When I run the script:
$ESXHOST = Read-Host "Enter ESX Host Name or IP"
Connect-VIServer $ESXHOST
$domain = "MyDomain"
Write-Host "Join to domain $domain"
$cred = Get-Credential # Prompt for the user and password
#Write-Host "Credentials: $cred"
$host | Get-VMHostAuthentication | Set-VMHostAuthentication -Domain $domain -Credential $cred
exit
I get this error:
PowerCLI E:\PowerCLI 5.0\Scripts> .\Join.ps1
Enter ESX Host Name or IP: esx22
Name Port User
---- ---- ----
esx122 443 root
Join to domain SCS.local
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
cmdlet Set-VMHostAuthentication at command pipeline position 2
Supply values for the following parameters:
JoinDomain: scs.local
Set-VMHostAuthentication : Cannot convert 'System.String' to the type 'System.Management.Automation.SwitchParameter' required by
parameter 'JoinDomain'.
At E:\PowerCLI 5.0\Scripts\RSA\RSA_Join.ps1:10 char:60
+ $host | Get-VMHostAuthentication | Set-VMHostAuthentication <<<< -Domain scs.local -Credential $cred
+ CategoryInfo : InvalidArgument: (:) [Set-VMHostAuthentication], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgument,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.SetVMHostAuthentication
Even though I have specified the domain "MyDomain" I get prompted "Join to domain:", and even though I get the error which probably is about the Set-VMHostAuthentication.
Shouldn't it be straight forward ?
Looks like your missing the -Joindomain parameter, try this instead of your line:
$host | Get-VMHostAuthentication | Set-VMHostAuthentication -JoinDomain -Domain $domain -Credential $cred
Alan's line will work, but the reason you are getting the error is because the JoinDomain parameter is a switch, meaning you can give it a Boolean value of $true or $false.
You gave it the name of the domain, which is a string, hence the error message.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
The JoinDomain doesn't fixed the issue:
Get-VMHostAuthentication : The input object cannot be bound to any parameters for the command either because the command does not
take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.
At E:\PowerCLI 5.0\Scripts\RSA\RSA_Join.ps1:10 char:33
+ $host | Get-VMHostAuthentication <<<< | Set-VMHostAuthentication -JoinDomain -Domain $domain -Credential $cred
+ CategoryInfo : InvalidArgument: (System.Manageme...st.InternalHost:InternalHost) [Get-VMHostAuthentication], Para
meterBindingException
+ FullyQualifiedErrorId : InputObjectNotBound,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.GetVMHostAuthentication
And if I even run the Get-VMHostAuthentication I get an error:
PowerCLI E:\PowerCLI 5.0\Scripts\RSA> connect-viserver esx22
Name Port User
---- ---- ----
esx22 443 root
PowerCLI E:\PowerCLI 5.0\Scripts\RSA> $host | Get-VMHostAuthentication
Get-VMHostAuthentication : The input object cannot be bound to any parameters for the command either because the command does not
take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.
At line:1 char:33
+ $host | Get-VMHostAuthentication <<<<
+ CategoryInfo : InvalidArgument: (System.Manageme...st.InternalHost:InternalHost) [Get-VMHostAuthentication], Para
meterBindingException
+ FullyQualifiedErrorId : InputObjectNotBound,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.GetVMHostAuthentication
What ESX(i) version are you running this against ?
Does
Get-VMHost MyEsx | Get-VMHostAuthentication
return anything ?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Yes this run ok:
PowerCLI E:\PowerCLI 5.0\Scripts\RSA> Get-VMHost cscesxcop22 | Get-VMHostAuthentication
Uid Domain DomainMembershipStatus
--- ------ ----------------------
/VIServer=root@cscesxcop22:443/HostA...
I have changed the script from "$host | Get-VMHostAuthentication ....." to "Get-VMHost $ESXHOST | Get-VMHostAuthentication" and now the script begin running and progress until about 50%. But every time I get incorrect user name or password, even though the user and password are correct.
PowerCLI E:\PowerCLI 5.0\Scripts\RSA> .\RSA_Join.ps1
Enter ESX Host Name or IP: cscesxcop22
Name Port User
---- ---- ----
cscesxcop22 443 root
Join to domain SCS.local
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
Perform operation?
Joining VMHost 'cscesxcop22' to Windows Domain 'scs.local'.
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
Set-VMHostAuthentication : 23-04-2012 13:53:57 Set-VMHostAuthentication The operation for the entity HostSystem-ha-host
failed with the following message: "Cannot complete login due to an incorrect user name or password."
At E:\PowerCLI 5.0\Scripts\RSA\RSA_Join.ps1:11 char:74
+ Get-VMHost $ESXHOST | Get-VMHostAuthentication | Set-VMHostAuthentication <<<< -JoinDomain -Domain "scs.local" -Credential $cr
ed
+ CategoryInfo : NotSpecified: (:) [Set-VMHostAuthentication], InvalidLogin
+ FullyQualifiedErrorId : Client20_TaskServiceImpl_CheckServerSideTaskUpdates_OperationFailed,VMware.VimAutomation.ViCore.Cm
dlets.Commands.Host.SetVMHostAuthentication
ESXi 5.0 U1
The variable $host should not be used, it is reserved by PowerShell.
It looks as if the account you passed can not connect to the domain to do the join.
Anything in the security eventlog on the DC(s) ?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Luc,
I have the same issue and it's not a matter of credentials.
The following command prompts for credentials and when I type them, the host joins to the domain.
