I have been tasked with updating Certificates on a service fabric cluster, I believe I have done this on the cluster but now octopus is producing this error. I have added the certificate into the machine and my users certificate stores and I can see the service fabric portal.
I can happily connect from the command line on the same machine, which I would imagine is what it is doing under the hood!
Connect-ServiceFabricCluster -ConnectionEndpoint "MyMachine.test.local:19000" -X509Credential -ServerCertThumbprint "ABCE35ECEDDEB4BB81039BC1745BA7087EBB8123" -FindType FindByThumbprint -FindValue "ABCE35ECEDDEB4BB81039BC1745BA7087EBB8123" -StoreLocation LocalMachine -StoreName My
Where might I find more detailed logs, where the heck are the so called trace logs for more details?
Loading connection parameters for the 'Client Certificate' security mode.
17:05:18 Verbose | Authenticating with Service Fabric.
17:05:18 Verbose | Using ConnectionParameters:
17:05:18 Verbose | ConnectionEndpoint=MyMachine.test.local:19000
17:05:18 Verbose | StoreLocation=LocalMachine
17:05:18 Verbose | FindType=FindByThumbprint
17:05:18 Verbose | ServerCertThumbprint=ABCE35ECEDDEB4BB81039BC1745BA7087EBB8123
17:05:18 Verbose | FindValue=ABCE35ECEDDEB4BB81039BC1745BA7087EBB8123
17:05:18 Verbose | X509Credential=True
17:05:18 Verbose | StoreName=MY
17:05:18 Error | Connect-ServiceFabricCluster : An error occurred during this operation.
17:05:18 Error | Please check the trace logs for more details.
17:05:18 Error | At C:\Octopus\Work\20221004160424-291654-3733\staging\Octopus.AzureServiceFabri
17:05:18 Error | cContext.ps1:210 char:16
17:05:18 Error | + ... [void](Connect-ServiceFabricCluster #ClusterConnectionParameters ...
17:05:18 Error | + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
17:05:18 Error | + CategoryInfo : InvalidOperation: (:) [Connect-ServiceFabricClus
17:05:18 Error | ter], FabricException
17:05:18 Error | + FullyQualifiedErrorId : CreateClusterConnectionErrorId,Microsoft.Service
17:05:18 Error | Fabric.Powershell.ConnectCluster
The issues was that the octopus server where this is running also needed the certificate added to the machines LocalMachine MY (Personal) location. Once the certificate was added it deployed fine!
If we look at an example connection call we can see its asking for a certificate by the thumbprint, and this certificate needs to be on the machine that runs this command.
Connect-ServiceFabricCluster -ConnectionEndpoint "MyMachine.test.local:19000" -X509Credential -ServerCertThumbprint "ABCE35ECEDDEB4BB81039BC1745BA7087EBB8123" -FindType FindByThumbprint -FindValue "ABCE35ECEDDEB4BB81039BC1745BA7087EBB8123" -StoreLocation LocalMachine -StoreName My
Now to look at more shocking service fabric cluster issues :( ...
Related
Connect to Exchange 365 using PowerShell to setup DKIM for custom domains
I am super frustrated with Office 365 setting up DKIM for a bunch of custom domains.
I am required to login to the Exchange system using PowerShell and do some voodoo using syntax only Microsoft can invent.
Those are my resources:
https://learn.microsoft.com/en-us/powershell/exchange/exchange-online-powershell-v2?view=exchange-ps#install-and-maintain-the-exo-v2-module
https://learn.microsoft.com/en-us/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps
Install dependencie
Install-Module -Name ExchangeOnlineManagement -RequiredVersion 2.0.3
Set-ExecutionPolicy RemoteSigned
Import-Module ExchangeOnlineManagement
I answered Yes to all questions and this seemed to work.
Logging in
$UserCredential = Get-Credential
I am getting asked for my admin credentials and I enter them in the form user#cortoso.onmicrosoft.com and I also tried user#customdomain.com. Both work when I login to Exchange admin via Microsoft web portal.
