steveschofield
Enthusiast
Enthusiast

Set-VM The vCenter Server is unable to decrypt passwords stored in the customization specification error

Jump to solution

Getting this error running the PowerCLI code below

Environment

5.5 b

Using PowerCLI 5.5

Not using a custom certificate

1) Tried using clear text passwords in the script (not my preferred choice)

2) Tried retyping password in customization spec (join the domain and local administrator options)

3) Tried using Get-Credential as stored creds

4) I don't know how to put password in the XML as clear text (not my preferred choice) - Looking at this now.

#Load PowerCLI snap-in

function LoadSnapin{
  param($PSSnapinName)
  if (!(Get-PSSnapin | where {$_.Name   -eq $PSSnapinName})){
    Add-pssnapin -name $PSSnapinName
  }
}
LoadSnapin -PSSnapinName   "VMware.VimAutomation.Core"


#Create VM
$ParentVMName = "Parent2012r2VM"
$vCenterHostName = "vCenter"
$vCenterUserName="Domain\User"
$vCenterUserPassword="Password"
Connect-VIServer -Server "vCenter" -User $vCenterUserName -Password $vCenterUserPassword

#$cred = Get-Credential
#connect-viserver -Server "vCenter" -Credential

$cloneName = "Server1"
$sourceVM = Get-VM $ParentVMName | Get-View
$cloneFolder = $sourceVM.parent
$cloneSpec = new-object Vmware.Vim.VirtualMachineCloneSpec
$cloneSpec.Snapshot = $sourceVM.Snapshot.CurrentSnapshot
$cloneSpec.Location = new-object Vmware.Vim.VirtualMachineRelocateSpec
$cloneSpec.Location.DiskMoveType = [Vmware.Vim.VirtualMachineRelocateDiskMoveOptions]::createNewChildDiskBacking
$sourceVM.CloneVM_Task( $cloneFolder, $cloneName, $cloneSpec )


#Update temporary spec
[string]$Domain = "Domain"
[string]$DomainUserName = "user@domain"
[string]$DomainPassword = "password"
$Spec = Get-OSCustomizationSpec 'CustomSpec1' | New-OSCustomizationSpec -Name 'tmp01' -Type NonPersistent | Set-OSCustomizationSpec -Domain $Domain -DomainUsername $DomainUsername  -DomainPassword $DomainPassword
$Spec = Get-OSCustomizationNicMapping -Spec $Spec | Set-OSCustomizationNicMapping -IPmode UseStaticIP -IPAddress 'x.x.x.x' -SubnetMask x.x.x.x -DefaultGateway x.x.x.x -DNS 'x.x.x.x', 'x.x.x.x'
$Spec = Get-OSCustomizationSpec 'tmp01'


#Apply temporary spec
$VM = Get-VM "Server1"
Get-VM $VM | Get-NetworkAdapter | Set-NetworkAdapter -PortGroup 'PortGroup1' -confirm:$false | out-null
#Errors on this line
Get-VM $VM | Set-VM -OSCustomizationSpec $Spec -Confirm:$false | start-vm

Disconnect-VIServer -Server "vCenter" -Confirm:$false | out-null

1 Solution

Accepted Solutions
steveschofield
Enthusiast
Enthusiast

I gave up trying to clone an existing config spec and just dynamically created one in memory, then applied.  That was MUCH easier and didn't get the password issues. 

View solution in original post

0 Kudos
5 Replies
LucD
Leadership
Leadership

I assume the error you get is in the title of this thread ?

Did you create the password in the customizationspec with the same account as the one under which you are running the script ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
steveschofield
Enthusiast
Enthusiast

Yes.  I went as far as to clear the passwords from the customization and tried to inject into the tmp01 spec in the scripot, still get the error.  I'm confused Smiley Happy  And after clearing the passwords, I exported and didn't see any values with Password in the xml file.  All my passwords are hard coded in clear text (not my preferred choice) in the script.  Any advice?

0 Kudos
steveschofield
Enthusiast
Enthusiast

I gave up trying to clone an existing config spec and just dynamically created one in memory, then applied.  That was MUCH easier and didn't get the password issues. 

0 Kudos

I am getting same error.  Did not get before 5.5 and now I am.  I may do the workaround of just creating new os custommization, but it would be nice to figure out why cloning an existing one isn't working 😕

http://www.twitter.com/markdjones82 | http://nutzandbolts.wordpress.com
rogersm
Contributor
Contributor

I began to have this issue when I installed 5.5.  I found it to be because I specified both -Domain and -DomainCredentials.  Remove the -Domain and ensure -DomainCredentials contains the domain information (Domain\User when creating the credentials). 

0 Kudos