Automation

 View Only
Expand all | Collapse all

Problem with Invoke-VMScript

  • 1.  Problem with Invoke-VMScript

    Posted Apr 24, 2023 08:29 PM

    Hello,

    I'm trying to run a basic command with the Invoke-VMScript on a Windows 2019 VM that is actually out of domain AD.

    Invoke-VMScript -VM tstW2019 -ScriptText "Get-Process" -GuestUser Deploy -GuestPassword "thePass" -Verbose

    Everytime I got the error message :

    Invoke-VMScript A connection could not be established because the target computer expressly refused it. (127.0.0.1:80)

    The credentials are fine as I can logon locally on server with them.

    On Windows, I don't see any logon error, I see some LogonType 4 granted or vmtoolsd validated credentials.

    Any idea of what I'm missing to make it work

     



  • 2.  RE: Problem with Invoke-VMScript

    Posted Apr 24, 2023 08:43 PM

    Is port 902 open to the ESXi node where the VM is hosted?
    Does the Certificate on the ESXi node contain a SAN entry with the IP address of the node, besides the FQDN?

    You could have a go with my Invoke-VMScriptPlus function and use the Verbose switch.
    It should return more information on what is happening.
    You could also use the NoIPInCert switch.



  • 3.  RE: Problem with Invoke-VMScript

    Posted Apr 25, 2023 06:24 AM

    Hello Luc,

     

    thanks for your help, I have just tested your fonction and got same result, but as there is a "but"

    I have seens that, the function was able to connect to the VM create both output file ( empty ) and .ps1 file ( empty also ).

    Below the result :
    VERBOSE: 25/04/2023 08:05:58 Get-View Finished execution
    VERBOSE: 25/04/2023 08:05:58 Get-View Finished execution
    VERBOSE: 25/04/2023 08:05:58 Get-View Finished execution
    VERBOSE: 25/04/2023 08:05:59 Get-View Finished execution
    VERBOSE: No GuestOSType value provided. Trying to determine now.
    VERBOSE: It's a Windows guest OS
    VERBOSE: Created temp folder in guest OS C:\Users\Deploy\AppData\Local\Temp\myAccount_1460vmware100
    VERBOSE: Created temp script file in guest OS C:\Users\Deploy\AppData\Local\Temp\myAccount_1460vmware100\myAccount_1460vmware31.ps1
    VERBOSE: Created temp output file in guest OS C:\Users\Deploy\AppData\Local\Temp\myAccount_1460vmware100\myAccount_1460_outputvmware69
    VERBOSE: Copying Data to C:\Users\Deploy\AppData\Local\Temp\myAccount_1460vmware100\myAccount_1460vmware31.ps1
    VERBOSE: HTTP/1.1 PUT with 11-byte payload
    Invoke-WebRequest: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:223
    Line |
    223 | … copyResult = Invoke-WebRequest -Uri $fileInfo -Method Put -Body $Data
    | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    | Aucune connexion n’a pu être établie car l’ordinateur cible l’a expressément refusée.
    Exception: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:226
    Line |
    226 | … Throw "ScripText copy failed!`rStatus $($copyResult.Statu …
    | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    | ScripText copy failed!Status

     

    And I saw also that when I was testing the invoke-VMscript function in this way :
    Invoke-VMScript -ScriptType Powershell -scriptText "New-Item -ItemType Directory -Path 'C:\Test'" -VM tstW2019 -GuestUser Administrateur -GuestPassword "ThePass" -Verbose

    The folder was created, but the function was returning the error anyway.

    So, in both case the function was able to connect to the VM, then do something on the VM and then got an error.

    Any idea ?



  • 4.  RE: Problem with Invoke-VMScript

    Posted Apr 25, 2023 08:34 AM

    Did you try the NoIPInCert switch?
    Creating the folder and files is done through the GuestOperation methods, which seems to work.
    Only when the function tries to upload the content to the temp file with a PUt the transfer doesn't seem to work.
    That upload is normally to a URI that contains the ESXI node (IP addr or FQDN).
    When there is an issue, missing SAN entry for IP, with the Cert on the ESXi that fails, hence I introduced the NoIPInCert switch.



