search

vmware-archive / powernsx

PowerShell module that abstracts the VMware NSX-v API to a set of easily used PowerShell functions
173 stars 89 forks source link

Connecting using the -vCenterServer will connect even though password is incorrect #501

Closed tahershaker closed 6 years ago

tahershaker commented 6 years ago

Dear All,

I am righting a tool that depends on PowerNsx and when i am connecting to the NSX using the Connect-NsxServer with the -vCenterServer option, the connection will go on even if i give an incorrect NSX Password and thus later if i used any PowerNsx CmdLets it will not retrive anything erroring out iwth 403 error which is logical as the password is in correct.

Shouldnt there be any checks if the primamry connection is successful ?

Please find below sample code:

PS C:\> $vCenterServerIP = "192.168.110.21"
PS C:\> $vCenterServerUser = "administrator@vsphere.local"
PS C:\> $vCenterServerPassword = "VMware1!"
PS C:\> $NsxManagerUser = "admin"
PS C:\> $NsxManagerPassword = "VMware12345!"  #<<<---- Wrong Password
PS C:\> Connect-VIServer -Server $vCenterServerIP -User $vCenterServerUser -Password $vCenterServerPassword -Force -WarningAction SilentlyContinue -InformationAction Ignore -EA "SilentlyContinue"

Name                           Port  User                          
----                           ----  ----                          
192.168.110.21                 443   VSPHERE.LOCAL\Administrator   
PS C:\> Connect-NsxServer -vCenterServer $vCenterServerIP -Username $NsxManagerUser -Password $NsxManagerPassword -EA SilentlyContinue
Using existing PowerCLI connection to 192.168.110.21

Version             : 6.3.4
BuildNumber         : 7087695
Credential          : System.Management.Automation.PSCredential
Server              : 192.168.112.10
Port                : 443
Protocol            : https
ValidateCertificate : False
VIConnection        : 192.168.110.21
DebugLogging        : False
DebugLogfile        : C:\Users\ADMINI~1\AppData\Local\Temp\2\PowerNSXLog-admin@-2018_04_09_13_45_57.log

PS C:\> Get-NsxLogicalSwitch
Invoke-NsxRestMethod : The NSX API response received indicates a failure. 403 : Forbidden : Response Body: 
At C:\Users\Administrator\Documents\WindowsPowerShell\Modules\PowerNSX\3.0.1054\PowerNSX.psm1:4073 char:13
+             throw $ErrorString
+             ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (Invoke-NsxRestM...Response Body: :String) [], RuntimeException
    + FullyQualifiedErrorId : Invoke-NsxRestMethod : The NSX API response received indicates a failure. 403 : Forbidden : Response Body: 
 ](url)
tahershaker commented 6 years ago

Just test it again and i have found that this happens only if you add -EA SilentlyContinue in the connect command, if you did not add -EA option it will error out in the connection initiation

nmbradford commented 6 years ago

Well - yeah, that's what happens when you suppress the exception with -ErrorAction SilentlyContinue :). If you want it to error, then don't suppress the error :)

Also, you are using Connect-NsxServer incorrectly. Firstly, there is no need to make a separate Connect-ViServer call first. The vCenter connection is handled automatically by Connect-NsxServer. Secondly, if you are using -vCenterServer parameter in connect-nsxserver, then the -username and -password parameters should be sso credentials with access to vCenter and NSX (not 'admin'). If you want to use NSX specific credentials ('admin'), then use the -NsxServer parameter. This is all documented in the Get-Help for Connect-NsxServer. I suggest you have a look at the examples in there.

Hope this helps.

tahershaker commented 6 years ago

Hi Nick,

Appologies, this is my mistake, should have gone through the Get-Help first before reaching out here. Thanks for your help.

nmbradford commented 6 years ago

No problem.