Forum Discussion

Bevan_Thomson_9's avatar
Bevan_Thomson_9
Icon for Nimbostratus rankNimbostratus
Feb 09, 2012

PermissionDenied without even trying

Hi All,

 

 

I've come across a strange situation with the powershell icontrol setup I have. I've written a script which (when working) will loop through our LTM estate gathering info and storing it in a DB. This process works fine against the first couple of LTM's I've pointed it at, but when I added another one yesterday I constantly get errors. I've taken my script out of the loop and am trying to connect interactively with still no success:

 

 

Initialize-F5-iControl : Could not initialize connection with supplied information

 

Line:1 char:23

 

Initialize-F5.iControl <<<< -HostName XX.XX.XX.XX -Username admin -Password XXXXX

 

CategoryInfo : PermissionDenied: (XX.XX.XX.XX:String) [Initialize-F5.iControl], Exception

 

FullyQualifiedErrorId: 2, icontrolSnapIn.CmdLet.Global.InitializeiiControl

 

 

 

I know the answer looks obvious, but apart from me knowing that I do actually have the correct credentials so it can't be a permissions problem, running a tcpdump on the LTM itself shows there is absolutely no traffic hitting it at all, so the snapin is failing without even trying to connect.

 

 

Does anybody know what this might be? I know that address that I've masked out would go via a set of proxies if I was to browse via IE(because of pac file), but my understanding of the icontrol thing is that you have to specifically ask it to proxy so I wouldn't expect it to be messing around with IE settings or anything.

 

 

Thanks in advance for any help

 

 

  • Thanks Patrik for the info. Didn't know that. Is there still a community where I can attend or does everyone develop it now by his own, which wouldn't be very productive.

     

    • Joe_Pruitt's avatar
      Joe_Pruitt
      @Patrick 02 - read my comment above. I am here listening to community issues and we aim to help out wherever we can. On DevCentral, our goal is to help you all as best we can. Cheers! -Joe
  • Hi Joe, I was using the below command. Not sure what is the resolution for this error. It worked very fist time and I got the pool info from common partition. After I tried to get pool from a different partition. From there it was failing. I am not able to connect after. Let me know for any suggestions.

     

    Initialize- -Hostname x.x.x.x -Credentials (Get-Credential) Error Message: Initialize- : Could not initialize connection with supplied information At line:1 char:1 + Initialize- -Hostname x.x.x.x -Credentials (Get-Cre ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (x.x.x.x:String) [Initialize-], Exception + FullyQualifiedErrorId : 2,iControlSnapIn.CmdLet.Global.InitializeiControl

     

  • Hello,

    with lates MS updates, TLS is required by Windows so simply add

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 BEFORE

    Initialize-F5.iControl -Hostname bigip_address -Credentials (Get-Credential)

     

    Regards.

     

    G.

     

  • Just wanted to add that the solution that Gianluca suggests works if the issue is that the server requires TLS1.2:

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

    But the reason is not that TLS is required by Windows. It's actually that the Powershell version used is not presenting any TLS1.2 ciphers to the server, only TLS1. If the server is not configured with any TLS1 ciphers it will reset (or drop, depending on the server) the connection.

     

    Using the code above will make Powershell present TLS1.2 ciphers instead.

     

    Also want to add that Powershell is notoriously sh*tty at providing useful error messages and that the error message you get can also be due to a bunch of other things.