The next command fails:
Connect-ExchangeOnline -Credential $UserCredential -ShowProgress $true -ExchangeEnvironmentName O365GermanyCloud
----------------------------------------------------------------------------
The module allows access to all existing remote PowerShell (V1) cmdlets in addition to the 9 new, faster, and more reliable cmdlets.
|--------------------------------------------------------------------------|
| Old Cmdlets | New/Reliable/Faster Cmdlets |
|--------------------------------------------------------------------------|
| Get-CASMailbox | Get-EXOCASMailbox |
| Get-Mailbox | Get-EXOMailbox |
| Get-MailboxFolderPermission | Get-EXOMailboxFolderPermission |
| Get-MailboxFolderStatistics | Get-EXOMailboxFolderStatistics |
| Get-MailboxPermission | Get-EXOMailboxPermission |
| Get-MailboxStatistics | Get-EXOMailboxStatistics |
| Get-MobileDeviceStatistics | Get-EXOMobileDeviceStatistics |
| Get-Recipient | Get-EXORecipient |
| Get-RecipientPermission | Get-EXORecipientPermission |
|--------------------------------------------------------------------------|
To get additional information, run: Get-Help Connect-ExchangeOnline or check https://aka.ms/exops-docs
Send your product improvement suggestions and feedback to <cut>. For issues related to the module, contact Microsoft support. Don't use the feedback alias for problems or support issues.
----------------------------------------------------------------------------
New-ExoPSSession : unknown_user_type: Unknown User Type.
In C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\2.0.3\ExchangeOnlineManagement.psm1:426 Zeichen:30
+ ... PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-ExoPSSession], Exception
+ FullyQualifiedErrorId : System.Exception,Microsoft.Exchange.Management.ExoPowershellSnapin.NewExoPSSession
How can I proceed to login to Exchange in order to setup DKIM keys?
Command works without ExchangeEnvironmentName:
Connect-ExchangeOnline -Credential $UserCredential -ShowProgress $true
And the required user was user#customdomain.com.
In my case, my account has enable MFA. So the command that works is:
Connect-ExchangeOnline -UserPrincipalName navin#contoso.com -ShowProgress $true
replace your user name, and expect to authenticate with Microsoft authenticator.
In order to configure a Windows server as an Ansible host, I'm trying to setup WinRM by following the official documentation provided in https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html.
I'm stuck at the "Setup WinRM Listener" step with the execution of the following comannd resulting in the error as described below:
PS C:\Users\Administrator> New-WSManInstance -ResourceURI "winrm/config/Listener" -SelectorSet $selector_set -ValueSet $value_set
New-WSManInstance : The WS-Management service cannot find the certificate that was requested.
At line:1 char:1
+ New-WSManInstance -ResourceURI "winrm/config/Listener" -SelectorSet $ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [New-WSManInstance], InvalidOperationException
+ FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.NewWSManInstanceCommand
Following are the values of my "selector_set" and "value_set" which are also set in accordance with the document.
PS C:\Users\Administrator> $selector_set
Name Value
---- -----
Transport HTTPS
Address *
PS C:\Users\Administrator> $value_set
Name Value
---- -----
CertificateThumbprint E6CDAA82EEAF2ECE8546E05DB7F3E01AA47D76CE
OS: Windows Server 2012 R2
It might not be immediately obvious, but if you re-read the last part of the section immediately preceding the "Setup WinRM Listener" step (emphasis added):
If running over an HTTPS listener, this is the thumbprint of the certificate in the Windows Certificate Store that is used in the connection. To get the details of the certificate itself, run this command with the relevant certificate thumbprint in PowerShell:
$thumbprint = "E6CDAA82EEAF2ECE8546E05DB7F3E01AA47D76CE"
Get-ChildItem -Path cert:\LocalMachine\My -Recurse | Where-Object { $_.Thumbprint -eq $thumbprint } | Select-Object *
What this is telling us is that E6CDAA82EEAF2ECE8546E05DB7F3E01AA47D76CE is just an example - you need to provide the thumbprint of an actual certificate issued to the machine.
To list all the existing certificates installed in the machines certificate store with PowerShell, just remove the Where-Object clause from the example command:
Get-ChildItem -Path cert:\LocalMachine\My -Recurse
If there's no appropriate certificate installed you'll have to install one. You can either generate a self-signed certificate, acquire a certificate from a CA vendor, or enroll for one from your internal CA if Active Directory Certificate Services or similar PKI is configured in the environment.
I am trying to follow the instructions on the Microsoft website (https://learn.microsoft.com/en-us/azure/active-directory/active-directory-configurable-token-lifetimes) to configure a custom token expiry policy.
However I am getting an incomprehensible error message. It does not appear to be a temporary error as I have tried it a few times over the last few days.
I have tried running Powershell as both normal and "as administrator", it makes no difference to the outcome.