$vmh | Get-VMHostAuthentication | Set-VMHostAuthentication -Domain MyDomain.com -JoinDomain
This is how I prompt for credentials and this results in the error message
$ADcredentials = $host.ui.PromptForCredential("AD domain credentials", "Please enter AD credentials to join ESXi host to MyDomain.com:", "UserID", "")
$vmh | Get-VMHostAuthentication | Set-VMHostAuthentication -Domain MyDomain.com -JoinDomain -Credential $ADcredentials -confirm:$false
Set-VMHostAuthentication : 5/16/2012 3:22:34 PM Set-VMHostAuthentication The operation for the entity HostSys
tem-ha-host failed with the following message: "Cannot complete login due to an incorrect user name or password."
At U:\Develop\vmware\v5\Post-Config.ps1:32 char:59
+ $vmh | Get-VMHostAuthentication | Set-VMHostAuthentication <<<< -Domain mydomain.com -JoinDomain -Credentia
l $AD_creds -confirm:$false
+ CategoryInfo : NotSpecified: (:) [Set-VMHostAuthentication], InvalidLogin
+ FullyQualifiedErrorId : Client20_TaskServiceImpl_CheckServerSideTaskUpdates_OperationFailed,VMware.VimAutomation
.ViCore.Cmdlets.Commands.Host.SetVMHostAuthentication
Is this not the right way to prompt for credentials:
$ADcredentials = $host.ui.PromptForCredential("AD domain credentials", "Please enter AD credentials to join ESXi host to MyDomain.com:", "UserID", "")
On a separate note, is there a way to force account to be created in a specific OU? I tried to pre-create account in that OU, but a duplicate account still gets created in the default Computers container. Is it supported to move ESXi computer accounts to another OU?
I didn't find a relavant value in Advanced - Config.HostAgent
Did you try it like this ?
Get-VMHost MyEsx | Get-VMHostAuthentication | Set-VMHostAuthentication -JoinDomain "test.local/MyOU/AnotherOU/esxi" -Username user -Password "password"
Note that you have to use "user" instead of "domain\user"
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
How do you specify to ask for credentials instead of having the hard coded in the script ?
You can use the Get-Credential cmdlet. Somethin like this
$cred = Get-Credential
Get-VMHost MyEsx | Get-VMHostAuthentication | Set-VMHostAuthentication -JoinDomain "test.local/MyOU/AnotherOU/esxi" -Credential $cred
If you want to produce a more meaningfull prompt for the credentials, have a look at Script to join ESXi 5 hosts to Active Directory for Directory Services Authentication.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I still get the "Cannot complete login due to an incorrect user name or password."
Test script for Join Domain |
---|
$cred = Get-Credential # Prompt for the user and password Write-Host -foregroundcolor green "Credentials: $cred" Get-VMHost $ESXHOST | Get-VMHostAuthentication | Set-VMHostAuthentication -JoinDomain "MyDomain/ESX Hosts/Test" -Credential $cred |
Output |
---|
cmdlet Get-Credential at command pipeline position 1 Supply values for the following parameters: Credential Credentials: System.Management.Automation.PSCredential Perform operation? Joining VMHost 'cscesxcop230' to Windows Domain 'scs.local/SCS Shared/ESX Hosts/SCS Test'. [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Set-VMHostAuthentication : 26-06-2012 12:12:19 Set-VMHostAuthentication The operation for the entity HostSystem-ha-host failed with the following message: "Cannot complete login due to an incorrect user name or password." At E:\PowerCLI 5.0\Scripts\RSA\RSA_Join.ps1:10 char:74 + Get-VMHost $ESXHOST | Get-VMHostAuthentication | Set-VMHostAuthentication <<<< -JoinDomain "MyDomain/ESX Hosts/Test" -Credential $cred + CategoryInfo : NotSpecified: (:) [Set-VMHostAuthentication], InvalidLogin + FullyQualifiedErrorId : Client20_TaskServiceImpl_CheckServerSideTaskUpdates_OperationFailed,VMware.VimAutomation.ViCore.Cm dlets.Commands.Host.SetVMHostAuthentication |
When I Write-Host the $cred is contain System.Management.Automation.PSCredential
Is this because is isn't printable or is this the reason why I get "incorrect user name or password" ?
You get the typename of the object that is produced by Get-Credential.
That is normal, since there are no formatting rules for this kind of object.
Did you provide the user as ''domain\user' or as 'user' ?
Do you have the possibility to check the Security eventlog on the DCs ?
There must be a Failure Audit entry in there for the join.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hello.
Did you sort this one out? I am having the same problems with authentication.
Regards, Tom
Hello,
when you are providing credentials after (Get-credential) is ran. Can you try to provide the credentials like this ?
and see if maybe that helped ?
Regards,
Greg
I tried with the syntax "user@domain.extension" but then it complained that it did not know the domain. I have also tried domain\user to make sure, but does also not work.
Hi All,
I've found the solution, the problem is the output of $cred.user name is "\test" the \ in there is what is causing the issue. removing that and seperating username and password will do the trick
the code you need will be: e.g
$domainpath="mydomian.local"
$hostname= "testhost.$domainpath"
$creds = $host.ui.PromptForCredential("Need vCenter credentials", "Please enter your A-account credentials vCenter. DO NOT include domain\", "", "")
$vmhost=get-vmhost -name $hostname
$vmhost | Get-VMHostAuthentication | Set-VMHostAuthentication -JoinDomain $domainpath -User $creds.username.Substring(1) -Password $creds.password -Confirm:$false
Regards,
Hooman Hosseini
Edited to add -Confirm:$false as if you have a large number of hosts the confirmation can become time consuming
apologies as I don's speak the language you typed
That was an out of office reply in Norwegian, that I removed.