HPE Community
HPE OneView
1824941 Members
3831 Online
109678 Solutions
New Discussion юеВ

Connect-HPOVMgmt fails via Non-Interactive Account Task to 2 of 4 appliances (local auth)

 
SOLVED
Go to solution
PaulRooney
Visitor

тАО01-14-2023 07:16 PM - last edited on тАО01-16-2023 08:47 PM by

тАО01-14-2023 07:16 PM - last edited on тАО01-16-2023 08:47 PM by

Connect-HPOVMgmt fails via Non-Interactive Account Task to 2 of 4 appliances (local auth)

I've got a problem I could really use some help with.

I have a PowerShell script that connects to 4 OneView appliances, connecting, then disconnecting between each one and pulling data for an export. This script works perfectly when I use my AD account and either run it manually, or via a Scheduled task when using my personal AD account.

When I run this with a non-interactive Service account it connects to and exports data for only 2 of the 4 appliances.

The two appliances that don't work with the service account have different firmware than the two appliances that do work with the service account.

In the script I use a local OneView auth account to connect to the 4 appliances. I do a connect to each of the four appliances, in turn, export data to a .csv file, one for each device, then disconnect and connect to the next appliance. Again, when I run this via my AD account from the PowerShell ISE or as a scheduled task from the same server, it works perfectly and connects to all the appliances. If the same script is run with a non-interactive service account via a scheduled task, it fails to connect to two of the four devices.

It shouldn't matter as I'm connecting with the local auth account, but for background my AD account is not in the domain that we have set as a directory on the OneView appliances, so it's not able to login to them, ruling that out as a factor.

The script itself works perfectly when run via my account, so that should rule out the script as a problem, or anything like certs or communications.

The appliances themselves are different. The two that work regardless of which account is used are on firmwares:

Working appliances (works with both interactive and non-interactive accounts) manually or via Schedule Task
4.10.01-0348545
6.60.00-0455762


Not working with non-interactive (Service) account as Scheduled Task, both on:
5.50.00-0426657

The version of the HPE POSH module I'm using is 4.10.1889.2173.

Since I'm successfully connecting with the service account to both an older and a newer firmware version vs the non working (with the service account) appliances, I'm wondering what could be the problem here. 

Here's an example of how I'm connecting/disconnecting in the script:

$OVlogin = "a locally created OV account, present on all 4 devices"

$Connection2 = Connect-HPOVMgmt -Hostname 'RedactedOVAppliancename' -AuthLoginDomain Local -UserName $OVlogin -Password $password

Get-HPOVServer |
Select-Object -Property @{Name="Name"; Expression={$_.name}},
@{Name="Server Name"; Expression={$_.serverName}},
@{Name="Serial Number"; Expression={$_.serialNumber}},
@{Name="Asset Tag"; Expression={$_.assetTag}},
@{Name="Status"; Expression={$_.status}},
@{Name="Profile State"; Expression={$_.state}},
@{Name="Power State"; Expression={$_.powerState}},
@{Name="License Type"; Expression={$_.licensingIntent}},
@{Name="Model"; Expression={$_.model}}
|

Export-Csv -NoTypeInformation -Path $exportPath2 -Append

Disconnect-HPOVMgmt $Connection2

I'm thinking it must be the firmware here. I work in a large environment where it's difficult to schedule changes of this sort, so I'd prefer any other soluition to that. Not to mention the last time I did a firmware upgrade on a OneView appliance from 4.10 to 6.6, my AD account that I used to run the upgrade has been locking out in AD literally every 5 minutes ever since and the lockouts originate from the OV appliance that I upgraded. I have an open support ticket for that currently, but that's not what I'm looking for help with.

Any ideas of things I can try here?

Thanks in advance,

Paul

0 Kudos
Reply
3 REPLIES 3
PaulRooney
Visitor

тАО01-16-2023 05:22 PM

тАО01-16-2023 05:22 PM

Re: Connect-HPOVMgmt fails via Non-Interactive Account Task to 2 of 4 appliances (local au

In the scheduled task log, when it hits the two appliances that don't connect with the service account, I see this error:

Connect-HPOVMgmt : The underlying connection was closed: An unexpected error occurred on a send

0 Kudos
Reply
PaulRooney
Visitor

тАО01-16-2023 08:46 PM

тАО01-16-2023 08:46 PM

Solution

Re: Connect-HPOVMgmt fails via Non-Interactive Account Task to 2 of 4 appliances (local au

In case anyone is following this, I've cracked it.

The error message from the debug led me to it. While it still doesn't make sense to me, where my interactive account running the script works for 4/4 appliance connections, but the non interactive AD service account running the script (with local account Auth, mind you) enabling TLS 1.2 in the script prior to the connect statements allows the non-interactive account to connect to all 4 devices. 

This is what I added to my script:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Cheers!

Paul

Reply
ChrisLynch
HPE Pro

тАО01-17-2023 03:37 PM

тАО01-17-2023 03:37 PM

Re: Connect-HPOVMgmt fails via Non-Interactive Account Task to 2 of 4 appliances (local au

Glad you were able to root cause the problem.  In the future, I would suggest using the project issue tracker to report issues with the HPE OneView PowerShell library.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.