01-31-2022 02:33 PM
I'm not able to authenticate with our UCS server using credentials established for me, which work fine in Chrome. If I run the imm-compatibility-checker.ps1 script (from GitHub), the message is:
Error connecting to UCS Domain using supplied credentials
If I try using Connect-Ucs directly from the PowerShell v7.2.0 command line, I see:
Connect-Ucs: Connect-Ucs: host.example.com 300:Data at the root level is invalid. Line 1, position 1..
What's different? Am I missing a role?
02-01-2022 05:45 AM - edited 02-01-2022 05:59 AM
The "data at the root level is invalid" is usually because whatever is being returned is not in XML format.
I would try doing a normal invoke-webrequest in powershell with the UCSM XML API to see what is actually being returned and that its not trying to go through some disallowed proxy etc:
PowerTool C:\> Invoke-WebRequest -URI https://x.x.x.x/nuova -Method Post -Body '<aaaLogin inName="admin" inPassword="mypassword"/>'
StatusCode : 200
StatusDescription : OK
Content : <aaaLogin cookie="" response="yes" errorCode="551"
invocationResult="unidentified-fail"
errorDescr="Authentication failed"> </aaaLogin>
RawContent : HTTP/1.1 200 OK
Date: Tue, 01 Feb 2022 13:27:44 GMT
Server: Apache
Access-Control-Allow-Origin: https://x.x.x.x
Strict-Transport-Security: max-age=31536000;
includeSubDomains
X-Content-Type-O...
Forms : {}
Headers : {[Date, Tue, 01 Feb 2022 13:27:44 GMT], [Server, Apache],
[Access-Control-Allow-Origin, https://x.x.x.x],
[Strict-Transport-Security, max-age=31536000;
includeSubDomains]...}
Images : {}
InputFields : {}
Links : {}
ParsedHtml : System.__ComObject
RawContentLength : 136
If the content is very long and truncated you can pipe the cmdlet | Select-Object -Expand Content
If you get certificate errors you should be able to add '-SkipCertificateCheck' to ignore it and see the content
02-01-2022 06:35 AM
Thanks for that, Brian. Using Invoke-Webrequest returns an http 200, as expected:
StatusCode : 200
StatusDescription : OK
Content : <meta HTTP-EQUIV="REFRESH" content="0; url=ui">
RawContent : HTTP/1.1 200 OK
Date: Tue, 01 Feb 2022 13:56:22 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=…
Headers : {[Date, System.String[]], [Server, System.String[]], [X-XSS-Protection, System.String[]], [X-Frame-Options, System.String[]]…}
Images : {}
InputFields : {}
Links : {}
RawContentLength : 48
RelationLink : {}
Given that I can authenticate using this method, what can I do about the Connect-Ucs cmdlet?
02-01-2022 07:07 AM
In the content section you should have seen something like "<aaaLogin>" with a session token if it was successful. What type of UCS device and firmware version are you trying to connect to?
I would try grabbing the main webpage to see what shows up:
Invoke-WebRequest -URI https://x.x.x.x -SkipCertificateCheck
Example output from UCS Domain:
StatusCode : 200
StatusDescription : OK
Content : <!DOCTYPE html>
<html>
<head>
<title>Cisco UCS Manager</title>
<link href="favicon.ico" rel="shortcut icon">
<meta http-equiv="X-UA-Compatible"…
RawContent : HTTP/1.1 200 OK
Date: Tue, 01 Feb 2022 14:48:31 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Prote…
Headers : {[Date, System.String[]], [Server, System.String[]], [Strict-Transport-Security, System.String[]],
[Accept-Ranges, System.String[]]…}
Images : {@{outerHTML=<img class="logoImg" src="images/CiscoLogo_login_160x60.svg" />; tagName=IMG;
class=logoImg; src=images/CiscoLogo_login_160x60.svg}}
InputFields : {}
Links : {@{outerHTML=<a class="launchBtn btn btn-primary btn-block" href="app/ucsm/index.html"
role="button">Launch UCS Manager</a>; tagName=A; class=launchBtn btn btn-primary btn-block;
href=app/ucsm/index.html; role=button}, @{outerHTML=<a class="launchBtn btn btn-primary btn-block"
href="cgi-bin/main.cgi" role="button">Express Setup</a>; tagName=A; class=launchBtn btn
btn-primary btn-block; href=cgi-bin/main.cgi; role=button}, @{outerHTML=<a class="launchBtn
kvmLmBtn btn btn-primary btn-block" href="app/ucsm/kvmlauncher.html" role="button">Launch KVM
Manager</a>; tagName=A; class=launchBtn kvmLmBtn btn btn-primary btn-block;
href=app/ucsm/kvmlauncher.html; role=button}, @{outerHTML=<a
href="http://www.opensource.org/licenses/gpl-2.0.php">GNU gpl 2.0</a>; tagName=A;
href=http://www.opensource.org/licenses/gpl-2.0.php}…}
RawContentLength : 6742
RelationLink : {}
02-01-2022 07:29 AM
When I do that, I get the same response as before:
PS C:\Users\Cisco> Invoke-WebRequest -uri https://xx.xx.xx.xx -SkipCertificateCheck
StatusCode : 200
StatusDescription : OK
Content : <meta HTTP-EQUIV="REFRESH" content="0; url=ui">
RawContent : HTTP/1.1 200 OK
Date: Tue, 01 Feb 2022 15:10:38 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=…
Headers : {[Date, System.String[]], [Server, System.String[]], [X-XSS-Protection, System.String[]], [X-Frame-Options,
System.String[]]…}
Images : {}
InputFields : {}
Links : {}
RawContentLength : 48
RelationLink : {}
I'll have to ask the sysadmin about the UCS device and firmware version.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide