Environment
- Holodeck 9.0.2.x
New-HoloDeckInstance -DeveloperMode -DepotType Online (unattended; token supplied via $env:brcm_build_token)- HoloRouter: stock OVA, bundled HoloDeck PowerShell module
Symptom
The deploy fails immediately at the SddcMgmtDomain phase:
SddcMgmtDomain[<pid>]: [ERROR] Depot setup failed.
SddcMgmtDomain[<pid>]: [ERROR] Cannot bind parameter 'SecureString'. Cannot convert the value of type "System.String" to type "System.Security.SecureString".
SddcMgmtDomain[<pid>]: [ERROR] Failed to initialize VCF Installer depot
HoloSite[<pid>]: [ERROR] HoloDeck deployment failed.
The interactive (non--DeveloperMode) path doesn't hit this — it reads the token with Read-Host -AsSecureString, which already returns a SecureString. Only the unattended -DeveloperMode path breaks.
Root cause
HoloDeck.psm1, lines 363 and 542 (the two depot-setup branches — VCF 9.x site A and site B) both have this shape:
if ($DeveloperMode) {
$Global:BroadcomBuildToken = $env:brcm_build_token # plain [string]
}
else {
$Global:BroadcomBuildToken = Read-Host "Enter your support site token..." -AsSecureString
}A downstream depot-init cmdlet (in the SddcMgmtDeployment.psm1 flow) consumes $Global:BroadcomBuildToken with a [SecureString] parameter, so the -DeveloperMode-supplied plain string fails the parameter binder before the depot ever initialises.
Suggested fix
Mirror the interactive branch — wrap the env-var read so both branches yield a SecureString:
if ($DeveloperMode) {
- $Global:BroadcomBuildToken = $env:brcm_build_token
+ $Global:BroadcomBuildToken = ConvertTo-SecureString -AsPlainText -Force -String $env:brcm_build_token
}
else {
$Global:BroadcomBuildToken = Read-Host "Enter your support site token..." -AsSecureString
}Applied to both line 363 and line 542 (they're identical branches).
Workaround for affected users
On the deployed HoloRouter, before the deploy:
sed -i 's|\$Global:BroadcomBuildToken = \$env:brcm_build_token|\$Global:BroadcomBuildToken = (ConvertTo-SecureString -AsPlainText -Force -String \$env:brcm_build_token)|g' \
<path-to>/HoloDeck/HoloDeck.psm1
(both branches patched in one sed; the two Read-Host branches are left untouched). Then re-run New-HoloDeckInstance with the same -DeveloperMode flags and $env:brcm_build_token set. Verified end-to-end on Holodeck 9.0.2 + VCF 9.0.2.0 / -ManagementOnly / online depot.
Note on issue tracking
Same as #122 / #127 — vmware/Holodeck ships only the docs site; the PowerShell module that contains the bug is bundled inside the HoloRouter OVA, not in this repo's source tree. Filing here per the Support page as the canonical tracker. Sibling per-appliance fixes: #122 (bundle-count -eq 7), #127 (missing KUBECONFIG).
Environment
New-HoloDeckInstance -DeveloperMode -DepotType Online(unattended; token supplied via$env:brcm_build_token)Symptom
The deploy fails immediately at the
SddcMgmtDomainphase:The interactive (non-
-DeveloperMode) path doesn't hit this — it reads the token withRead-Host -AsSecureString, which already returns aSecureString. Only the unattended-DeveloperModepath breaks.Root cause
HoloDeck.psm1, lines 363 and 542 (the two depot-setup branches — VCF 9.x site A and site B) both have this shape:A downstream depot-init cmdlet (in the
SddcMgmtDeployment.psm1flow) consumes$Global:BroadcomBuildTokenwith a[SecureString]parameter, so the-DeveloperMode-supplied plain string fails the parameter binder before the depot ever initialises.Suggested fix
Mirror the interactive branch — wrap the env-var read so both branches yield a
SecureString:if ($DeveloperMode) { - $Global:BroadcomBuildToken = $env:brcm_build_token + $Global:BroadcomBuildToken = ConvertTo-SecureString -AsPlainText -Force -String $env:brcm_build_token } else { $Global:BroadcomBuildToken = Read-Host "Enter your support site token..." -AsSecureString }Applied to both line 363 and line 542 (they're identical branches).
Workaround for affected users
On the deployed HoloRouter, before the deploy:
(both branches patched in one
sed; the twoRead-Hostbranches are left untouched). Then re-runNew-HoloDeckInstancewith the same-DeveloperModeflags and$env:brcm_build_tokenset. Verified end-to-end on Holodeck 9.0.2 + VCF 9.0.2.0 /-ManagementOnly/ online depot.Note on issue tracking
Same as #122 / #127 —
vmware/Holodeckships only the docs site; the PowerShell module that contains the bug is bundled inside the HoloRouter OVA, not in this repo's source tree. Filing here per the Support page as the canonical tracker. Sibling per-appliance fixes: #122 (bundle-count-eq 7), #127 (missingKUBECONFIG).