer -Server VCSERVER
At this point though it is connecting but using my account details rather than the one in the script?
Try changing that last line to
Connect-VIServer -Server VCSERVER -Credential $PowerCLICredentials
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Try changing that last line to
Connect-VIServer -Server VCSERVER -Credential $PowerCLICredentials
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Connect-VIServer : Cannot validate argument on parameter 'Credential'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
Get-VCInfo.ps1:51 char:52
+ Connect-VIServer -Server $vCenterServer -Credential <<<< $PowerCLICredential
+ CategoryInfo : InvalidData: (:) [Connect-VIServer], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer
There was an 's' missing at the end.
That is the variable your script creates in line 3
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Well spotted. You spotted it without having access to the script!
Sadly I am seeing the following now...
Connect-VIServer : 17/07/2013 14:27:45 Connect-VIServer Permission to perform this operation was denied.
At Get-VCInfo.ps1:51 char:17
+ Connect-VIServer <<<< -Server $vCenterServer -Credential $PowerCLICredentials
+ CategoryInfo : NotSpecified: (:) [Connect-VIServer], NoPermission
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_Exception,VMware.VimAutomation.ViCore.Cmdlets
.Commands.ConnectVIServer
For that I'm afraid you will have to contact your vCenter administrator.
It looks as if the account you use is not allowed to connect to the vSphere server.
And, btw there is no magic involved, the error showed the line where the problem was :smileygrin:
+ Connect-VIServer -Server $vCenterServer -Credential <<<< $PowerCLICredential
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Well done Sir. I borrowed someone else's credentials and can see it now works.
Thanks a lot for the help LucD!
Hi all,
I have a similar issue, but I have administrative permission on the VCenter. In fact if i run manually the script, it work. but if i scheduled it from windows task scheduler don't work with the same error of the thread.
the script is:
<# encript password - I use this the first time to encript the password on a file
$credential = Get-Credential
$credential.Password | ConvertFrom-SecureString | Set-Content c:\tmp\enc_password.txt
#>
#Inserisco la username
$UserName = "USERNAME"
#take encripted password
$SecurePassword = gc "c:\tmp\enc_password.txt" | ConvertTo-SecureString
$Credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $UserName, $SecurePassword
#create a connection to the VCenter VmWare
Connect-VIServer -Server VCENTER -Protocol https -Credential $Credentials -Force
$srv = "SERVER01"
#Shutdown the server
#Stop-VM -VM "$srv" -Confirm:$false
Get-VM $srv | Shutdown-VMGuest -Confirm:$false
#Wait the server is down
while ($test -ne $False){
$test = Test-Connection -ComputerName "$srv" -Quiet -Count 1
}
sleep 30
#Execute the snapshot
New-Snapshot -VM $srv -Name WindowsPatching
sleep 30
#start the server
Start-VM -VM "$srv"
The error is:
ConvertTo-SecureString : Key not valid for use in specified state.
At C:\temp\Create_Snapshot.ps1:10 char:47
+ $SecurePassword = gc "c:\tmp\enc_password.txt" | ConvertTo-SecureString
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [ConvertTo-SecureString], CryptographicException
+ FullyQualifiedErrorId : ImportSecureString_InvalidArgument_CryptographicError,Microsoft.PowerShell.Commands.Conv
ertToSecureStringCommand
New-Object : Cannot find an overload for "PSCredential" and the argument count: "2".
At C:\temp\Create_Snapshot.ps1:12 char:16
+ ... edentials = New-Object System.Management.Automation.PSCredential ("$U ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [New-Object], MethodException
+ FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
Connect-VIServer : Cannot validate argument on parameter 'Credential'. The argument is null or empty. Provide an
argument that is not null or empty, and then try the command again.
At C:\temp\Create_Snapshot.ps1:15 char:74
+ ... r VCENTER -Protocol https -Credential $Credentials -Force
+ ~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Connect-VIServer], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIS
erver
I think the error is in the manage the credential task scheduler, it don't work correctly with the powershell. I tried to use the same account to scheduled the task, but don't work.
The Hypervisor is: VMware ESXi, 6.5.0, 20502893
You have any idea?
Thank a lot
Antonio
It looks like the scheduled task is running under another account then the one you use the create the encrypted password.
The DPAPI, which does the encryption/decryption, uses a masterkey which is stored under the user's profile.
You can't decrypt such an encrypted password with another account, and also not on a different station.
You can create a Scheduled Task to run under a specific account.
Use the account you used to encrypt the password, and on the same station.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
1: Create your $Credential and use Export-Clixml to .xml file
$Credential = Get-Credential "domain\jsmith_admin"
$Credential | Export-Clixml -Path C:\Users\jsmith_admin\jsmith_admin.xml
2: Within your script, using the import-clixml to create $creds, then using the following command to connect to vCenter
$creds = import-clixml -Path "-Path C:\Users\jsmith_admin\jsmith_admin.xml"
Connect-VIServer -Server $vcenter -Credential $Creds
I'm afraid that falls under the same restrictions, same user, and same station.
The Export- and Import-CliXml cmdlets also rely on DPAPI.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thank You for the replay. 😊
I tried to use XML and use the same account that runs the task schedule and the same user in the script, but don't work.
🤔
How did you run the script in the Task Scheduler?
Did you use the runas parameter?
Without seeing your definitions/code it is hard to analyse.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
No, I d0n't use Run As.
the command line is:
Program/script:
Powershell
Add Arguments (optional):
-command "C:\temp\CreateSnapshot\Create_Snapshot.ps1 2>&1 > C:\temp\Create_Snapshot_log.txt"
I try to use Run As. 👍
I solved.
The issue was that i used a user A to encript the password but the task run with user B.
The User B is a technical user and his don't have a permission to logged on the PC, i have lanced run as the powershell with user B end encript the password.
Now work
Thank you so much at all
🙂
Good to hear you figure it out finally!