I am converting an ADFS demo environment I have from vagrant to terraform. Everything works fine until I get to running:
Install-AdfsFarm `
-CertificateThumbprint:"$certThumbprint" `
-FederationServiceDisplayName:"adfs.test.my-poc.com" `
-FederationServiceName:"adfs.test.my-poc.com" `
-ServiceAccountCredential:$credential
I get the following error:
Install-AdfsFarm : The service account credentials could not be verified.
null_resource.post-vm (remote-exec): At C:\provision\adfs2.ps1:48 char:1
When I log into to server with the same credentials terraform uses and run the script manually, it works fine. I don't think this is an ADFS specific error, as the following also fails in the script, but works if I log in:
(New-Object DirectoryServices.DirectoryEntry "",$username,$password).psbase.name -ne $null
Does anyone have any suggestions?
Thanks.
Related
The use case i am working is create online meeting and i followed the following documentation https://learn.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http
As part of this, Admin needs to create application access policy and grant it to a user.https://learn.microsoft.com/en-us/graph/cloud-communication-online-meeting-application-access-policy
While executing New-CsApplicationAccessPolicy cmdlet I am having the following error.
e.g New-CsApplicationAccessPolicy -Identity Test-policy -AppIds "ddb80e06-92f3-4978-bc22-a0eee85e6a9e", -Description "description here"
ERROR
Get-CsOnlineSession: /Users/avnika/.local/share/powershell/Modules/MicrosoftTeams/2.3.1/netcoreapp3.1/SfBORemotePowershellModule.psm1:63
Line |
63 | $remoteSession = & (Get-CsOnlineSessionCommand)
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| The remote server returned an error: (404) Not Found.
Invoke-Command: /Users/avnika/.local/share/powershell/Modules/MicrosoftTeams/2.3.1/netcoreapp3.1/SfBORemotePowershellModule.psm1:22959
Line |
22959 | … -Session (Get-PSImplicitRemotingSession -CommandName ‘New-CsApplic …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Cannot validate argument on parameter ‘Session’. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
2:20
this error when i execute below policy New-CsApplicationAccessPolicy -Identity Millo-Video-policy -AppIds “334941f7-50e4-4b19-9d5d-22328ad41553” -Description “video delegation policy for app”
I would appreciate if you can help me how to solve this problem.
P.s. I am using personal azure account
This cmdlet runs using skype connecter. But now this cmdlet is added in latest powershell module. please upgrate powershell module and run the cmdlet. please go through this link
I tried the following steps and its working:
Upgrade the microsoft teams powershell module to the latest (also follow the above steps provided by Kartheek above)
Connect-MicrosoftTeams #Enter global Administrator account credential and make sure that you see Admin account details in connection output.
Now execute the New-CsApplicationAccessPolicy
Make sure the powershell connects/works.
Usually i test the above steps in test demo tenant, before doing it in prod. Test the same and confirm if you can still repro the issue.
I was connecting Exchange Online using a PowerShell window that is opened with system access. I used PSExec on an elevated Command Prompt to open the System access PowerShell. Below is the command.
PSExec -i -s PowerShell
On the PowerShell, I imported the latest Exchange Online Management PowerShell module version 2.0.3. I use the app-based authentication described here: https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps#setup-app-only-authentication.
There is one more website that shows how to connect with app-based authentication: https://o365reports.com/2020/07/04/modern-auth-and-unattended-scripts-in-exchange-online-powershell-v2.
Below are the commands used to connect to Exchange Online.
Import-Module .\ExchangeOnlineManagement
$sessopt = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck -ProxyAccessType IEConfig
$certkey = ConvertTo-SecureString "<EnterCertificateKeyHere>" -AsPlainText -Force
Connect-ExchangeOnline -CertificateFilePath "pfx Certificate Path" -AppId <EnterAppIdHere> -Organization "domain.onmicrosoft.com" -CertificatePassword $certkey -PSSessionOption $sessopt -verbose
When running the above, it returns Object Reference error. I got excited and went on to find what the error is by decompiling the DLL files and found that inside the 'ExoPowershellGalleryModule.dll -> NewExoPSSession.cs' of the Exchange module, the 'GetAccessToken' function which is called around line:308 causes this error. Any idea what makes the Object reference not set to an instance of an object. System.Management.Automation.RemoteException: Object reference not set to an instance of an object. error. Was the proxy not taken from IE?
