Jump to content
Welcome to our new Citrix community!

NITRO powershell Invoke-RESTMethods failing after login


Recommended Posts

Hi All,

 

I'm trying to get access to our SDX with NITRO and powershell for the first time, but after login I'm not able to query anything or create somethings.

 

Login:

$body = ConvertTo-JSON @{"login"=@{"username"="nsroot";"password"="nsroot"}}

Invoke-RestMethod -uri "https://<MGMT-IP>/nitro/v2/config/login" -Method POST -body $body -SessionVariable NSSession -ContentType "application/json"

 

Query Images:

Invoke-RestMethod -uri "https://<MGMT-IP>/nitro/v2/config/ns_vm_image" -Method GET -WebSession $NSSession -ContentType "application/json"

This fails with: Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send

 

While this is stated in the documentation:

URL:https://<MGMT-IP>/nitro/v2/config/ns_vm_image
HTTPS Method:GET
Request Headers:
Accept:application/json
X-NITRO-USER:username_value<String>
X-NITRO-PASS:password_value<String>
or
Cookie:NITRO_AUTH_TOKEN=token_value<String>
Response:
HTTPS Status Code on Success: 200 OK HTTPS Status Code on Failure: 4xx (for general HTTPS errors) or 5xx (for NetScaler-MAS-specific errors). The response payload provides details of the error
Response Headers:
Content-Type:application/json
Response Payload:JSON
{ "errorcode": 0, "message": "Done", "severity": <String_value>, "ns_vm_image":[{
      "file_size":<Integer_value>,
      "file_name":<String_value>,
      "file_last_modified":<String_value>,
      "file_last_modified_epoch":<Double_value>}]}

 

Create a VPX Instance:

$body = ConvertTo-JSON @{
        "ns"=@{
            "name"="VPX1";"ip_address"="192.168.100.2";
            "netmask"="255.255.255.0";
            "gateway"="192.168.100.1";
            "image_name"="NSVPX-XEN-13.0-58.30_nc_64_xva.gz";
            "vm_memory_total"="4096";
            "throughput"="1000";
            "pps"="1000000";
            "license"="Premium";
            "profile_name"="ns_profile";
            "username"="admin";
            "password"="admin";
            "network_interfaces"=@(
                @{"port_name"="10/1"},
                @{"port_name"="10/2"}
            )
        }
    } -Depth 5
    $body
    Invoke-RestMethod -uri "https://<MGMT-IP>/nitro/v2/config/ns?action=add" -body $body -Method POST -WebSession $NSSession -ContentType "application/json"

This fails with: Invoke-RestMethod : The remote server returned an error: (403) Forbidden

 

While I found this in the documentation:

URL. https://10.102.31.16/nitro/v2/config/ns?action=add
HTTP Method. POST
Cookie. NITRO_AUTH_TOKEN=##78C060...
Request Payload

{ "ns": 
 { "name":"vpx1","ip_address":"192.168.100.2",
  "netmask":"255.255.255.0",
  "gateway":"192.168.100.1",
  "image_name":"nsvpx-9.3- 45_nc.xva",
  "vm_memory_total":2048,
  "throughput":1000,
  "pps":1000000,
  "license":"Standard",
  "profile_name":"ns_nsroot_profile",
  "username":"admin",
  "password":"admin",
  "network_interfaces":
  [
    { "port_name":"10/1" },
    { "port_name":"10/2" }
  ]
 }

 

Can somebody tell me what I'm doing wrong here?

 

Link to comment
Share on other sites

Regarding the error you're seeing for "The underlying connection was closed: An unexpected error occurred on a send", I've faced this in the past when trying to access an HTTPS endpoint with TLS 1.2 from a computer that doesn't have the latest .NET version that allows that protocol. You can resolve this by putting this at the beginning of your script (found from here):

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

 

As to your 403 errors, it may help to check the log files on the Netscaler under /var/log (specifically, nitro.log, httpaccess.log, and ns.log).

Link to comment
Share on other sites

48 minutes ago, Ross Bender said:

Regarding the error you're seeing for "The underlying connection was closed: An unexpected error occurred on a send", I've faced this in the past when trying to access an HTTPS endpoint with TLS 1.2 from a computer that doesn't have the latest .NET version that allows that protocol. You can resolve this by putting this at the beginning of your script (found from here):


[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

 

As to your 403 errors, it may help to check the log files on the Netscaler under /var/log (specifically, nitro.log, httpaccess.log, and ns.log).

 

Hi Ross, Thanks for your reply! I forgot to mention that I used this and one other line:

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
But this does not resolve the problem I'm facing. What I also don't understand, is that I'm able to login, but a simple GET fails...

 

The ns.log pointed me to an invalid system image ("_xva.gz" had to be ".xva.gz") and I was able to resolve this.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...