VMware Cloud Community
janatlud
Contributor
Contributor
‎04-05-2022 12:22 AM
Jump to solution

vmware powershell script via tasks scheduler with XML password is not working for some vCenters

Hello,

 

I have very interesting issue, totally weird. I set job via task scheduler in Windows 2012 R2 for periodic reports. Password is stored in XML file.

When I run script in Powershell ISE, there is no problem, everything is working well. When I run the script via task scheduler, it is also working for most of the vCenters (more than twenty), except two.

 

Script setting is according to another threads, it is reason, why mainly is working:

C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe

-ExecutionPolicy Bypass -NonInteractive -NoLogo -NoProfile -file "C:\Scripts\MG_reports\PlatformReport.ps1"

 

In the begining of the script is 

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -DisplayDeprecationWarnings $false -Scope Session -Confirm:$false -ParticipateInCEIP $false -ProxyPolicy NoProxy

And for logging to vCenter is added parameter -ErrorAction SilentlyContinue and -force

 

So mainly it is working, but I have no idea, why two vCenters are not working via task scheduler, but with interactive session yes (it means, that the csv file with information is correct. Password is also correct, and permissions on vCenter too.

Hwen I run the script with rest of the vCenters, the information for the vCenter are copied from the previous session and doesn´t matter, to which row in the input file are these vcenters.

 

Do you have any idea, what could be checked?

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎04-05-2022 02:12 AM
Jump to solution

The VICredentialStoreItem cmdlets use the DPAPI (from Windows).
This means that the entries can only be used by the same user on the same station where the entry was created.

That was one of the reasons why I asked under which account the scheduled task runs.

 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
4 Replies
LucD
Leadership
Leadership
‎04-05-2022 12:29 AM
Jump to solution

Under which account are these Scheduled Tasks running?

Btw, instead of suppressing the errors, it might be useful to add the Verbose switch to help in debugging an issue.
Also, using a transaction log might help pinpoint the issue.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
janatlud
Contributor
Contributor
‎04-05-2022 02:03 AM
Jump to solution

Probably I got it

I have this issue (I don´t know why the file is not provided):

TerminatingError(Get-VICredentialStoreItem): "Key not valid for use in specified state.

 

The file was created by:

New-VICredentialStoreItem -Host $vCenter -User ********** -Password ************* -File *******/passwd.xml

 

And reading is done by:

$Credential = Get-VICredentialStoreItem -Host $vCenter.host -File $pwfile

 

Is needed to modify the Get-VICredentialStoreItem cmdlet? Rest of the vCenters is working because of SSPI session

Reply
0 Kudos
LucD
Leadership
Leadership
‎04-05-2022 02:12 AM
Jump to solution

The VICredentialStoreItem cmdlets use the DPAPI (from Windows).
This means that the entries can only be used by the same user on the same station where the entry was created.

That was one of the reasons why I asked under which account the scheduled task runs.

 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
janatlud
Contributor
Contributor
‎04-05-2022 02:33 AM
Jump to solution

yep, passwd file creation was performed under different account (for the correct account, but creator was different), now it looks working

Reply
0 Kudos