Hi there!
I'm tryna work out a Snaphost Deletion PowerShell script using PowerCLI Module. The script, when scheduled as a Task in Windows Task Scheduler, runs fine with other vSphere accounts (such as user accounts for vCenter) BUT with administrator@vsphere.local, it doesn't even connect!
However, when I'm trying to initiate a session on a vCenter using administrator@vsphere.local directly in PowerCLI shell (or even PowerShell), it gets connected & I'm able to target commands.
Somehow the issue is only coming while running the script via Task Scheduler with this account. All other accounts are working just fine.
Here's a sample attempt:
#---------------------------------------------------------------------------------------------------------------------------------------------------
Import-Module VMware.VimAutomation.Core
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -DisplayDeprecationWarnings $false -Scope Session -Confirm:$false
$vCenter = "<the IP/FQDN>"
Connect-VIServer $vCenter -User "administrator@vsphere.local" -Password "<thePassword>"
#Get the VM...
$VM = Get-VM "<theVM>"
$VM | Out-File -FilePath "C:\Path\To\Somewhere\VM.txt"
Disconnect-VIServer $vCenter * -Confirm:$false
Can you try to use a transcript log to see what is happening?
Use the Start-Transcript cdmlet.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks.
I tried transcripting. Got the following error (basically I was able to catch this by checking the "Run only when account is logged-in" option in Task Scheduler, which allows the PowerShell console to pop up & display what's happening).
Dunno why it's saying incorrect password, when the same credentials are working when initiating a session directly through PowerCLI shell. Also, instead of passing directly, I've tried storing the credentials in a PSCredentialObject, .xml file, environment variables, even a simple plain text file BEFORE passing on to the Connect-VIServer cmdlet BUT nothing works, I get the same error:
------------------------------------------------------------------------------------------------------------------------------------------------
Connect-VIServer : 3/4/2024 9:06:41 AM Connect-VIServer Cannot complete login due to an incorrect user name or
password.
At C:\Users\blahblah\Documents\TestSysInfo2.ps1:6 char:6
+ $R = Connect-VIServer "<the FQDN/IP>" -User "administrator@vsphere.l ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-VIServer], InvalidLogin
+ FullyQualifiedErrorId :
Client20_ConnectivityServiceImpl_Reconnect_Exception,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer
------------------------------------------------------------------------------------------------------------------------------------------------------
The password for administrator@vsphere.local does have special chars, but so do my read-only account & my other user accounts - still, they're working fine (even when passed directly).
Did you already add the Verbose switch to the Connect-VIServer cmdlet?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Yes, I did. Nothing new or extra info, just the same error.
Also, I've tried running the same on the latest version of VMware.PowerCLI (v13.2.xx) BUT still no luck.
You should at least see a message about the TLS protocol and the connection being established.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
This time I simply did this in a .ps1 file & ran it by directly navigating to the directory where I kept the script on PowerShell console:
Connect-VIServer <the FQDN/IP> -User "administrator@vsphere.local" -Password "<the Password>" -Verbose
BUT again, I didn't get any info about the connections being establised. I guess, -Verbose only works when there aren't any exceptions being thrown in this case ('cause it shows "VERBOSE: something something" when I use a different account & the connection is established successfully).
I don't think it could be any connections issues, when I'm able to Log In with same administrator credentials interactively in PowerCLI, the issue only comes while doing so through a .ps1 file.
Is your PowerCLI installation healthy?
What does this return?
Get-Module -Name VMware.* -ListAvailable
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
That looks normal, nothing wrong I can see.
The Verbose switch should also produce additional output, even if nothing goes wrong.
It is strange you don't see those yellow verbose output lines.
To help me understand, which kind of platform are you running this on?
Which PowerShell version?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
So it worked by converting the password to a secure string through PowerShell & storing it in a .xml file in encrypted form. Although, I tried that earlier too BUT maybe was doing something incorrectly.
Now, I'm wondering is there any specific config. on vSphere end that allows password for administrator@vsphere.local to be passed on to any scripts only in an encrypted from?
BTW, thanks for sticking for around on the issue so far! Appreciate it.
No, not that I know of.
Can you share the code you used to create that XML file, and the code you used to read the file and use the retrieved password on the Connect-VIServer cmdlet?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference