I hope this is a stupid question - this is quite new stuff for me
Recently I started to use Alans vCheck powershell script.
It works great as long as I can connect to the vCenter with an account like "administrator"
Then storing the credentials in the file specified via
$CredFile = ".\administrator.crd"
works great..
But when ever I run the script against a vCenter where I need to login via "domain\admin"
storing the credentials fails and I need to supply them via manual input each time I run the script.
Has anyone seen this and is there a workaround ?
Hello, continuum-
So, when you are running Alan's vCheck script, are you running it as the same user but are needing to pass different credentials to the Connect-VIServer calls when connecting to different vCenters? That is, PowerShell/PowerCLI itself is running as the same user each time?
If so, a couple of ways you can handle storing credentials for connecting to different vCenters would be:
0) Export them using Hal Rottenberg's Import/Export PSCredentials functions, and then import them at runtime when connecting to the given vCenters:
## export the credentials ahead of time
Export-PSCredential -cred (Get-Credential domain\user0) -path c:\temp\myEncryptedCredsAsDomain_User0.xml
...
## then, in the script, import the credentials when needed for connecting to a vC server
Connect-VIServer -Server myVC0.domain.com -Credential (Import-PSCredential -path c:\temp\myEncryptedCredsAsDomain_User0.xml)
1) use the "VI Credential Store" to store credentials for connecting to vCenters/hosts. You can use the -SaveCredentials parameter for Connect-VIServer, entering the credentials manually one time (or using imported ones), and subsequent connections to the given vCenter server should use the appropriate saved credentials from the VI credential store:
## save the credentials to the VI credential store one time
Connect-VIServer -Server myVC0.domain.com -Credential (Get-Credential domain\user0) -SaveCredentials
You could also add items to the VI credential store using the New-VICredentialStoreItem cmdlet. Using that cmdlet looks something like:
## add credential to the store
New-VICredentialStoreItem -Host myVC0.domain.com -User domain\user0 -Password supersecretpass
Connecting to the given vCenter/host thereafter should grab the appropriate credentials from the store.
Something to note on these: only the account that exported/saved the credentials is able to decrypt/import them (security feature).
How do those do for you?
Hi Matt
thanks for the suggestions
I will report how this helped for my case as soon as I learned how to implement them - as I am a beginner with this that may take some time
Ulli
Im working on Version 6 now so I will see if I can make this easier.
Hi Alan
that sounds very well
May I add more feature requests ?
It would be very nice if all user-settings could be read from an ini-file.
This way running the script as a service would be easier.
Now I use some ugly hack that skips sending an email if the report results in a file with less than 3450 characters.
If you could add a setting like
dont-send-email-if-all-tables-are-blank = %true or %false
it would be great.
Ulli
Im making more changes that you may like and will be able to do this differently but get the same results.
I need to think more about the authentication though as I dont want people storing credentials in an INI file, I want to make this as easy as possible for everyone.
Oh - I did not mean to suggest storing the credentials as plain text in an inifile.
The way you do it now is fine - it just does not work for accounts like domain\admin
Just added this bit into v6 I think you will be happy with it when I release the code.
Thanks Alan
if you need beta-testers you now have a volunteer
Hi Alan,
I thought I'd share the ReportGen.cmd text that I used so that others might save some time
Here's the text in my script;
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -psc "C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\vim.psc1" -noe -c ". \"C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\Scripts\Initialize-PowerCLIEnvironment.ps1\" (& "C:\vCheck\vCheck-vSphere-master\vCheck.ps1") -OutputPath \\x.x.x.x\ShareNAME$\Reports\vCheck\
it wraps up all the vCenters into one HTML email, sends out (based on Globalvariables.ps1) and then saves the file to the network. This reduces data throughput on the exchange servers since there's no attachment.
To attach to each of the vCenters; I created vc1 - vc8.xml files, located in the \vCheck-vSphere-master\Plugins\00 Initialize folder (shown below); this alleviates the need for separate jobfiles.
For these; I configured each with FQDN names of vCenters to attach to.
I hope this helps someone. Great job on vCheck!
Jesse