alanrenouf / vCheck-vSphere

vCheck Daily Report for vSphere
MIT License
735 stars 327 forks source link

vCheck script not running for VCSA? #426

Closed acme2000h closed 8 years ago

acme2000h commented 8 years ago

While the script is working fine for Windows based Virtual Centers. It's not caching credentials for the service account used for scheduling the task.

I tried to run the script with -Verbose syntax to check what was going wrong. It prompts me for Creds. And also found that instead it was acquiring my Creds instead.

VERBOSE: Attempting to connect using SSPI VERBOSE: Reversely resolved 'vc02.local.corp' to 'vc02.local.corp' VERBOSE: SSPI Kerberos: Acquired credentials for user 'local.corp\acme2000h' VERBOSE: SSPI Kerberos: InitializeSecurityContext failed for target 'host/vc02.local.corp'. Error code:

Sneddo commented 8 years ago

Been a while since I setup our VCSA, but from memory you may get this if your AD identity source is not set to the default domain in SSO, and possibly needs to be AD (integrate) rather than LDAP.

But it definitely works :)

alanrenouf commented 8 years ago

I saw this issue recently with a customer and this KB helped... http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2050701

Does this help?

acme2000h commented 8 years ago

Thanks for reply guys. The SSO is set as recommended above. Alan, I have tried the above KB and currently it is set as "passwd: compat ato lsass". Still is not working.

Any other thing which needs to be checked.

Sneddo commented 8 years ago

Are you running 6.x or 5.x? I vaguely remember someone else having issues with 6...

acme2000h commented 8 years ago

It's latest version which is 6.23!

Sneddo commented 8 years ago

Yeah sorry, I meant VCSA version :)

acme2000h commented 8 years ago

Ohh! Yes...the VCSA version is 5.5 update 3

acme2000h commented 8 years ago

Hey guys! Did you have look into this issue?

alanrenouf commented 8 years ago

Just wondering if you have tried logging into an interactive session as this user and ticking the box in the UI that passes through the logged on user creds, i want to see if its PowerCLI or a VC config issue

acme2000h commented 8 years ago

Ticking the box in UI? I didn't get that part?

acme2000h commented 8 years ago

The account which I am using for scheduled job is not allowed to logon to the server interactively. Is there something else you would like me to try?

acme2000h commented 8 years ago

Hi Alan, I am still awaiting to hear something on this issue!

acme2000h commented 8 years ago

Hi Alan,

I have enable interactive login for the said user. I am able to login to server using RDP. While running the vCheck script it is always asking for credentials.

Please help me out with this one. I know you may be busy. There may be many more like me who would be facing this issue.

acme2000h commented 8 years ago

Hi Alan,

I also tried to tick the box while connecting to VC but it say windows creds cannot be used to login to this server. I guess its due to VCenter been VCSA.

Sneddo commented 8 years ago

Nah, VCSA works fine as I mentioned before. I'm planning to update to 5.5 U3b this week so will test with it (currently on update 2e) as it may be an issue with Update 3.

Otherwise, it may be your SSO config.

acme2000h commented 8 years ago

Thanks for the update Sneddo. Let me know the results. I'll be waiting.

monahancj commented 8 years ago

We've been running vCheck for years and never had a problem with a scheduled job running in Task Scheduler. Our vCheck jobs are configured the same as any other scheduled task. Do you have other scheduled tasks working on the server running the vCheck report? If not maybe try to get a simple one working first. It could be as simple as "Get-Date > C:\Temp\test.txt" in "schedtasktest.ps1

Currently we're running v6.0 of VCSA and ESXi.

On our Windows 2008 R2 server the job is configured with:

General tab

-When running the task, use the following user account: domain\serviceaccount (My note- this is in the local admins group.) -Run whether use is logged on or not -Run with the highest privileges

Triggers tab

-Daily, At 1:00am every day

Actions tab

-Action: Start a program -Details:

-Program/Script: C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe -Add arguments: -PSConsoleFile "C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\vim.psc1" & "C:\Scripts\vcheck6\vcenter202\vCheck.ps1"

Conditions tab

Not important

Settings tab

-Allow task to be run on demand (My note- helpful for testing) -Run task as soon as possible after a scheduled start is missed -Stop the task if it runs longer than: 8 hours (My note- 8 hours is what we do. Pick a value that makes sense to you.) -If the running task does not end when requested, force it to stop -If the task is already running- Do not start a new instance

History

Not important

On Tue, Jan 12, 2016 at 6:57 AM, acme2000h notifications@github.com wrote:

Thanks for the update Sneddo. Let me know the results. I'll be waiting.

— Reply to this email directly or view it on GitHub https://github.com/alanrenouf/vCheck-vSphere/issues/426#issuecomment-170889735 .

Sneddo commented 8 years ago

Confirmed that vCheck is working fine against 5.5 Update 3b VCSA, so this seems to be a configuration issue.

acme2000h commented 8 years ago

Senddo, what will be the ideal configuration for this to work. Will you please elaborate?

Sneddo commented 8 years ago

It may be different in your environment, but for us we have our VCSA configured as follows:

In SSO config:

In vCenter: