Question

The remote server returned an error: (401) Unauthorized

  • 10 August 2022
  • 1 reply
  • 1091 views

Badge

Hello,

On our new infra NUTANIX AHV, when I try to connect with Powershell I've this error :

 

PS > $PrismIP = "<Prism ip>"
PS > $userName = "<AccountUser>"
PS > $password = ConvertTo-SecureString -String "<ComPlexE%Pass@ord>" -AsPlainText -Force
PS > Disconnect-NTNXCluster *
PS > $connection = Connect-NutanixCluster -Server $PrismIP -UserName $username -Password $password -AcceptInvalidSSLCerts -ForcedConnection
Connect-NutanixCluster : The remote server returned an error: (401) Unauthorized.
At line:1 char:15
+ ... onnection = Connect-NutanixCluster -Server $PrismIP -UserName $ ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (Nutanix.Prism.Common.NutanixCluster:NutanixCluster) [Connect-NutanixCluster], WebException
    + FullyQualifiedErrorId : The username or password you entered is incorrect. Please try again.
,Nutanix.Prism.Common.NutanixCluster

 

 

When I try a Invoke-WebRequest command, same error :

 

PS > $cred = Get-Credential
PS > Invoke-WebRequest https://<Prism ip>:9440/PrismGateway/services/rest/v1/cluster -Credential $cred
Invoke-WebRequest : The remote server returned an error: (401) Unauthorized.
At line:1 char:1
+ Invoke-WebRequest https://<Prism ip>:9440/PrismGateway/services/rest ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

 

 

But if I use this method, It's work :

 

PS > $user='<AccountUser>'
PS > $pass='<ComPlexE%Pass@ord>'
PS > $pair = "$($user):$($pass)"
PS >
PS > $encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
PS > $basicAuthValue = "Basic $encodedCreds"
PS > $Headers = @{ Authorization = $basicAuthValue }
PS >
PS > Invoke-WebRequest -Uri 'https://<Prism ip>:9440/PrismGateway/services/rest/v1/cluster' -Headers $Headers
StatusCode        : 200
StatusDescription : OK

 


On a CentOS serveur if I use this command It's work too :

 

    # curl -k -u <AccountUser>:<ComPlexE%Pass@ord> -X GET --header 'Accept: application/json' https://<Prism ip>:9440/PrismGateway/services/rest/v1/cluster
{"id":"<uuid>","uuid":"<uuid>","clusterIncarnationId":1648047258399236,"clusterUuid":"<uuid>","name":"<Cluster_Name>",................

 

So if apparently I use a non secure password I can connect, but when password is "secure" (ConvertTo-SecureString / Get-Credential) it does not work.

 

Do you know what parameter I need to change on AHV/PRISM to allow connection ?


Version :

LCM : 2.4.5.2
AOS : 5.20.4 LTS
NCC : 4.6.0
Foundation : 5.2.1-75e62260
Hypervisor : el7.nutanix.20201105.2286

 

Thanks


1 reply

Badge

Hello,

 

My bad, something he didn't like about my password. I change it and I can connect (Connect-NTNXCluster).

 

For password in “Prism-Local User Management” :

recognized as special characters          ->            # @ * ! ?
not recognized as special characters    ->            + ; . , £ µ = ~ [ | ` ] - ¤ ^ ¨ _ / : § ( € " < >
Not allowed/recommanded                  ->            $ % ) \ { } ^ &

 

 

Someone say how deactivate complexity password (8 characters, 1 lowercase, 1 special character,...) ?

 

I found how change when admin account expire (sudo chage -l admin)

I found CVM security settings (ncli cluster get-cvm-security-config) and hypervisor security settings (ncli cluster get-hypervisor-security-config) but “High Strength Passwords” already to false.

 

Thanks

 

 

Reply