PS C:\Users\sheakbar> New-AzureADPolicy -Definition #(‘{“TokenLifetimePolicy”:{“Version”:1,”MaxInactiveTime”:”14.00:00:00″,”MaxAgeSing
leFactor”:”90.00:00:00″,”MaxAgeMultiFactor”:”90.00:00:00″,”MaxAgeSessionSingleFactor”:”until-revoked”,”MaxAgeSessionMultiFactor”:”unti
l-revoked”}}’) -DisplayName “OrganizationDefaultPolicyScenario” -IsOrganizationDefault $true -Type “TokenLifetimePolicy”
New-AzureADPolicy : Error occurred while executing NewPolicy
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
InnerError:
RequestId: 4c0f01de-96b4-4483-8a19-43b411149880
DateTimeStamp: Thu, 07 Jun 2018 04:28:08 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At line:1 char:1
+ New-AzureADPolicy -Definition #(‘{“TokenLifetimePolicy”:{“Version”:1, ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADPolicy], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.NewPolicy
According to the error message, it seems like your account is not a global admin in your tenant and doesn't enough permissions to excute this powershell command.
Solution:
Run the Connect command Connect-AzureAD to sign in to your Azure AD admin account.
If we use global administrator(xxx.onmicrosoft.com) account to connect-AzureAD.
Then we could New-AzureADPolicy, and I test it on my side with following command
New-AzureADPolicy -Definition #('{"TokenLifetimePolicy":{"Version":1,"MaxInactiveTime":"14.00:00:00","MaxAgeSingleFactor":"90.00:00:00","MaxAgeMultiFactor":"90.00:00:00","MaxAgeSessionSingleFactor":"until-revoked","MaxAgeSessionMultiFactor":"until-revoked"}}') -DisplayName "OrganizationDefaultPolicyScenario" -IsOrganizationDefault $true -Type "TokenLifetimePolicy"
Using PS 5. 0 on windows 10 I created an Azure Storage account and an Azure Service. Got the latest image name using the following command. But when I run the following command to create a VM I get following error:
PS Command to get the latest image:
$images = Get-AzureVMImage `
| where { $_.ImageFamily -eq “Windows Server 2012 Datacenter” } `
| Sort-Object -Descending -Property PublishedDate
$latestImage = $images[0]
$latestImage
The above command ran successfully and gave me the image name as: a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-20171017-en.us-127GB.vhd that I used in the following command for creating a VM.
PS command to create VM:
New-AzureVMConfig -Name "Server15" -InstanceSize ExtraSmall -ImageName "a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-20171017-en.us-127GB.vhd" | Add-AzureProvisioningConfig -Windows -AdminUsername "MyAdmin" -Password "MyPsswd" | New-AzureVM -ServiceName "MyServiceName"
Error:
WARNING: No deployment found in service: 'MyServiceName'.
New-AzureVM : BadRequest: OSImage a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-20171017-en.us-127GB.vhd
not found. If you are using a VM image, it must be specified as VMImageName for the role, not as SourceImageName for
OSVirtualHardDisk.
OperationID : '498779aecff53369ac9e793da15c16c3'
At line:1 char:250
+ ... d "D7v.oeiue4ieiur" | New-AzureVM -ServiceName "MyServiceName"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzureVM], ComputeCloudException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.PersistentVMs.NewAzureVMCommand
Your script works for me, here is the output:
PS C:\Users\jason> New-AzureVMConfig -Name "Server16" -InstanceSize ExtraSmall -ImageName "a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-20171017-en.us-127GB.vhd" | Add-AzureProvisioningConfig -Windows -AdminUse
rname "jason" -Password "xxxxxxx" | New-AzureVM -ServiceName "jasontest321"
OperationDescription OperationId OperationStatus
-------------------- ----------- ---------------
New-AzureVM 05a8d386-ac4b-3843-8fe4-1018325112a3 Succeeded
Please check your Azure PowerShell version, for now the latest version is 5.0.1, my Azure PowerShell version is 4.4.1, that script works fine, maybe we should upgrade your Azure PowerShell.
We can download Azure PowerShell 5.0.1 installer to your Windows 10 and install it, then test it again.
More information about Azure PowerShell Version, please refer to this link.
Hope this helps.
I trying to build out a SharePoint 2016 Dev/test farm in Azure using PowerShell, starting with a DS server
Anyway, I have created my VM, created virtual network, public IP, NIC etc
DS VM is configured for RDP
I am getting stuck on installing the AD Domain Services
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
False Maybe Failed {}
Install-WindowsFeature : The WinRM client cannot process the request because the server name cannot be resolved.
At line:1 char:1
+ Install-WindowsFeature -ComputerName adVm AD-Domain-Services -Include ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : DeviceError: (Microsoft.Manag...rDetailsHandle):CimException) [Install-WindowsFeature],
Exception
+ FullyQualifiedErrorId : UnSupportedTargetDevice,Microsoft.Windows.ServerManager.Commands.AddWindowsFeatureComman
d
I have installed Remote Server Administration Tools for Windows 10
Started WInRM
Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value myVM
Q: Should I try to use the AD DS Deployment Commandlets directly from my win10 client