Having a strange issue. I need to create a RO account on every ESXi servers deployed via Powercli however using EsxCLI won't accept my password. But when using New-VMhostAccount connected directly to the host it works fine. I'm wanting to set this account during the build of the host which is automated via powercli so doing a connect-visever direct to the host in the middle my build script breaks my connection to the vcenter i'm building in, any ideas?
$Args = $esxcli.system.account.set.CreateArgs()
$Args.id = 'a_guard'
$Args.password = '@`[tNI\xUh7#&by\'
$Args.passwordconfirmation = '@`[tNI\xUh7#&by\'
$esxcli.system.account.set.invoke($Args)
Message: A specified parameter was not correct: argument[1];
InnerText: argument[1]
At line:5 char:5
+ $result = $esxcli.system.account.set.invoke($Args)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], InvalidArgument
+ FullyQualifiedErrorId : VMware.VimAutomation.ViCore.Types.V1.ErrorHandling.InvalidArgument
Just did some further tests, looks indeed like it is a Get-EsxCli "feature". W
With the esxcli command it works.
Looks like Get-EsxCli has an issue with the ampersand (&) in the password.
Congrats, you found a bug :smileygrin:
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
The password is causing this.
Could it be that your password is violating the complexity rules?
What is in Security.PasswordQualityControl?
Get-AdvancedSetting -Entity MyEsx -Name 'Security.PasswordQualityControl' |
Select -ExpandProperty Value
This for example works for me
$esxcli = Get-EsxCli -VMHost MyEsx -V2
$sAccount = $esxcli.system.account.add.CreateArgs()
$sAccount.Item('description') = 'Test account'
$sAccount.Item('password') = 'BlackFriday17!'
$sAccount.Item('passwordconfirmation') = 'BlackFriday17!'
$sAccount.Item('id') = 'a_guard'
$esxcli.system.account.add.Invoke($sAccount)
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I hope, on top of this you have mentioned $esxcli = Get-EsxCli -VMHost 'YourHostFQDN'
Hi Luc, its a fresh install of ESXi 6.5update1 but what is more strange it works when using New-VMHostAccount
Get-Advancedsetting -Entity $esxiserver -Name 'Security.PasswordQualityControl' | Select -ExpandProperty Value
retry=3 min=disabled,disabled,disabled,7,7
I would really like to set this via esxcli, do you think i could modify 'Security.PasswordQualityControl' to allow this then set it back to default.?
I know the account works with this password because it been set in the environment previously i believe it was created using host profiles, plus i can get it to work with New-VMHostAccount
That is the default password complexity rule, so, yes, your selected password should work.
Might be a flaw in Get-Esxcli.
Did you, to confirm my assumption, try the same through the esxcli command from a SSH session?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
From SSH i get this.. maybe a bug
[root@o-n01:~] esxcli system acoount
Error: Unknown command or namespace system acoount
Just did some further tests, looks indeed like it is a Get-EsxCli "feature". W
With the esxcli command it works.
Looks like Get-EsxCli has an issue with the ampersand (&) in the password.
Congrats, you found a bug :smileygrin:
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I tried
esxcli system account add -i test2 -p '@`[tNI\xUh7#&by\' -c '@`[tNI\xUh7#&by\'
and that works.
Update: you have a typo in account
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thnaks luc, can you think of any workaround other than change the password, unfortunately this password is mature in the environment so can't easily be changed and i was hoping to automate it.
I might put it in the auto deploy host profile that might work
Any chance a workaround was ever identified for this? I'm running 11.3.0 and am apparently hitting the same issue when setting an SNMP community string via PowerCLI.
Confirmed that removing the ampersand (&) from the string allows the command to continue. Also verified that setting via SSH the community string work, as does a direct PowerCLI connection and using get-vmhostsnmp | set-vmhostsnmp.
I'm afraid not.
I would suggest to open a SR, the more people report this "feature"...
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference