continuum
Immortal
Immortal

storing credentials for Alans vCheck script

I hope this is a stupid question Smiley Wink - this is quite new stuff for me

Recently I started to use Alans vCheck powershell script.
It works great as long as I can connect to the vCenter with an account like "administrator"
Then storing the credentials in the file specified via
$CredFile = ".\administrator.crd"
works great..

But when ever I run the script against a vCenter where I need to login via "domain\admin"
storing the credentials fails and I need to supply them via manual input each time I run the script.

Has anyone seen this and is there a workaround ?


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

9 Replies
mattboren
Expert
Expert

Hello, continuum-

So, when you are running Alan's vCheck script, are you running it as the same user but are needing to pass different credentials to the Connect-VIServer calls when connecting to different vCenters?  That is, PowerShell/PowerCLI itself is running as the same user each time?

If so, a couple of ways you can handle storing credentials for connecting to different vCenters would be:

0)  Export them using Hal Rottenberg's Import/Export PSCredentials functions, and then import them at runtime when connecting to the given vCenters:

## export the credentials ahead of time
Export-PSCredential -cred (Get-Credential domain\user0) -path c:\temp\myEncryptedCredsAsDomain_User0.xml
...
## then, in the script, import the credentials when needed for connecting to a vC server
Connect-VIServer -Server myVC0.domain.com -Credential (Import-PSCredential -path c:\temp\myEncryptedCredsAsDomain_User0.xml)

1)  use the "VI Credential Store" to store credentials for connecting to vCenters/hosts.  You can use the -SaveCredentials parameter for Connect-VIServer, entering the credentials manually one time (or using imported ones), and subsequent connections to the given vCenter server should use the appropriate saved credentials from the VI credential store:

## save the credentials to the VI credential store one time
Connect-VIServer -Server myVC0.domain.com -Credential (Get-Credential domain\user0) -SaveCredentials

You could also add items to the VI credential store using the New-VICredentialStoreItem cmdlet.  Using that cmdlet looks something like:

## add credential to the store
New-VICredentialStoreItem -Host myVC0.domain.com -User domain\user0 -Password supersecretpass

Connecting to the given vCenter/host thereafter should grab the appropriate credentials from the store.

Something to note on these:  only the account that exported/saved the credentials is able to decrypt/import them (security feature).

How do those do for you?

0 Kudos
continuum
Immortal
Immortal

Hi Matt
thanks for the suggestions

I will report how this helped for my case as soon as I learned how to implement them - as I am a beginner with this that may take some time Smiley Sad

Ulli


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

0 Kudos
alanrenouf
VMware Employee
VMware Employee

Im working on Version 6 now so I will see if I can make this easier.

Blog: http://virtu-al.net Twitter: http://twitter.com/alanrenouf Co-author of the PowerCLI Book: http://powerclibook.com
0 Kudos
continuum
Immortal
Immortal

Hi Alan
that sounds very well

May I add more feature requests ?
It would be very nice if all user-settings could be read from an ini-file.
This way running the script as a service would be easier.

Now I use some ugly hack that skips sending an email if the report results in a file with less than 3450 characters.
If you could add a setting like
dont-send-email-if-all-tables-are-blank = %true or %false
it would be great.

Ulli


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

0 Kudos
alanrenouf
VMware Employee
VMware Employee

Im making more changes that you may like and will be able to do this differently but get the same results.

I need to think more about the authentication though as I dont want people storing credentials in an INI file, I want to make this as easy as possible for everyone.

Blog: http://virtu-al.net Twitter: http://twitter.com/alanrenouf Co-author of the PowerCLI Book: http://powerclibook.com
0 Kudos
continuum
Immortal
Immortal

Oh - I did not mean to suggest storing the credentials as plain text in an inifile.
The way you do it now is fine - it just does not work for accounts like domain\admin


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

0 Kudos
alanrenouf
VMware Employee
VMware Employee

Just added this bit into v6 I think you will be happy with it when I release the code.

Blog: http://virtu-al.net Twitter: http://twitter.com/alanrenouf Co-author of the PowerCLI Book: http://powerclibook.com
0 Kudos
continuum
Immortal
Immortal

Thanks Alan

if you need beta-testers you now have a volunteer

http://sanbarrow.com/gifs/cheers.gif


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

0 Kudos
backuptn
Contributor
Contributor

Hi Alan,

I thought I'd share the ReportGen.cmd text that I used so that others might save some time

Here's the text in my script;

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -psc "C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\vim.psc1" -noe -c ". \"C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\Scripts\Initialize-PowerCLIEnvironment.ps1\" (& "C:\vCheck\vCheck-vSphere-master\vCheck.ps1") -OutputPath \\x.x.x.x\ShareNAME$\Reports\vCheck\

it wraps up all the vCenters into one HTML email, sends out (based on Globalvariables.ps1)  and then saves the file to the network. This reduces data throughput on the exchange servers since there's no attachment.

To attach to each of the vCenters;  I created vc1 - vc8.xml files, located in the \vCheck-vSphere-master\Plugins\00 Initialize folder (shown below); this alleviates the need for separate jobfiles.

00folder.png

For these; I configured each with FQDN names of vCenters to attach to.

I hope this helps someone. Great job on vCheck!

Jesse

Jesse