VMware Cloud Community
VJ_VMware_111
Enthusiast
Enthusiast
‎03-14-2017 11:55 AM
Jump to solution

VMware Powercli Get-Credentials / Secure String /Connect vi server related issue

Hello VMware Powercli Experts,

I have a requirement to make sure the password for connect-viserver is secured via '-AsSecureString' or 'Get-Credential'. I have listed the below 3 cases. Please let me know how to resolve this issue.

Case 1 is using unsecured password and it works perfectly on all of our vCenters, except for the fact that it is unsecure.

Case 2 is using '-AsSecureString', and it fails with all of 10 our vCenters.

Case 3 is using 'Get-Credential' and it fails on 2 of our vCenters while it succeeds on rest of the 8 vCenters.

Case 1:

$Username = Read-Host -Prompt "Please enter your Username:"

$Password = Read-Host -Prompt "Please enter your Password:"

$vcenter = "vcenter1"

Connect-VIServer $vcenter -User $Username -Password $Password

Disconnect-VIServer $vcenter -Confirm:$false

Output:

Name                           Port  User                         

----                           ----  ----                         

phx-esxvc-001                  443   corp\vj-a    

Case 2:

$Username = Read-Host -Prompt "Please enter your Username:"

$Password = Read-Host -Prompt "Please enter your Password:" –AsSecureString

$vcenter = "vcenter1"

Connect-VIServer $vcenter -User $Username -Password $Password

Disconnect-VIServer $vcenter -Confirm:$false

Output:

Connect-VIServer : 3/14/2017 11:28:20 AM    Connect-VIServer        Cannot complete login due to an incorrect user name or password.   

At C:\Users\vj\Desktop\Desktop 1\My Scripts\Test\test2.ps1:4 char:1

+ Connect-VIServer $vcenter -User $Username -Password $Password

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [Connect-VIServer], InvalidLogin

    + FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_Exception,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer

Disconnect-VIServer : 3/14/2017 11:28:20 AM    Disconnect-VIServer        Could not find VIServer with name 'vcenter1'.   

At C:\Users\vj\Desktop\Desktop 1\My Scripts\Test\test2.ps1:5 char:1

+ Disconnect-VIServer $vcenter -Confirm:$false

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : ObjectNotFound: (vcenter1:String) [Disconnect-VIServer], VimException

    + FullyQualifiedErrorId : Core_ObnSelector_SelectObjectByNameCore_ObjectNotFound,VMware.VimAutomation.ViCore.Cmdlets.Commands.DisconnectVIServer

Disconnect-VIServer : 3/14/2017 11:28:20 AM    Disconnect-VIServer        Could not find any of the servers specified by name.   

At C:\Users\vj\Desktop\Desktop 1\My Scripts\Test\test2.ps1:5 char:1

+ Disconnect-VIServer $vcenter -Confirm:$false

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : ObjectNotFound: (VMware.VimAutom...Server[] Server:RuntimePropertyInfo) [Disconnect-VIServer], ServerObnFailureException

    + FullyQualifiedErrorId : Core_ObnSelector_SetNewParameterValue_ServerSpecifiedButNotFound,VMware.VimAutomation.ViCore.Cmdlets.Commands.DisconnectVIServer

Case 3:

$credential = Get-Credential

$Username = $credential.GetNetworkCredential().username

$Password = $credential.GetNetworkCredential().password

$vcenter = "vcenter1"

Connect-VIServer $vcenter -User $Username -Password $Password

Disconnect-VIServer $vcenter -Confirm:$false

Output:

Connect-VIServer : 3/14/2017 11:43:53 AM    Connect-VIServer        Cannot complete login due to an incorrect user name or password.   

At C:\Users\vj\Desktop\Desktop 1\My Scripts\Test\test3.ps1:5 char:1

+ Connect-VIServer $vcenter -User $Username -Password $Password

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [Connect-VIServer], InvalidLogin

    + FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_Exception,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer

Disconnect-VIServer : 3/14/2017 11:43:53 AM    Disconnect-VIServer        Could not find VIServer with name 'vcenter1'.   

At C:\Users\vj\Desktop\Desktop 1\My Scripts\Test\test3.ps1:6 char:1

+ Disconnect-VIServer $vcenter -Confirm:$false

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : ObjectNotFound: (vcenter1:String) [Disconnect-VIServer], VimException

    + FullyQualifiedErrorId : Core_ObnSelector_SelectObjectByNameCore_ObjectNotFound,VMware.VimAutomation.ViCore.Cmdlets.Commands.DisconnectVIServer

Disconnect-VIServer : 3/14/2017 11:43:53 AM    Disconnect-VIServer        Could not find any of the servers specified by name.   

At C:\Users\vj\Desktop\Desktop 1\My Scripts\Test\test3.ps1:6 char:1

+ Disconnect-VIServer $vcenter -Confirm:$false

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : ObjectNotFound: (VMware.VimAutom...Server[] Server:RuntimePropertyInfo) [Disconnect-VIServer], ServerObnFailureException

    + FullyQualifiedErrorId : Core_ObnSelector_SetNewParameterValue_ServerSpecifiedButNotFound,VMware.VimAutomation.ViCore.Cmdlets.Commands.DisconnectVIServer

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎03-14-2017 12:08 PM
Jump to solution

Case 2 is normal, the Password needs to be passed as a String, not a SecureString
Convert it to a regular string

Connect-VIServer $vcenter -User $Username -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)))

Case 3 should work, try adding the Verbose switch.

But why convert the credential use the Credential parameter.

$credential = Get-Credential

$vcenter = "vcenter1"

Connect-VIServer $vcenter -Credential $credential


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
2 Replies
LucD
Leadership
Leadership
‎03-14-2017 12:08 PM
Jump to solution

Case 2 is normal, the Password needs to be passed as a String, not a SecureString
Convert it to a regular string

Connect-VIServer $vcenter -User $Username -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)))

Case 3 should work, try adding the Verbose switch.

But why convert the credential use the Credential parameter.

$credential = Get-Credential

$vcenter = "vcenter1"

Connect-VIServer $vcenter -Credential $credential


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
VJ_VMware_111
Enthusiast
Enthusiast
‎03-14-2017 12:57 PM
Jump to solution

Thanks a lot LucD.

Cool, now Case 3 is working fine on all 10 vCenters. I am still wondering why my previous case 3 script did not work on couple of vCenters only, while it worked spotless on 8 others. 

My apologies with case 2, since i did not want to use 'ConvertFrom-SecureString' and store it in a variable, since some forums say its less secure way. Your approach should be fine on case 2 as well w.r.t to security.

Reply
0 Kudos