I've set the proxy settings in IE using the below Powershell command-lets in system PowerShell.
Set-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings' -name ProxyServer -Value "ProxyServerAddress"
Set-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings' -name ProxyEnable -Value 1
Any help to resolve this is appreciated.
If your using
PSExec -i -s PowerShell
Then the proxy information your entering for the user will have no effect because the local system account will have its own profile information. Also if the proxy needs authentication you also won't be presenting any Network credentials.
If you really want to run under the system account you could try using netsh to configure the proxy https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet but if you proxy need authentication this won't work.
Disclaimer: I am not a DevOps guy so please forgive any ignorance. I'm learning this stuff to expand my understanding.
I've enabled remote Powershell on a Windows Server 2019 instance in order to stop/start scheduled tasks during deployment of files from my build server (also Windows Server 2019).
I followed the below steps in an Administrator Powershell as the Adminstrator user on the remote server:
1. Enable RSRemoting.
2. Remove existing listener.
3. Create self-signed certificate and export to crt file.
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "<subdomain.domain.com>"
Create listener.
Create firewall rules to allow secure PSRemoting and disable unsecure connections.
Copy certificate to build server.
Import certificate on build server.
From the build server, I've tested the configuration using the following commands in Powershell:
$username = 'Administrator'
$pass = ConvertTo-SecureString -string '<password here>' -AsPlainText -Force
$cred = New-Object -typename System.Management.Automation.PSCredential -argumentlist $username, $pass
Invoke-Command -ComputerName <subdomain.domain.com> -UseSSL -ScriptBlock {whoami} -Credential $cred
Which responds nicely with win-<some stuff>\administrator. However, when I execute a remote Powersehll command from within a TeamCity build step, I get a big ugly Connecting to remote server <subdomain.domain.com> failed with the following error message : Access is denied..
The weird part is, this worked two days ago and I have several builds that were able to complete all remote operations. From this morning, it's just stopped working - poof!
If I fudge the credentials, I do get an incorrect username/password error so it is definitely reaching the server.
Another interesting find is that if I run
[bool](Test-WSMan)
on the remote server, I get True returned, but if I run the same command with -ComputerName <subdomain.domain.com> on the build server, I get
WinRM cannot complete the operation. Verify that the specified computer name is
valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits
access to remote computers within the same local subnet. returned.
Both the remote host and build server are logged on as the default Administrator.
Any ideas?
After more research and calling in a few favours, I was advised to tweak the TeamCity Build Agent and TeamCity Server services. These need to Log On As a User and not Local System. I can't explain how my previous settings worked. The Access is denied error I experienced has nothing to do with the Remote Powershell configuration mentioned above.
I'm configuring a SharePoint 2013 deployment using Desired State Configuration (DSC). I have configured several services to be provisioned using DSC, but I am having trouble getting search config to work. The following command fails in the context of DSC, but works fine when running with the exact same parameters in a normal PowerShell window:
function Set-TargetResource
{
...
$searchApp = New-SPEnterpriseSearchServiceApplication -Name $searchAppName `
-DatabaseServer $dbServer `
-DatabaseName $searchDB `
-ApplicationPool $pool `
-AdminApplicationPool $adminPool `
-Partitioned:([bool]::Parse($partitioned))
If (!$?) {
Throw " - An error occurred creating the $searchAppName application."
}
...
Other SharePoint cmdlets are working fine from within DSC. I know DSC runs in the context of "NT AUTHORITY\SYSTEM" - is this causing the problem for some SharePoint PowerShell cmdlets? - if so, how could search configuration still be achieved within the context of DSC?
You need to use different set of credentials that got the SP farm access. See xWindowsProcess DSC resource for an example. This is available as a part of the DSC resource kit.
So I am trying to use Powershell to start a windows service. I have the service installed just fine, but when I call Start-Service -Name $name I am recieving the following error.
Start-Service : Service 'IncidentManagementService (IncidentManagementService)' cannot be started due to the following error: Cannot start service IncidentManagementService on computer '.'.
I have powershell running as an Administrator and I also tried going under the properties of the .exe file and checking "run as admin" to no avail.
If anyone could give me a clear reason as to why the service is not starting it would be much appreciated.
In my case the service is disabled... so is the reason I am getting that error.