Start-PasswordPolicyConfig fails to set vCenter password with the message "Cannot validate argument on parameter 'email'"

[joisika]

Code of Conduct

• [X] I have read and agree to the Code of Conduct.
• [X] Vote on this issue by adding a 👍 reaction to the original issue initial description to help the maintainers prioritize.
• [X] Do not leave "+1" or other comments that do not add relevant information or questions.
• [X] If you are interested in working on this issue or have submitted a pull request, please leave a comment.

VMware Cloud Foundation

5.1.0.0

PowerShell Version

7.4.1

PowerCLI Version

13.2.1

Module Version

1.7.1.1004

PowerValidatedSolutions Version

2.8.0.1048

PowerVCF Version

2.4.1.1000

Guest Operating System

Ubuntu Linux

Environment Details

No response

Description

Getting an error about e-mail address during "Start-PasswordPolicyConfig" while using examples from the documentation.

Error or Debug Output

 [03-07-2024_15:47:05] INFO Configuring vCenter Server Local Users: Password Expiration Policy for Workload Domain (sfo-m01)
 [03-07-2024_15:47:05]   Error at Script Line 945
 [03-07-2024_15:47:05]   Relevant Command: $StatusMsg = Update-VcenterRootPasswordExpiration -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain.name -email $customPolicy.vcenterServerLocal.passwordExpiration.email -maxDays $customPolicy.vcenterServerLocal.passwordExpiration.maxDays -warnDays $customPolicy.vcenterServerLocal.passwordExpiration.warningDays -WarningAction SilentlyContinue -ErrorAction SilentlyContinue -WarningVariable WarnMsg -ErrorVariable ErrorMsg
 [03-07-2024_15:47:05]   Error Message: Cannot validate argument on parameter 'email'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.

Expected Behavior

e-mail should be one of:

1. part of the input parameters
2. get from VC

Actual Behavior

Script is showing the error above

Steps to Reproduce

Steps to reproduce:

1. Generate *.json file with: "Get-PasswordPolicyDefault -generateJson -jsonFile passwordPolicyConfig.json -version '5.1.0.0'"
2. Edit json file and change values
3. Run 'Start-PasswordPolicyConfig -sddcManagerFqdn sfo-vcf01.sfo.rainpole.io -sddcManagerUser admin@local -sddcManagerPass VMw@re1!VMw@re1! -sddcRootPass VMw@re1! -reportPath "F:\Reporting" -policyFile "passwordPolicyConfig.json" '

Log Fragments and Files

passwordPolicyConfig.json

Screenshots

No response

References

No response

[joisika]

If I try this one:

PS /home/xxxxx> Update-VcenterRootPasswordExpiration -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -maxDays 99 -warnDays 14                  Error at Script Line 4670                                                                                              
 Relevant Command: Set-VcenterRootPasswordExpiration -email $email -maxDays $maxDays -warnDays $warnDays | Out-Null
 Error Message: Cannot validate argument on parameter 'email'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
PS /home/xxxxx>

I got an error, so it treats the e-mail is mandatory But it is not mandatory if I go directly to Set-VcenterRootPassword:

PS /home/xxxxx> Set-VcenterRootPasswordExpiration  -maxDays 99 -warnDays 14                           

PS /home/xxxxx> Get-VcenterRootPasswordExpiration                          

warn_days_before_password_expiration : 14
min_days_between_password_change     : 0
roles                                : {superAdmin}
password_expires_at                  : 6/19/2024 12:00:00 AM
fullname                             : root
last_password_change                 : 3/12/2024 12:00:00 AM
enabled                              : True
has_passworPS /home/iivanov>d                         : True
max_days_between_password_change     : 99

PS /home/xxxxx>

So Update-VcenterRootPasswordExpiration should call Set-VcenterRootPasswordExpiration with the same set of parameters that it was called instead of hard coding the command. If user has passed email - add it to the invocation, if not - remove it

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.