PowerCLI

Hey all,

I am working on hiding my credentials using an XML file instead of having the creds directly in the script.  When I had the creds in the script it will look like the report on Nov 14th.  When I call the creds using an XML file it works inside of powercli, but when I use task scheduler it shows like the report from Nov 16th.  What am I missing??

here are my settings in the task scheduler:

General Tab:

     An Domain Admin Runs the Task

     Run whether user is logged on or not

     Run with highest privilages

Trigger Tab:

     Daily at 7:55

Actions Tab:

     Program: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

     Argument: -File "C:\util\scripts\ThinReport.ps1"

Where is the XML file stored?
In a user folder perhaps? Then you would need to run the script in the Task Scheduler under that same user, the Domain Admin probably doesn't find the file.

It would perhaps help if you showed the script, or at least how you handle the XML file, and how the values in there are used.

The cred xml file is under C:/util/scripts/creds so should be accessible. Here is the script to:

#############################

# Connect to vCenter        #

#############################

Import-Module VMware.VimAutomation.Core

$vc = 'vcenter6.ruralnex.com'

$Cred = Import-Clixml C:\util\scripts\Creds\mycreds-Thin.xml

Connect-VIServer $VC -Credential $Cred

#############################

#         Variables         #

#############################

$date=Get-Date -format "yyyy-MMM-d"

$datetime=Get-Date

$filelocation="C:\util\Scripts\Temp\Thin-$date.htm"

#############################

#          Content          #

#############################

$report = Get-VM | Get-HardDisk |

where {$_.StorageFormat -ne "Thin"} |

select Parent,StorageFormat,Filename

#############################

# Add Text to the HTML file #

#############################

$report | ConvertTo-Html -title "VMware Thin Provision Check" -body "<H1>Vmware Thin Provision Check</H1>" -head "<link rel='stylesheet' href='style.css' type='text/css' />" | Out-File $filelocation

ConvertTo-Html -title "VMware Thin Provision Check" -body "<H4>Date and time </H4>",$datetime -head "<link rel='stylesheet' href='style.css' type='text/css' />" | Out-File -Append $filelocation

ConvertTo-Html -title "VMware Thin Provision Check" -body "<H4>VM Count</H4>",$report.Count -head "<link rel='stylesheet' href='style.css' type='text/css' />" | Out-File -Append $filelocation

######################

# FTP HTML output #

#####################

#we specify the directory where all files that we want to upload 

$Dir="$filelocation"

#Below for test

#$Dir="C:/Users/administrator/Desktop/tmp/"   

#ftp server

$ftp = "ftp://10.10.25.240/internal-backups/datacenter/vcenter/misc-reports/Thin/"

$user = "internal-ftp-backup"

$pass = "<PW>" 

$webclient = New-Object System.Net.WebClient

$webclient.Credentials = New-Object System.Net.NetworkCredential($user,$pass) 

#list every sql server trace file

foreach($item in (dir $Dir "*.bak")){

    "Uploading $item..."

    $uri = New-Object System.Uri($ftp+$item.Name)

    $webclient.UploadFile($uri, $item.FullName)

}

##############################

# Disconnect session from VC #

##############################

disconnect-viserver -confirm:$false

Ok, think I got it.

The XML file was probably created by an Export-CliXml cmdlet, correct?

The Export-CliXml uses the Windows Data Protection API, and the key used for the encryption is specific to the user and the computer.

So you will have to do the export and the import with the same user on the same computer.

If your scheduled task runs with the Domain Admin, you will have to do the export also with the Domain Admin, and on the same computer where the scheduled task runs.

Ok after I logged into the server withe DA user and ran the command to make the cred xml file, I run the script and get this:

Import-Clixml : Key not valid for use in specified state.

At C:\util\scripts\ThinReport.ps1:6 char:9

+ $Cred = Import-Clixml C:\util\scripts\Creds\autoitjob2.xml

+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [Import-Clixml], CryptographicException

    + FullyQualifiedErrorId : System.Security.Cryptography.CryptographicException,Microsoft.PowerShell.Commands.Import

   ClixmlCommand

That normally is the message when you try to an Import-CliXml for an encrypted key when it is done from another account than the account that created the XML file.

The random encryption key is stored in your user profile, is that saved for the DA user?

Alright I am missing something in my head, so here is the full scenario:

I run the scheduled task from a DA named autoitjob.  I logged in as autoitjob and ran:

$MyCredentials=GET-CREDENTIAL –Credential “powercli@vsphere.local” | EXPORT-CLIXML C:\util\scripts\Creds\autoitjob.xml

I then re-ran the script with this at the beginning:

$vc = 'IP'

$Cred = Import-Clixml C:\util\Scripts\autoitjob.xml

Connect-VIServer $VC -Credential $Cred

When I run the script after that I get:

Out-File : Access to the path 'C:\util\Scripts\Temp\Thin-2017-Nov-20.htm' is denied.

At C:\util\scripts\ThinReport.ps1:28 char:177

Again this is a DA it should have access to everything.

No, you ca deny a DA access to a folder.

Did you check if the folder exists, if the permissions on the folder are correct, if the folder already has a similar file which is perhaps marked read-only?

Can you try with another folder?

Does it work then?

Alright did a lot of messing around and think it was a password typed wrong....I am an idiot and apologize for wasting your time your time PowerCLI King, LucD!