Custom Powershell Password Validation and reset esxi scipt not running in UI

[Ryan Coyle]

Hi All,

 

Like most environments we have ssh disabled on all esxi hosts as default so the built in Linux password reset and validation scripts wont work.

 

I am trying to add a custom password validation and reset script using powercli and they are working when run them manually on the server but when I try to do a heartbeat or reset the password in the ui they fail. 

 

The reset password script is the same as the one in this link https://www.clickstudios.com.au/community/index.php?/topic/1760-vmware-esx-password-reset-example/ and the validation I created from looking at other scripts.

 

Is there anything else I would need to do for these custom scripts to run correctly on passwordstate through the UI?

 

Here is the password validation script.

 

Function Validate-ESXiPassword 
{
    [CmdletBinding()]
    param (
        [String]$HostName,
        [String]$UserName,
        [String]$Password
    )    
    $ErrorActionPreference = "Stop"
    try{
        Connect-VIServer $HostName -User $UserName -Password $Password -ErrorAction Stop
        Write-Output "Success"
        Disconnect-VIServer $HostName -Force -Confirm:$false

    } catch {
        switch -wildcard ($error[0].Exception.ToString().ToLower())
        {
        "*incorrect user*" { 
                                Write-Output "Incorrect username or password on host '$HostName'"; break
                                Disconnect-VIServer $HostName -Force -Confirm:$false
                           }
        "*" {write-output $error[0].Exception.ToString().ToLower();break}
        }
    }
}
Validate-ESXiPassword -HostName '[HostName]' -UserName '[UserName]' -Password '[Password]' 

 

Thanks,

 

Best Regards

Ryan

[support]

Hi Ryan,

 

Does the UI report back any kind of error when running?  If we can get back verbose errors from the script, this might help troubleshoot what the issue is.

 

Regards,

Support.

[Ryan Coyle]

Hi Password State,

 

The UI will return the following errors and the error log for password reset. There aren't any errors in the script when ran.

 

Password Verification UI error

A manual Account Heartbeat check failed to validated the password for account root (\Networking\SysEngineer\ServiceAccounts) of Account Type 'VMware ESX' on Host phl-esxi-veeam.marketresourcepartners.com. Error = Incorrect username or password on host 'phl-esxi-veeam.marketresourcepartners.com'

Password Reset UI error

The Passwordstate Windows Service failed to process the Password Reset Script 'Reset ESXI Password' against Host 'phl-esxi-veeam.marketresourcepartners.com' for the account 'root' (\Networking\SysEngineer\ServiceAccounts). As a result, no changes have been made to this record in Passwordstate. Error =

 

Password Reset log error

8/27/2019 12:42:02 PM - Failed password reset for account root associated with host phl-esxi-veeam.marketresourcepartners.com. Error = 
8/27/2019 12:42:02 PM - Started processing of data in the resultsDataTable.
8/27/2019 12:42:03 PM - Add Auditing - Password Reset Failed - The Passwordstate Windows Service failed to process the Password Reset Script 'Reset ESXI Password' against Host 'phl-esxi-veeam.marketresourcepartners.com' for the account 'root' (\Networking\SysEngineer\ServiceAccounts). As a result, no changes have been made to this record in Passwordstate. Error = 
8/27/2019 12:42:03 PM - Deleting record from queue. ResetTaskQueueID = 48
8/27/2019 12:42:03 PM - Add Auditing - Password Reset Removed from Queue - The Passwordstate Windows Service removed the account 'ESXI Root' (Password List = \Networking\SysEngineer\ServiceAccounts, UserName = root, Description = Root Access to ESXI) from the Queue as the Process Reset Task is now complete. This account relates to the Host phl-esxi-veeam.marketresourcepartners.com.
8/27/2019 12:42:03 PM - Finished processing of data in the resultsDataTable.

 

Best Regards

Ryan

[support]

Hi Ryan

 

Thanks for the information, but we're not sure of the cause sorry - it looks like the scripts might not be capturing errors properly. We'll need to find some time to try and develop our own scripts for this, and test in our environments. Hopefully in the meantime someone else in the community has gotten this working for themselves?

Regards

Click Studios

[Ryan Coyle]

Hi Click Studios,

 

The reset password script came from another community post 

It doesn't seem to have been implemented though.

 

When I run the script manually I don't receive any errors.

 

Do you have any examples of custom scripts that are capturing errors properly?

 

Every script runs the function at the end with the parameters like below, I am guessing passwordstate will see '[HostName]' and will pass the hostname to the script or how does that work?

Validate-ESXiPassword -HostName '[HostName]' -UserName '[UserName]' -Password '[Password]' 

[support]

Hi Ryan,

 

Yes, we have documentation for this in our User Manual under the Help Menu - go to the KB Articles section, then Password Resets -> Structure of a Password Reset Script.

Or, you could look at any of the default scripts we provide on the screen Administration -> PowerShell Scripts

Regards
Click Studios