Hello VMware Powercli Experts,
I have a requirement to make sure the password for connect-viserver is secured via '-AsSecureString' or 'Get-Credential'. I have listed the below 3 cases. Please let me know how to resolve this issue.
Case 1 is using unsecured password and it works perfectly on all of our vCenters, except for the fact that it is unsecure.
Case 2 is using '-AsSecureString', and it fails with all of 10 our vCenters.
Case 3 is using 'Get-Credential' and it fails on 2 of our vCenters while it succeeds on rest of the 8 vCenters.
Case 1:
$Username = Read-Host -Prompt "Please enter your Username:"
$Password = Read-Host -Prompt "Please enter your Password:"
$vcenter = "vcenter1"
Connect-VIServer $vcenter -User $Username -Password $Password
Disconnect-VIServer $vcenter -Confirm:$false
Output:
Name Port User
---- ---- ----
phx-esxvc-001 443 corp\vj-a
Case 2:
$Username = Read-Host -Prompt "Please enter your Username:"
$Password = Read-Host -Prompt "Please enter your Password:" –AsSecureString
$vcenter = "vcenter1"
Connect-VIServer $vcenter -User $Username -Password $Password
Disconnect-VIServer $vcenter -Confirm:$false
Output:
Connect-VIServer : 3/14/2017 11:28:20 AM Connect-VIServer Cannot complete login due to an incorrect user name or password.
At C:\Users\vj\Desktop\Desktop 1\My Scripts\Test\test2.ps1:4 char:1
+ Connect-VIServer $vcenter -User $Username -Password $Password
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-VIServer], InvalidLogin
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_Exception,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer
Disconnect-VIServer : 3/14/2017 11:28:20 AM Disconnect-VIServer Could not find VIServer with name 'vcenter1'.
At C:\Users\vj\Desktop\Desktop 1\My Scripts\Test\test2.ps1:5 char:1
+ Disconnect-VIServer $vcenter -Confirm:$false
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (vcenter1:String) [Disconnect-VIServer], VimException
+ FullyQualifiedErrorId : Core_ObnSelector_SelectObjectByNameCore_ObjectNotFound,VMware.VimAutomation.ViCore.Cmdlets.Commands.DisconnectVIServer
Disconnect-VIServer : 3/14/2017 11:28:20 AM Disconnect-VIServer Could not find any of the servers specified by name.
At C:\Users\vj\Desktop\Desktop 1\My Scripts\Test\test2.ps1:5 char:1
+ Disconnect-VIServer $vcenter -Confirm:$false
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (VMware.VimAutom...Server[] Server:RuntimePropertyInfo) [Disconnect-VIServer], ServerObnFailureException
+ FullyQualifiedErrorId : Core_ObnSelector_SetNewParameterValue_ServerSpecifiedButNotFound,VMware.VimAutomation.ViCore.Cmdlets.Commands.DisconnectVIServer
Case 3:
$credential = Get-Credential
$Username = $credential.GetNetworkCredential().username
$Password = $credential.GetNetworkCredential().password
$vcenter = "vcenter1"
Connect-VIServer $vcenter -User $Username -Password $Password
Disconnect-VIServer $vcenter -Confirm:$false
Output:
Connect-VIServer : 3/14/2017 11:43:53 AM Connect-VIServer Cannot complete login due to an incorrect user name or password.
At C:\Users\vj\Desktop\Desktop 1\My Scripts\Test\test3.ps1:5 char:1
+ Connect-VIServer $vcenter -User $Username -Password $Password
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-VIServer], InvalidLogin
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_Exception,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer
Disconnect-VIServer : 3/14/2017 11:43:53 AM Disconnect-VIServer Could not find VIServer with name 'vcenter1'.
At C:\Users\vj\Desktop\Desktop 1\My Scripts\Test\test3.ps1:6 char:1
+ Disconnect-VIServer $vcenter -Confirm:$false
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (vcenter1:String) [Disconnect-VIServer], VimException
+ FullyQualifiedErrorId : Core_ObnSelector_SelectObjectByNameCore_ObjectNotFound,VMware.VimAutomation.ViCore.Cmdlets.Commands.DisconnectVIServer
Disconnect-VIServer : 3/14/2017 11:43:53 AM Disconnect-VIServer Could not find any of the servers specified by name.
At C:\Users\vj\Desktop\Desktop 1\My Scripts\Test\test3.ps1:6 char:1
+ Disconnect-VIServer $vcenter -Confirm:$false
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (VMware.VimAutom...Server[] Server:RuntimePropertyInfo) [Disconnect-VIServer], ServerObnFailureException
+ FullyQualifiedErrorId : Core_ObnSelector_SetNewParameterValue_ServerSpecifiedButNotFound,VMware.VimAutomation.ViCore.Cmdlets.Commands.DisconnectVIServer
Case 2 is normal, the Password needs to be passed as a String, not a SecureString
Convert it to a regular string
Connect-VIServer $vcenter -User $Username -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)))
Case 3 should work, try adding the Verbose switch.
But why convert the credential use the Credential parameter.
$credential = Get-Credential
$vcenter = "vcenter1"
Connect-VIServer $vcenter -Credential $credential
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Case 2 is normal, the Password needs to be passed as a String, not a SecureString
Convert it to a regular string
Connect-VIServer $vcenter -User $Username -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)))
Case 3 should work, try adding the Verbose switch.
But why convert the credential use the Credential parameter.
$credential = Get-Credential
$vcenter = "vcenter1"
Connect-VIServer $vcenter -Credential $credential
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks a lot LucD.
Cool, now Case 3 is working fine on all 10 vCenters. I am still wondering why my previous case 3 script did not work on couple of vCenters only, while it worked spotless on 8 others.
My apologies with case 2, since i did not want to use 'ConvertFrom-SecureString' and store it in a variable, since some forums say its less secure way. Your approach should be fine on case 2 as well w.r.t to security.