Error with Set-AzSqlServerAudit PowerShell command - powershell

I'm trying to use the Set-AzSqlServerAudit PowerShell command as follows:
Set-AzSqlServerAudit -ResourceGroupName "My_RG" -ServerName "My_Server" -BlobStorageTargetState Enabled -StorageAccountResourceId "XXXXXX" -RetentionInDays 365 -PredicateExpression "[database_principal_name]= 'dbo' OR ([action_name] = 'DATABASE AUTHENTICATION FAILED' OR [action_name] = 'CREATE SERVER AUDIT SPECIFICATION' OR [action_name] = 'ALTER SERVER AUDIT SPECIFICATION' OR [action_name] = 'DROP SERVER AUDIT SPECIFICATION')"
If I limit the PredicateExpression parameter to "[database_principal_name]= 'dbo'" then it works fine, but using the expression I want results in the following error:
Set-AzSqlServerAudit : One or more errors occurred. At line:1 char:1
+ Set-AzSqlServerAudit -ResourceGroupName "My_RG" -ServerName "My_Serv...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Set-AzSqlServerAudit], AggregateException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Sql.Auditing.Cmdlet.SetAzSqlServerAudit

Related

Invoke-SqlNotebook error while using Open-EditorFile

Reference: https://learn.microsoft.com/en-us/powershell/module/sqlserver/invoke-sqlnotebook?view=sqlserver-ps#example-5-execute-notebook-open-results-in-azure-data-studio
As per Microsoft documentation, the Open-EditorFile command is only available in the PowerShell Integrated Console.
Invoke-SqlNotebook -ServerInstance ServerA -Database master -InputFile "$home\Documents\SQL Server Management Studio\BPCheck.ipynb" | Open-EditorFile
I am getting this error:
--> Invoke-SqlNotebook -ServerInstance "hostaname\SQL2019" -Database master -InputFile "C:\Presentation\NotebookJobs\DatabaseList.ipynb" -Force|Open-EditorFile
Exception calling "OpenFile" with "2" argument(s): "One or more errors occurred."
At C:\Users\taiob\.azuredatastudio\extensions\microsoft.powershell-2022.7.2\modules\PowerShellEditorServi
ces\Commands\Public\CmdletInterface.ps1:199 char:13
+ $psEditor.Workspace.OpenFile($_.FullName, $preview)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : AggregateException
Why am I getting this error?
I am using Azure data studio Powershell Extension.

Azure commands not working in ISE but do in PS shell

I am trying to connect to my Azure AD with my companies O365 account. When I run the commands in the PS shell, works great. But trying to make a ps1 script file, commands fail in ISE. Code and errors below:
Code:
$managedcred = get-storedcredential -Target o365
connect-azuread -credential $managedcred
Error:
Connect-AzureAD : One or more errors occurred.: AADSTS50126: Invalid username or password.
Trace ID: 3bbf3cba-61c3-45c5-a19f-60973b7c2700
Correlation ID: 14599060-8bb3-4fce-afda-621efc3660ed
Timestamp: 2019-10-03 16:05:03Z
At line:1 char:1
+ Connect-AzureAD -Credential $managedcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], AadAuthenticationFailedException
+ FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
Connect-AzureAD : One or more errors occurred.
At line:1 char:1
+ Connect-AzureAD -Credential $managedcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], AggregateException
+ FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
Connect-AzureAD : AADSTS50126: Invalid username or password.
Trace ID: 3bbf3cba-61c3-45c5-a19f-60973b7c2700
Correlation ID: 14599060-8bb3-4fce-afda-621efc3660ed
Timestamp: 2019-10-03 16:05:03Z
At line:1 char:1
+ Connect-AzureAD -Credential $managedcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], AdalServiceException
+ FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
Connect-AzureAD : Response status code does not indicate success: 400 (BadRequest).
At line:1 char:1
+ Connect-AzureAD -Credential $managedcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], HttpRequestException
+ FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
Connect-AzureAD : {"error":"invalid_grant","error_description":"AADSTS50126: Invalid username or password.\r\nTrace ID:
3bbf3cba-61c3-45c5-a19f-60973b7c2700\r\nCorrelation ID: 14599060-8bb3-4fce-afda-621efc3660ed\r\nTimestamp: 2019-10-03
16:05:03Z","error_codes":[50126],"timestamp":"2019-10-03 16:05:03Z","trace_id":"3bbf3cba-61c3-45c5-a19f-60973b7c2700","correlation_id":"14599060-8bb3-4fce-afda-621efc366
0ed","error_uri":"https://login.microsoftonline.com/error?code=50126"}: Unknown error
At line:1 char:1
+ Connect-AzureAD -Credential $managedcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Connect-AzureAD], AdalException
+ FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
Connect-AzureAD : One or more errors occurred.: AADSTS50126: Invalid username or password.
Trace ID: 3bbf3cba-61c3-45c5-a19f-60973b7c2700
Correlation ID: 14599060-8bb3-4fce-afda-621efc3660ed
Timestamp: 2019-10-03 16:05:03Z
At line:1 char:1
+ Connect-AzureAD -Credential $managedcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-AzureAD], AadAuthenticationFailedException
+ FullyQualifiedErrorId : Microsoft.Open.Azure.AD.CommonLibrary.AadAuthenticationFailedException,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD
So it appears that the first command works fine, but the connect fails.
According to error message, you do not use the correct username and password to connect Azure AD. Please use the following command to check it.
Get-StoredCredential -Target O365 -AsCredentialObject
Besides, according to my understanding, you want to connect Azure AD without a prompt. You also can use the following command:
$name = ""
$password = ""
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($name, $secpasswd)
Connect-AzureAD -Credential $mycreds
Update
According to research, app password is used to complete MFA with the clients which do not support modern authentication, such as outlook. For more details, please refer to https://support.microsoft.com/en-au/help/12409/microsoft-account-app-passwords-and-two-step-verification. So we cannot use app password to connect Azure AD in PowerShell ISE.
According to the situation, I suggest you use service principal to connect Azure AD. For more details, please refer to https://learn.microsoft.com/en-us/powershell/azure/active-directory/signing-in-service-principal?view=azureadps-2.0.

