1 2 Previous Next 18 Replies Latest reply on Jan 7, 2018 10:07 AM by LucD

    Connect-VIServer without prompting for user

    JoelFC Novice



      We have more than one vSphere, each with its own vCenter. When I connect to the Prod vCenter by Connect-VIServer, it just connects successfully using the currently logged in user credentials.

      This behavior changes when connecting to the other vCenters. It prompts for a username and password. If I then insert the logged in user credentials, it connects successfully.


      I need that all of them allow to connect using the logged in user credentials, specially because I need to run a script by scheduled task, but it's not working for this reason.

      Do you know how do I fix this?


      Thank you!

        • 1. Re: Connect-VIServer without prompting for user
          LucD Guru
          vExpertUser ModeratorsCommunity Warriors

          Did you already check KB2034506, more specifically point 1.c ?

          • 2. Re: Connect-VIServer without prompting for user
            Tocano Enthusiast

            I also have multiple vSphere/vCenters. Is there some requirement why you have to use the credential passthru approach?  I connect to each one using an xmlcli credential file. You can create them easily like follows:


            Get-Credential | Export-Clixml [scriptsPath]\Credentials\[username].clixml

            I then have a function (loaded in my profile) that will allow me to specify just a vcenter and a username:

            function vConnect ($vCenterName,$credFileName) {


                 Connect-Viserver $vCenterName -Credential (Import-clixml "[scriptsPath]\Credentials\$($credFileName).clixml")


            So to connect, all I have to type is:

            > vConnect [vCenterName] [username]

            This provides me with some flexibility to connect to different vCenters as different users in different contexts with very little difficulty.

            NOTE: Be aware that the clixml files are tied to a specific user acct. Whatever user you are to create them will be the only user who can use that clixml file. So plan accordingly.

            2 people found this helpful
            • 3. Re: Connect-VIServer without prompting for user
              JoelFC Novice



              I guess the mentioned KB isn't related. I'm not getting an error when I try to connect, nor the description applies.

              The thing is that when I connect to the vCenter just typing "Connect-VIServer <servername.domain.com>" on the Power-CLI, it connects successfully to one of the vCenters, without the need to type in any other info. But it does not connect automatically to the other vCenters, which in this case it pops-up a login window, that will successfully login if I enter the logged-in user credentials manually. If I type nothing and just click ok on the login window, it returns the error "Could not determine user name and/or password for server".


              So, the logged-in user has permissions, and the context login is a feature that should work.

              I do not wish to use credential files. The purpose is to run a windows scheduled job launching a powerCLI script, using the credentials I set on the scheduled task. I've already configured this and it works for one vCenter, but not for the others as per the described behavior.


              The vCenter that works is a Windows vCenter 5.5. The other two that doesn't work, one is a vApp vCenter 5.5 and the other is a vApp vCenter 6.0.

              Is there any setting to enable / disable the context user login? What could be preventing it from working?


              Thank you.

              • 4. Re: Connect-VIServer without prompting for user
                JoelFC Novice

                I found a lead.


                If I connect using the -verbose switch, I get additional info. I get this on the console:

                VERBOSE: Attempting to connect using SSPI

                VERBOSE: Reversely resolved 'servername' to 'servername.dom.pt'

                VERBOSE: SSPI Kerberos: Acquired credentials for user 'dom\username'

                VERBOSE: SSPI Kerberos: Successful call to InitializeSecurityContext for target 'host/servername.dom.pt'

                VERBOSE: Cannot complete login due to an incorrect user name or password.

                VERBOSE: Connect using SSPI was unsuccessful


                What do you make of this?


                Thank you.

                • 5. Re: Connect-VIServer without prompting for user
                  LucD Guru
                  Community WarriorsvExpertUser Moderators

                  Well, it does look like an authentication issue.


                  The SSO has the concept of a default domain (as the KB explained).

                  For other domains than this, you'll have to specify the full user info.

                  Did you already try from a session (Windows) where you logged on with username@dom instead of dom\username ?

                  • 6. Re: Connect-VIServer without prompting for user
                    JoelFC Novice

                    Hi Luc.


                    My last post from yesterday wasn't supposed to be deleted, but anyway...

                    I've tried your suggestion and attempted to run the task both with "domain\user" and "user@domain" for the Windows login, but still the same. I guess this is expected, because the Pass-through should be sending the logged-in session to the vCenter server equally, despite the way you logged-in to the Windows session in the first place. All that should matter is that the user can login to Windows (and run powerCLI), and has rights on the vSphere.


                    The vCenter on which Pass-through credentials are working, is a Windows vCenter, on which I'm attempting to run this automated job. Maybe it is working because I'm connecting to itself? I can't test connecting locally to the other vCenters which pass-through doesn't work because the others are not Windows vCenter, they're vApps.

                    As stated in many sites, if I just do "Connect-VIServer -Server vcenter01" it should connect naturally with the pass-through but it does't.

                    All clue I have is the verbose from the previous post.


                    Any other thoughts?

                    • 7. Re: Connect-VIServer without prompting for user
                      LucD Guru
                      User ModeratorsvExpertCommunity Warriors

                      I'm not so sure that pass through will simply work in a SSO setup.

                      Point 1.c in the KB I referred to earlier, mentions that as well (the concpet of the default domain in SSO).

                      If that default domain is not set to the AD domain you are logged into, the pass through is not supposed to work afaik.

                      • 8. Re: Connect-VIServer without prompting for user
                        JoelFC Novice

                        I've checked and there is a funny thing.

                        The server that connects ok with pass-through, has the "localos" as the default domain, as well as one of the servers that doesn't connect. I've set this one to the correct default domain but the issue is still on.

                        The third server that also doesn't connect, was already with the correct default domain. So I have different settings/behaviors that exclude each others.


                        Unfortunately this doesn't seem to be the issue yet.


                        If I decide to go with a credfile, what is the syntax to use it? I've created a credfile successfully but couldn't find out how to call it to establish the connection.

                        • 10. Re: Connect-VIServer without prompting for user
                          JoelFC Novice

                          Just tested it successfully, I was able to connect using the credfile.

                          It really puzzles me why doesn't pass-through work for two of the servers. What credentials is it passing to the server, so it would fail?


                          I can't waste more time over this, so I'll go with the credfile.

                          I was avoiding it because even encrypted, it is still a password of a user with high permissions written to a file. Anyone with access to the credfile will be able to use it with PowerCLI and do anything.


                          Thank you for the help Luc.

                          • 11. Re: Connect-VIServer without prompting for user
                            LucD Guru
                            Community WarriorsUser ModeratorsvExpert

                            Access to the file and access to the account that created the file

                            • 12. Re: Connect-VIServer without prompting for user
                              0Walt0 Novice

                              When connecting to vCenter, I noticed that I have to use Connect-CIServer instead of Connect-VIServer, since they use separate networking protocols.


                              With that said, all commands that you would originally use, such as Get-VM, must now have CI prepended to the noun of the command, i.e Get-CIVM.

                              If you try using Get-VM, then you'll just get an error that you're not connected to a server.


                              In addition, commands like Get-Template as used in vSphere to get any template will have, along with the prepended CI, different names, i.e Get-CIVMTemplate.

                              Hope this helps!

                              • 13. Re: Connect-VIServer without prompting for user
                                LucD Guru
                                User ModeratorsCommunity WarriorsvExpert

                                Isn't Connect-CIServer meant for Cloud servers ?

                                • 14. Re: Connect-VIServer without prompting for user
                                  0Walt0 Novice

                                  You're totally right, and I misread the post

                                  1 2 Previous Next