  • 5.  RE: Problem with Invoke-VMScript

    Posted Apr 25, 2023 07:42 PM

    Luc,

    I just tryed the NoIPinCert, but got the error message :

    Select-Object: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:219
    Line |
    219 | … = Resolve-DnsName -Name $ip | Select-Object -ExpandProperty NameHost
    | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    | Property "NameHost" cannot be found.
    VERBOSE: Copying Data to C:\Users\Deploy\AppData\Local\Temp\myAccount_1460vmware56\myAccount_1460vmware43.ps1
    Invoke-WebRequest: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:223
    Line |
    223 | $copyResult = Invoke-WebRequest -Uri $fileInfo -Method Pu …
    | ~~~~~~~~~
    | Cannot bind parameter 'Uri'. Cannot convert value
    | "https://:443/guestFile?id=126&token=52c66c60-5ca0-fec9-90c7-11f9b419d67c126" to type "System.Uri". Error:
    | "Invalid URI: The hostname could not be parsed."
    Exception: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:226
    Line |
    226 | … Throw "ScripText copy failed!`rStatus $($copyResult.Statu …
    | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    | ScripText copy failed!Status

    If I execute the Resolve-DnsName manually it works with 2 answers there is an alias for the ESXi.

    Do you have any idea ?



  • 6.  RE: Problem with Invoke-VMScript
    Best Answer

    Posted Apr 25, 2023 08:36 PM

    Interesting case.

    So it looks as if the location the GuestOperations provide to upload the file, has an issue (or is in a format my code doesn't yet understand).

    In the function, after line 216

    $fileInfo = $gFileMgr.InitiateFileTransferToGuest($moref, $auth, $File, $attr, $Data.Length, $clobber)

    can you add a line with

    Write-Verbose "File transfer location $fileInfo"

    That should show in the verbose output the upload location.

     



  • 7.  RE: Problem with Invoke-VMScript

    Posted Apr 25, 2023 09:16 PM

    Below the result :

     

    VERBOSE: 25/04/2023 23:09:38 Get-View Finished execution
    VERBOSE: 25/04/2023 23:09:38 Get-View Finished execution
    VERBOSE: 25/04/2023 23:09:38 Get-View Finished execution
    VERBOSE: 25/04/2023 23:09:38 Get-View Finished execution
    VERBOSE: No GuestOSType value provided. Trying to determine now.
    VERBOSE: It's a Windows guest OS
    VERBOSE: Created temp folder in guest OS C:\Users\deploy\AppData\Local\Temp\myAccount_1460vmware42
    VERBOSE: Created temp script file in guest OS C:\Users\deploy\AppData\Local\Temp\myAccount_1460vmware42\myAccount_1460vmware177.ps1
    VERBOSE: Created temp output file in guest OS C:\Users\deploy\AppData\Local\Temp\myAccount_1460vmware42\myAccount_1460_outputvmware255
    VERBOSE: hypsrvesx01.lz2.dom
    Select-Object: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:219
    Line |
    219 | … = Resolve-DnsName -Name $ip | Select-Object -ExpandProperty NameHost
    | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    | Property "NameHost" cannot be found.
    VERBOSE: Copying Data to C:\Users\deploy\AppData\Local\Temp\myAccount_1460vmware42\myAccount_1460vmware177.ps1
    Invoke-WebRequest: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:223
    Line |
    223 | $copyResult = Invoke-WebRequest -Uri $fileInfo -Method Pu …
    | ~~~~~~~~~
    | Cannot bind parameter 'Uri'. Cannot convert value
    | "https://:443/guestFile?id=133&token=52c79fd9-6fb6-c7e3-24d9-4a5ee41f9f41133" to type "System.Uri". Error:
    | "Invalid URI: The hostname could not be parsed."
    Exception: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:226
    Line |
    226 | … Throw "ScripText copy failed!`rStatus $($copyResult.Statu …
    | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    | ScripText copy failed!Status



  • 8.  RE: Problem with Invoke-VMScript

    Posted Apr 25, 2023 09:34 PM

    Strange, I was expecting a line with "VERBOSE: File transfer location" followed by a URI.
    Or did you change the line I proposed?

    Is this the result of the line you added?

    VERBOSE: hypsrvesx01.lz2.dom

    That should have been a URI, not just a FQDN . 





  • 9.  RE: Problem with Invoke-VMScript

    Posted Apr 25, 2023 09:55 PM

    Yes exactly,

    I changed the script like below :

    213 $attr = New-Object VMware.Vim.GuestFileAttributes
    214 $clobber = $true
    215 $fileInfo = $gFileMgr.InitiateFileTransferToGuest($moref, $auth, $File, $attr, $Data.Length, $clobber)
    216 Write-Verbose "File transfer location $fileInfo"
    217 if ($NoIPinCert.IsPresent)
    218 {



  • 10.  RE: Problem with Invoke-VMScript

    Posted Apr 25, 2023 10:20 PM

    Then I wonder where the part "File transfer location" went.

