search

microsoft / MSLab

Azure Stack HCI, Windows 10 and Windows Server rapid lab deployment scripts
MIT License
1.18k stars 285 forks source link

Many hard coded credentials #467

Closed DenBir closed 2 years ago

DenBir commented 2 years ago

Hi Jaromir, great project. I love it!

I try to use my own credentials for the whole lab environment and I stuck on many times that are the credentials are hard coded.

e.g. dedploy VMFleet image

It is possible to set in the first script your own credentials and this works for the whole lab environment?

jaromirk commented 2 years ago

Hi! Got it! Btw. forget deployVMFleet script. I already removed it in new versions. Take a look here https://github.com/microsoft/MSLab/tree/master/Scenarios/AzSHCI%20and%20VMFleet - it's adjusted for new VMFleet. And also there is new tool to create VMFleet image in tools (downloaded with prereqs) https://github.com/microsoft/MSLab/blob/master/Tools/CreateVMFleetDisk.ps1

DenBir commented 2 years ago

Good to know. I had today 2 other issues regarding VMFleet.

I tried to deploy VMFleet with a old MS password "Pa$$w0rd".

I've replaced your password with my password but it's not working. I got every time an access denied for Invoke-Command to the nodes. This issue is my password with $ and your "" this is not working. I've checked the $credentials variable and the password was wrong.

I replaced this "" with '' and now it's working fine with Invoke command. image

2nd issue is this part with VMFleet: New-Fleet -BaseVHD "c:\ClusterStorage\Collect\$using:VHDName" -AdminPass Pa$$w0rd -Admin Administrator -ConnectUser corp\sysadm -ConnectPass Pa$$w0rd

So it's not working. 1st issue here is that AdminPass had also an issue with $. SSO to logon is not possible > wrong password. But if I enter the correct password Pa$$word on the console it's working fine. I changed this here again from -AdminPass Pa$$word to -AdminPass 'Pa$$w0rd' 2nd issue is ConnectPass same issue again. But it's also not working with Pa$$word or 'Pa$$word'. Ath the moment I can't understand why is this not working. After several tests I had add a new user in domain with your lab credentials. This works fine. image

jaromirk commented 2 years ago

Teams call? Ping me at jaromir.kaspar@dell.com

jaromirk commented 2 years ago

btw. please forget that old script. Create vmfleet image with CreateFMFleetDisk.ps1. It will ask for VHDX, so provide one from parent disks (windows server core). It will also ask for password. This needs to be the same as you later provide as -AdminPass ... -Admin will be always Administrator ... -ConnectUser and -ConnectPass are admin credentials in plaintext to be able to connect to collect file share.

jaromirk commented 2 years ago

We had a call... looks like VMFleet 2.0 does not support '$' in passwords. So password "P@$$w0rd" does not work (even if it is in single quotes).