cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
844
Views
5
Helpful
4
Replies

PS Connect-Ucs cmdlet fails, using the same creds that work in browser

aj_colon
Level 1
Level 1

I'm not able to authenticate with our UCS server using credentials established for me, which work fine in Chrome.  If I run the  imm-compatibility-checker.ps1 script (from GitHub), the message is:

 

         Error connecting to UCS Domain using supplied credentials

 

If I try using Connect-Ucs directly from the PowerShell v7.2.0 command line, I see:

 

          Connect-Ucs: Connect-Ucs: host.example.com 300:Data at the root level is invalid. Line 1, position 1..

 

What's different?  Am I missing a role?

4 Replies 4

Brian Morrissey
Cisco Employee
Cisco Employee

The "data at the root level is invalid" is usually because whatever is being returned is not in XML format. 

 

I would try doing a normal invoke-webrequest in powershell with the UCSM XML API to see what is actually being returned and that its not trying to go through some disallowed proxy etc:

 

PowerTool C:\> Invoke-WebRequest -URI https://x.x.x.x/nuova -Method Post -Body '<aaaLogin inName="admin" inPassword="mypassword"/>'

StatusCode : 200
StatusDescription : OK
Content : <aaaLogin cookie="" response="yes" errorCode="551"
invocationResult="unidentified-fail"
errorDescr="Authentication failed"> </aaaLogin>
RawContent : HTTP/1.1 200 OK
Date: Tue, 01 Feb 2022 13:27:44 GMT
Server: Apache
Access-Control-Allow-Origin: https://x.x.x.x
Strict-Transport-Security: max-age=31536000;
includeSubDomains
X-Content-Type-O...
Forms : {}
Headers : {[Date, Tue, 01 Feb 2022 13:27:44 GMT], [Server, Apache],
[Access-Control-Allow-Origin, https://x.x.x.x],
[Strict-Transport-Security, max-age=31536000;
includeSubDomains]...}
Images : {}
InputFields : {}
Links : {}
ParsedHtml : System.__ComObject
RawContentLength : 136

 

If the content is very long and truncated you can pipe the cmdlet | Select-Object -Expand Content

If you get certificate errors you should be able to add '-SkipCertificateCheck' to ignore it and see the content

Thanks for that, Brian.  Using Invoke-Webrequest returns an http 200, as expected:

StatusCode : 200
StatusDescription : OK
Content : <meta HTTP-EQUIV="REFRESH" content="0; url=ui">

RawContent : HTTP/1.1 200 OK
Date: Tue, 01 Feb 2022 13:56:22 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=…
Headers : {[Date, System.String[]], [Server, System.String[]], [X-XSS-Protection, System.String[]], [X-Frame-Options, System.String[]]…}
Images : {}
InputFields : {}
Links : {}
RawContentLength : 48
RelationLink : {}

Given that I can authenticate using this method, what can I do about the Connect-Ucs cmdlet?

In the content section you should have seen something like "<aaaLogin>" with a session token if it was successful.  What type of UCS device and firmware version are you trying to connect to?

 

I would try grabbing the main webpage to see what shows up:

Invoke-WebRequest -URI https://x.x.x.x -SkipCertificateCheck

 

Example output from UCS Domain:

StatusCode : 200
StatusDescription : OK
Content : <!DOCTYPE html>
<html>
<head>
<title>Cisco UCS Manager</title>
<link href="favicon.ico" rel="shortcut icon">
<meta http-equiv="X-UA-Compatible"…
RawContent : HTTP/1.1 200 OK
Date: Tue, 01 Feb 2022 14:48:31 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Prote…
Headers : {[Date, System.String[]], [Server, System.String[]], [Strict-Transport-Security, System.String[]],
[Accept-Ranges, System.String[]]…}
Images : {@{outerHTML=<img class="logoImg" src="images/CiscoLogo_login_160x60.svg" />; tagName=IMG;
class=logoImg; src=images/CiscoLogo_login_160x60.svg}}
InputFields : {}
Links : {@{outerHTML=<a class="launchBtn btn btn-primary btn-block" href="app/ucsm/index.html"
role="button">Launch UCS Manager</a>; tagName=A; class=launchBtn btn btn-primary btn-block;
href=app/ucsm/index.html; role=button}, @{outerHTML=<a class="launchBtn btn btn-primary btn-block"
href="cgi-bin/main.cgi" role="button">Express Setup</a>; tagName=A; class=launchBtn btn
btn-primary btn-block; href=cgi-bin/main.cgi; role=button}, @{outerHTML=<a class="launchBtn
kvmLmBtn btn btn-primary btn-block" href="app/ucsm/kvmlauncher.html" role="button">Launch KVM
Manager</a>; tagName=A; class=launchBtn kvmLmBtn btn btn-primary btn-block;
href=app/ucsm/kvmlauncher.html; role=button}, @{outerHTML=<a
href="http://www.opensource.org/licenses/gpl-2.0.php">GNU gpl 2.0</a>; tagName=A;
href=http://www.opensource.org/licenses/gpl-2.0.php}…}
RawContentLength : 6742
RelationLink : {}

 

When I do that, I get the same response as before:

 

PS C:\Users\Cisco> Invoke-WebRequest -uri https://xx.xx.xx.xx -SkipCertificateCheck

StatusCode : 200
StatusDescription : OK
Content : <meta HTTP-EQUIV="REFRESH" content="0; url=ui">

RawContent : HTTP/1.1 200 OK
Date: Tue, 01 Feb 2022 15:10:38 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=…
Headers : {[Date, System.String[]], [Server, System.String[]], [X-XSS-Protection, System.String[]], [X-Frame-Options,
System.String[]]…}
Images : {}
InputFields : {}
Links : {}
RawContentLength : 48
RelationLink : {}

 

I'll have to ask the sysadmin about the UCS device and firmware version.

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card