cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3108
Views
2
Helpful
2
Comments
Orf Gelbrich
Cisco Employee
Cisco Employee

A thank you goes out to Mohamed Arif Hajamohideen.

Please check the following pre-requisite to execute the VIX task.

·         Respective VM (Linux or Windows) must be powered on.

·         Username and Password must be known for the VM.

·         VMware tools must be installed.

·         ESX host should be reachable from UCSD. Do a ping test to the ESX host-IP  from UCSD server

·         SSH to UCSD server and Execute the following sample command for debugging

Sample Command :

/opt/infra/inframgr/vmsetup/cuicGuestWindowsCommand https://<Vcenter IP>/sdk <vcernter-username> <vcenter-password> <datastore_vmx_storage_file_pathe> <VM_UserName> <VM Password> C:\\WINDOWS\\system32\\cmd.exe "/c mkdir C:\\test2"

/opt/infra/inframgr/vmsetup/cuicGuestWindowsCommand https://172.29.109.109/sdk username password "[datastore1 (1)] Girisha-dont-power-off-1/Girisha-dont-power-off-1.vmx" GIRISHATEST\\administratorcloupia123 C:\\WINDOWS\\system32\\cmd.exe "/c mkdir C:\\test2"

Unknown.png

The VIX Script Guide has been published to cisco.com. The URL is:

http://www.cisco.com/c/dam/en/us/td/docs/unified_computing/ucs/ucs-director/vix-script/VIXScriptUseCaseGuide.pdf

Output from VIX is potentially Here:

       /opt/infra/vix_temp_files/vixoutput-<date-time>.txt

Login Errors:

There are instances if VIX is used in post vm deployments (workflow) that the customization of the VM may not be completed and hence results in a login error.  The VM deployment needs to be finished before a VIX task can log on and execute.

VIX and Windows (By Paul Currie)

==========================


Due to a Windows security setting that forces administrators to have to manually elevate the command prompt. It can be disabled through group policy but will likely toss up a warning in the Action Center about degraded security.


Unknown.png


VIX trouble shooting with API call (by Arif):

Execute the RestAPI ‘userAPIExecuteVIXScriptWithOutput’.

This API creates an output file (the file extension is .txt ) in the file path location /opt/infra/vix_temp_files. For a Windows VM , the API creates a batch file (the file extension is .bat) for verifying the batch command.


Unknown.jpeg

RestAPI:

/app/api/rest?formatType=json&opName=genericvm:userAPIExecuteVIXScriptWithOutput&opData=
{param0:247,param1:"administrator",param2:"cloupia123",param3:"C:\\WINDOWS\\system32\\cmd.exe
echo hi\n echo this is secondline"}

More Trouble Shooting suggestions from  the field:

Unknown.png

Exact registry entry that this policy affects and a PowerShell method of setting it:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] -Name EnableLUA -Value 0

PowerShell command to disable UAC:

Set-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name EnableLUA -Value 0

Or, if that “EnableLUA” registry key does not already exist, you may need to use something like:

New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -PropertyType DWord -Value 0 -Force

See these articles for details on how to completely disable UAC:

Side Notes:  Second hop Problem

https://powershell.org/forums/topic/question-about-running-dnscmd-exe-remotely-using-pssession/

More Notes and things to try:

     Enabled CredSSP in power shell host winrm service

     Within the power shell script create a new session to localhost

   $session = New-PSSession  -Credential $credential -Authentication CredSSP -ComputerName localhost

   Invoke-Command -Session $session -ScriptBlock {  #Place your dnscmd automation }

Comments
Eric Thirolle
Community Member

The above info about disabling UAC may also be important when running PowerShell commands from UCSD. I.e., some PS commands will fail if not run in an "elevated" Administrator session... and disabling UCA will ensure that all commands run from an admin-level account will run with actual admin rights.

See these articles for details on ow to completely disable UAC:

Orf Gelbrich
Cisco Employee
Cisco Employee

I added your notes to this post as well UCSD Powershell example to Create AD Computer Account

Thank you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links