PowerCLI

I have a script that uses integrated security, as in the user account that creates the pssession. It then connects via powercli to a list of vCenters.  Is there a way for connect-viserver command to fail, if user account does not have access and not prompt for credentials?

Or is there a way of validating the user account before connecting? some like "test-viaccess"?

I would prefer that the script throw an error, that I can manage, rather than hang

many thanks,

Carl

Add -ErrorAction Stop to your Connect-VIServer cmdlet.
Then place it in a Try-Catch construct, that way you will "catch" the terminating exception, and the script can stop (exit) or continue (comment out the exit).

try {
   Connect-VIServer -Server $vcsa -Credential $cred -ErrorAction Stop
}
catch {
   Write-Error "The connection failed"
   Exit
}

Many thanks LucD and for the quick reply.

I think the problem is, it doesn't fail, it hangs prompting for credentials 

try {
   Connect-VIServer -Server $vcsa -ErrorAction Stop
} catch {
   $errMessages += "Failed to connect to $vcsa"
   continue
}

I am running the above as I can't ask for username/password to create $cred, I need to use the integrated security of the pssession.

Carl

That could be a TLS or certificate issue.
What do you see when you add a Verbose switch to the Connect-VIServer?

Does it mention not being able to establish a secure channel?
Try setting InvalidCertificateAction to Ignore with the Set-PowerCLICOnfiguration cmdlet.
Or better yet, make sure the certificate is installed and added to trusted root certificates. 

Again, thank for getting back

I have the script creating a transcript and -verbose doesn't show anything, as the command/script unfortunately hangs prompting for credentials

Certificate are valid and ignore certificates is set.  I can connect when using my credentials when creating the pssession but it hangs when using the "script" account.

It's how do I stop connect-viserver prompting for credentials, if the user account doesn't have the integrated/passthru rights to connect.

Carl

So are you in fact asking how to detect if the current user falls under Integrated WIndows Authentication (IWA)?
Before trying to connect to the vCenter.

Yes  

As you say, can I try before connecting or have connect-viserver fail and not prompt for creds

Carl

From similar questions, around the Get-Credential cmdlet, it looks as if you start your PowerShell session with the parameter -NonInteractive you don't get a prompt but an exception.
Since it is not always possible to start a new PS session with that NonIntercative parameter, you could run a short snippet and check the returned string.
The snippet uses a Try-Catch construct, with a specific case for the authentication exception.

The following seems to work for me.
When the user can not connect due to issues in WIA, the snippet returns "User can not connect via WIA"

$code = @'
  Try {
    Connect-VIServer -Server $vcsaName -ErrorAction Stop | Out-Null
    Write-Host "All is well"
  }
  Catch [VMware.VimAutomation.Sdk.Types.V1.ErrorHandling.VimException.ViServerConnectionException] {
    Write-Host "User can not connect via WIA"
  }
  Catch {
    Write-Host "Some other error"
  }
'@

$vcsaName = '<Your VCSA FQDN>'

powershell -noninteractive -command "& {$($ExecutionContext.InvokeCommand.ExpandString($code))}"

I changed it ever so slightly, to make it easier to run within my script :

$code = @'
  Try {
    Connect-VIServer -Server $vcsaName -ErrorAction Stop | out-null
    exit 0
  }
  Catch [VMware.VimAutomation.Sdk.Types.V1.ErrorHandling.VimException.ViServerConnectionException] {
    exit 1
  }
  Catch {
    exit 2
  }
'@

$vcsaName = '<Your VCSA FQDN>'
powershell -noninteractive -command "& {$($ExecutionContext.InvokeCommand.ExpandString($code))}"
if($LASTEXITCODE -ne 0) {
    # Failed to connect
} else {
    # All good
    # do things...
}