    Also, the InitiateFileTransferToGuest method should return a URI, not a single FQDN

    LucD_0-1682461191227.png


    Which ESXi version is that VM running on?



  • 11.  RE: Problem with Invoke-VMScript

    Posted Apr 26, 2023 06:44 AM

     

    Hello Luc,

    the ESXi version is : VMware ESXi, 8.0.0, 21203435

    My bad...

    I forgot to change to update the context, In new console I got what your wanted :


    VERBOSE: 26/04/2023 08:36:59 Get-View Finished execution
    VERBOSE: 26/04/2023 08:36:59 Get-View Finished execution
    VERBOSE: 26/04/2023 08:36:59 Get-View Finished execution
    VERBOSE: 26/04/2023 08:36:59 Get-View Finished execution
    VERBOSE: No GuestOSType value provided. Trying to determine now.
    VERBOSE: It's a Windows guest OS
    VERBOSE: Created temp folder in guest OS C:\Users\deploy\AppData\Local\Temp\myAccount_17704vmware76
    VERBOSE: Created temp script file in guest OS C:\Users\deploy\AppData\Local\Temp\myAccount_17704vmware76\myAccount_17704vmware181.ps1
    VERBOSE: Created temp output file in guest OS C:\Users\deploy\AppData\Local\Temp\myAccount_17704vmware76\myAccount_17704_outputvmware159
    VERBOSE: File transfer location https://hypsrvesx01.lz2.dom:443/guestFile?id=136&token=52467ed1-b7f8-5e76-5a6e-5b47cd44866b136
    VERBOSE: hypsrvesx01.lz2.dom
    Select-Object: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:220
    Line |
    220 | … = Resolve-DnsName -Name $ip | Select-Object -ExpandProperty NameHost
    | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    | Property "NameHost" cannot be found.
    VERBOSE: Copying Data to C:\Users\deploy\AppData\Local\Temp\myAccount_17704vmware76\myAccount_17704vmware181.ps1
    Invoke-WebRequest: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:224
    Line |
    224 | $copyResult = Invoke-WebRequest -Uri $fileInfo -Method Pu …
    | ~~~~~~~~~
    | Cannot bind parameter 'Uri'. Cannot convert value
    | "https://:443/guestFile?id=136&token=52467ed1-b7f8-5e76-5a6e-5b47cd44866b136" to type "System.Uri". Error:
    | "Invalid URI: The hostname could not be parsed."
    Exception: C:\Users\myAccount\Documents\tst\Scripts\Invoke-VMScriptPlus.ps1:227
    Line |
    227 | … Throw "ScripText copy failed!`rStatus $($copyResult.Statu …
    | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    | ScripText copy failed!Status



  • 12.  RE: Problem with Invoke-VMScript

    Posted Apr 26, 2023 06:55 AM

    No problem.

    What you could try is to use that URI from a web browser.
    Or run an Invoke-WebRequest with that URI.

    $sWeb = @{
        Uri    = <insert the URI from the verbose message>
        Method = 'Put'
        Body   = 'Test'
    }
    Invoke-WebRequest 
    $error[0] | Select *

    Perhaps that will give a bit more information.

    Just remember that the link is only valid for around 10 minutes.



  • 13.  RE: Problem with Invoke-VMScript

    Posted Apr 26, 2023 07:50 AM

    So,

    from IE, the error messge is : DLG_FLAGS_INVALID_CA

    from Powershell, the error message is :

    The remote certificate is invalid because of errors in the certificate chain: PartialChain

    ( And I found that a proxy was lastly configured on the JumpBox where I run scripts, that explain the "127.0.0.1:80" )

    So the certificate that my colleagues have installed seems bad.

     



  • 14.  RE: Problem with Invoke-VMScript

    Posted Apr 26, 2023 07:57 AM

    Funny,

    now, that I found that a proxy was configured, and I set a bypass for the ESXi, the command Invoke-VMScript works.

    But your version still failed.



  • 15.  RE: Problem with Invoke-VMScript

    Posted Apr 26, 2023 08:08 AM

    This is as expected, my function doesn't handle a proxy in the current version.

    I will put this on the ToDo list 



  • 16.  RE: Problem with Invoke-VMScript

    Posted Apr 26, 2023 08:59 AM

    I'll make this thread as solved.

    Thank you Luc for your time and help !!!