The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
After PowerShell Agent is installed and running, you must add it to Cisco UCS Director. You must set up the virtual account (for example, an SCVMM account) to use the PowerShell Agent for inventory collection and other management functions.
Verify connectivity between Cisco UCS Director and the PowerShell Agent.
After the PowerShell Agent is added, you can check the connectivity between Cisco UCS Director and the PowerShell Agent.
Execute the Cisco UCS Director PowerShell command on the target server.
Note | This problem can happen with Windows Server 2012 R2 or other versions that use advanced cipher suites for https communication. |
When you check the PowerShell Agent logs in the PowerShell Agent server, you will find an SSPI failed with inner exception error. See a sample error message below:
2014-08-20 14:44:16,832 [6] ERROR cuic.ClientConnection[null] - Exception: A call to SSPI failed, see inner exception.
2014-08-2014:44:16,832 [6] DEBUG cuic.ClientConnection[null] - Inner exception: The message received was unexpected or badly formatted.
2014-08-2014:44:16,832 [6] DEBUG cuic.ClientConnection[null] - Authentication failed - closing the connection.
The test connection fails because of the Microsoft update, in which, new TLS cipher suites are added and cipher suite priorities are changed in Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2. See Microsoft kb article 2929281 for further information on this update.
At a command prompt, enter gpedit.msc to open your group policy editor.
Expand SSL Configuration Settings.
, and then clickUnder SSL Configuration Settings, click the SSL Cipher Suite Order setting.
In the SSL Cipher Suite Order pane, scroll to the bottom of the pane.
Follow the instructions labeled How to modify this setting.
It is necessary to restart the computer after modifying this setting for the changes to take effect.
Cisco UCS Director provides a mechanism to test connectivity to a target server through the PowerShell Agent (end-to-end connectivity).
Step 1 | On the menu bar, choose . | ||||||||||||||||
Step 2 | Click the Execute Command icon. | ||||||||||||||||
Step 3 | In the
Execute
PowerShell Command dialog box, complete the following fields:
| ||||||||||||||||
Step 4 | Click Execute. The Command Output window displays the execution results. | ||||||||||||||||
Step 5 | Click Close. |
PowerShell Agent commands can be used in a workflow orchestration in Cisco UCS Director. A workflow can use a task that executes PowerShell commands against a target server.
The Execute PowerShell Command, for example, could use the following inputs:
PowerShell Agent
Target Server's credentials (IP address, username and password, and domain)
Commands or Scripts of up to 64 kb.
Note | Alternatively, you can provide the path to a PowerShell script on the target server (for example: C:\scripts\DoSomething.ps1) instead of providing a series of commands. The PowerShell Agent executes the script as long as it exists at the specified path on the target server. |
In the above example, the PowerShell command is mapped to a user input, while the rest of the inputs are pre-configured within the task itself. When you execute the workflow in Cisco UCS Director, you are prompted to enter the PowerShell Agent commands to run on a target server. Use a ";" to separate multiple commands (for example, Hostname; Get-Process). Cisco UCS Director runs the commands against the target server and displays the output as an XML string in a service request log window.
The following example outlines how you can set up PowerShell Agent on a Windows server and run a test task.
Step 1 | Create a Microsoft Windows Server 2008 R2 or 2012 R2 VM. |
Step 2 | Make sure that the VM has the required .NET Framework and Windows PowerShell versions. |
Step 3 | Open a web browser and log on to Cisco UCS Director. |
Step 4 | From the Administration > Virtual Accounts > PowerShell Agents tab, download the PowerShell Agent and install it on the VM. |
Step 5 | In Windows Firewall, open the port that has been configured for the PowerShell Agent (the default port is 43891) or stop the firewall. |
Step 6 | Open PowerShell
and run the following commands:
Enable-PSRemoting -Force Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force Restart-Service WinRM Set-ExecutionPolicy unrestricted -Force |
Step 7 | On the
PowerShell Agent tab in Cisco UCS Director, click
Execute
Command option. In the
Execute
PowerShell Command dialog box, in addition to providing the IP
address, user credentials of the VM, and the server domain, enter the following
command in the Commands/Scripts field:
Echo "Import-ActiveDirectory" > c:\test.ps1 |
Step 8 | Check the output for the test task on the C drive of the VM. |