Forum Discussion
NimbostratusPermissionDenied without even trying
I've come across a strange situation with the powershell icontrol setup I have. I've written a script which (when working) will loop through our LTM estate gathering info and storing it in a DB. This process works fine against the first couple of LTM's I've pointed it at, but when I added another one yesterday I constantly get errors. I've taken my script out of the loop and am trying to connect interactively with still no success:
Initialize-F5-iControl : Could not initialize connection with supplied information
Line:1 char:23
Initialize-F5.iControl <<<< -HostName XX.XX.XX.XX -Username admin -Password XXXXX
CategoryInfo : PermissionDenied: (XX.XX.XX.XX:String) [Initialize-F5.iControl], Exception
FullyQualifiedErrorId: 2, icontrolSnapIn.CmdLet.Global.InitializeiiControl
I know the answer looks obvious, but apart from me knowing that I do actually have the correct credentials so it can't be a permissions problem, running a tcpdump on the LTM itself shows there is absolutely no traffic hitting it at all, so the snapin is failing without even trying to connect.
Does anybody know what this might be? I know that address that I've masked out would go via a set of proxies if I was to browse via IE(because of pac file), but my understanding of the icontrol thing is that you have to specifically ask it to proxy so I wouldn't expect it to be messing around with IE settings or anything.
Thanks in advance for any help
15 Replies
Bevan_Thomson_9Update: Powershell/iControl is certainly using the browser proxy settings as I can see the traffic going to the proxies (the connection should really be direct). Now I just need to figure out how to stop it - as our browser is locked down and can't be changed.- Bevan_Thomson_9Last Update:
This does the trick:
Set-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" -Name "ProxyHttp1.1" -Value 1
Set-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" -Name ProxyEnable -Value 1
So, get the current value at the start, force it off, then set it back to whatever it was at the end
My my talking to myself helps somebody else :) I encountered the same thing.
Tried running as an administrator
Tried using the icontrol folder as home directory.
Tried adding the registry fixes above.
Tried reinstalling the iControl dll's.
Tried rebooting the server.
Tried re-registering them before running the script.
Analyzed the traffic from the server with Wireshark, nothing is sent to the load balancer IP.Sample output:
PS C:\Windows\system32> Initialize-F5.iControl -HostName "10.0.0.1" -Username "user" -Password "password"
YclJPjkNLT"
Initialize-F5.iControl : Could not initialize connection with supplied information
At line:1 char:23
+ Initialize-F5.iControl <<<< -HostName "10.0.0.1" -Username "username" -Password "password"
+ CategoryInfo : PermissionDenied: (10.0.0.1:String) [Initialize-F5.iControl], Exception
+ FullyQualifiedErrorId : 2,iControlSnapIn.CmdLet.Global.InitializeiControlAny help would be most appreciated.
Kind regards,
Patrik- ejhayes_26587
Same issue--I logged into the server to run the same command and it keeps saying permission denied. I've hardcoded the whole command and it still fails.
Initialize-F5.iControl : Could not initialize connection with supplied informat ion At C:\projects\helpers\bigip.ps1:226 char:36 + $success = Initialize-F5.iControl <<<< -HostName $g_bigip -Username $g_uid -Password $g_pwd; + CategoryInfo : PermissionDenied: (x.x.x.x:String) [Initialize -F5.iControl], Exception + FullyQualifiedErrorId : 2,iControlSnapIn.CmdLet.Global.InitializeiContro l C:\projects\helpers\bigip.ps1 : ERROR: iControl subsystem not initialized At line:3 char:2 + . <<<< c:\projects\helpers\bigip.ps1 "x.x.x.x" "username" " password" "poolname" "x.x.x.x:z"} + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorExcep tion + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorExceptio n,bigip.ps1 The Initialize-F5.iControl cmdlet requires three parameters. -Hostname, -Username, and -Password. If you are getting a permisssion denied error, then odds are you are not supplying valid credentials to login to the BIG-IP.
Are you able to authenticate to the web admin interface at https://${g_bigip} with the ${g_uid} and ${g_pwd} values as credentials? I would wager that if you did, you would get an autentication error as well as the two methods use the same login framework.
-Joe
- Hi there!
Thanks for your answer. No traffic is sent from the server to the BigIP. It actually fails without trying. The users has been verified.
I have found that sometimes it works though if I close all powershell processes and start a new one.
But only sometimes.
Any additional help is greatly appreciated!
Kind regards,
Patrik - Funny thing. I decided to add debug rows logging the progress of the script and now it's suddenly working.
I have no idea why but when life gives you lemons and so forth... - tinymontgomery_
I disassembled the icontrolplugin and added some debugging code to figure this out. Unfortunately what I learned was that if any exception happens during this call it will always return a hard coded PermissionDenied error. I changed the code to return the actual exception encountered and in my case I actually had a root web.config issue related to my company's app that was preventing icontrol to load one of the core webrequest objects in .net. Once I could actually see the exception I was running into it took me less then 5 mins to fix. Lesson to the kids...never hard code an exception.
Patrick_02_1416seems like there was no lessons learned for3 years. I'm facing currently the same issue. Web Login works without any problem. icontrol login does not work after some time with the same saved credentials, also renewing them does not work.
br, Patrick
F5 has stopped supporting community plugins now. I'm rewriting all my scripts to use REST api. Recommending you to do the same.