Import-AzureRmRedisCache : Long running operation failed with status 'Conflict'

I'm getting a strange error with PowerShell AzureRM 4.4.0. When I run Import-AzureRmRedisCache -ResourceGroupName $rg -Name $rediscache -Files $sasKeyForBlob -Force It runs for about 1 minute and the throws up the below error. The files are only 35KiB! I've searched the web and I can't find any reference to Long running operation failed with status 'Conflict'.
The Error:
Import-AzureRmRedisCache : Long running operation failed with status 'Conflict'.
At line:1 char:1
+ Import-AzureRmRedisCache -ResourceGroupName $rg -Name $rediscache -F ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Import-AzureRmRedisCache], CloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.RedisCache.ImportAzureRedisCache

Invalid namespace in PowerShell working with FSRM

Trying PS command:
Set-FsrmFileGroup -Name "Anti-Ransomware File Groups" -IncludePattern #((Invoke-WebRequest -Uri "https://fsrm.experiant.ca/api/v1/combined" -UseBasicParsing).Content | ConvertFrom-Json | % {$_.filters})
Getting error:
New-FsrmFileGroup : Invalid namespace
At line:1 char:1
+ New-FsrmFileGroup -Name "Anti-Ransomware File Groups" -IncludePattern #((Invoke- ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : MetadataError: (MSFT_FSRMFileGroup:Root/Microsoft/...T_FSRMFileGroup) [New-FsrmFileGroup], CimException
+ FullyQualifiedErrorId : HRESULT 0x8004100e,New-FsrmFileGroup
I also notice some errors in FSRM:
Firewall is off and I am domain admin running this as admin. SFC and a WMI repair came back as good. I am going based off a guide (https://fsrm.experiant.ca/). This has worked across a ton of other servers so I don't believe the commands to be improperly formatted.
Output of Get-WmiObject -Namespace 'Root/Microsoft/Windows/Fsrm' -List:
Get-WmiObject : Could not get objects from namespace Root/Microsoft/Windows/Fsrm.
Invalid namespace
At line:1 char:1
+ Get-WmiObject -Namespace 'Root/Microsoft/Windows/Fsrm' -List
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : INVALID_NAMESPACE_IDENTIFIER,Microsoft.PowerShell.Commands.G‌​etWmiObjectCommand

issue in running diagnostics in azure

I was trying to make a dummy diagnostics worker role using the following article
When i run the following command in step 4 :
(Get-AzureServiceAvailableExtension -ExtensionName 'PaaSDiagnostics' -ProviderNamespace 'Microsoft.Azure.Diagnostics').PublicConfigurationSchema | Out-File -Encoding utf8 -FilePath 'WadConfig.xsd'
I get the following error in azure powershell, we need the subscription in this command but not sure where.
Also, is there a place where I can find how to make a dummy diagnostics worker role.
VERBOSE: 3:32:14 PM - Begin Operation: Get-AzureServiceAvailableExtension
Get-AzureServiceAvailableExtension : No default subscription has been designated. Use Select-AzureSubscription
-Default <subscriptionName> to set the default subscription.
At line:1 char:2
+ (Get-AzureServiceAvailableExtension -ExtensionName 'PaaSDiagnostics' -ProviderNa ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureServiceAvailableExtension], ApplicationException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.Extensions.GetAzureServiceAvailableExt
ensionCommand
VERBOSE: 3:32:14 PM - Completed Operation: Get-AzureServiceAvailableExtension
Out-File : Access to the path 'C:\WadConfig.xsd' is denied.
At line:1 char:148
+ ... rationSchema | Out-File -Encoding utf8 -FilePath 'WadConfig.xsd'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], UnauthorizedAccessException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand
First add your credentials using:
add-azureaccount
Next, select desired subscription (if you have more than one) using:
Select-AzureSubscription -SubscriptionId <id>
Finally, try again.