I have several, systems (MS OS) that have the Tenable Nessus agent installed in my environment. I am attempting to re-link the agent to the management portal via PowerShell. I will be using SCCM to execute, the script so I created a simple PS script with one line of code that will execute the script remotely on the workstation. I can execute the script locally using powershell no problem, on errors, and the Nessus agent re-links.
I am sure, I am overlooking something. Here is my script
Invoke-Command -ScriptBlock { Start-Process 'C:\Program Files\Tenable\Nessus
Agent\nessuscli.exe' -ArgumentList 'agent link --
key=<License Key> --
host=<hosted portal here> --port=<port>' -Passthru -NoNewWindow
Thank you for your time
Related
I try the "run powershell on remote machines" task to restart my Tomcat (java) service on the Windows server.
It just keep printing useless info in the console (target machine name)
Here is the detail about the powershell script:
stop Tomcat service (call a .bat file)
move .jar files to right location & replace old files
start Tomcat service (call a .bat file)
& D:\MY\PATH\stop.bat;
......
Copy-Item -Path "D:/s-1.0.jar" -Destination $sqs_path -Force;
......
& D:\MY\PATH\start.bat;
When I run the same command directly in target windows server, the "powershell part" trigger .bat script job, then get back to powershell console successfully .
Later, a new window pops out. The new window is Tomcat server that shows logs of my service.
However, when I do the same job with Azure release pipeline, the Tomcat window did not show up in target machine.
And release job console keep hanging (just print the name of targer machine).
I guess somewhat the output of popout window has be redirected to the console in release pipeline.
In addition, if I cancel the release job. my Tomcat service still working. (just without console to debug)
Or, another thought, can I achieve my goal with other 'task' in release pipeline? (powershell is not a "must")
Any suggestion would be appreciated.
[Update1]
I change the service start commamd to run the .bat in another window.
& D:\MY\PATH\stop.bat;
......
Copy-Item -Path "D:/s-1.0.jar" -Destination $sqs_path -Force;
......
Start-Process cmd.exe -ArgumentList "/C D:\sources\SQS.Dev\start.bat;"
And it turns out "nothing happens" ...
The remote powershell task finish immediately.
The PowerShell on Target Machines task uses WinRM to connect and access the remote target machine.
Normally, WinRM requires the agent machine and the remote target machine have been joined into the same domain or workgroup.
Please check with the following things:
Ensure the agent machine and the remote target machine have been joined into the same domain or workgroup.
Ensure you have followed the steps here to configure the WinRM.
If you have configured the WinRM. Login to the agent machine, ensure you can connect and access the remote target machine when you manually try to call the remote PowerShell. You can try with the following script on the agent machine to test if the WinRM can work well to connect and access the remote target machine.
Param(
# The IP address or FQDN of the remote machine
[string]$computerIp = "{computerIp}"
)
# Username and Password of the admin account on the remote machine
$Username = "{Username}"
$Password = ConvertTo-SecureString "{Password}" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($Username,$password)
# Call the remote PowerShell script
Invoke-Command -ComputerName $computerIp -Credential $cred -ErrorAction Stop -ScriptBlock {Invoke-Expression -Command:"powershell.exe /c '{absolute path of the remote PowerShell script}'"}
If it does not work when you try manually calling the remote PowerShell script on the agent machine, the task in the pipeline of course is not able to work. The issue should be on the WinRM, maybe, the WinRM is not configured well.
If it work well when you manually try on the the agent machine, the issue should be on the self-hosted agent. Try to set up a new self-hosted agent with the admin account to see if it can work.
[UPDATE]
As I mentioned above, please try manually calling the remote PowerShell script on the agent machine to see if the commands for 'start Tomcat service' can work.
The PowerShell on Target Machines task is running on the agent machine. If the remote PowerShell script cannot work as expected when you manually try it on the agent machine, it is of course not able to work on the task in pipeline.
At this time, the possible reason of the issue could be the following:
The connection between the machines has some problems.
The PowerShell script has some issues. Maybe you missed some settings for remoting call the script.
whenever an .exe file is executed on remote machine with help of pssession and invoke-command with start-process..
it the execuable runs in background , i am able to see the process in task manager but cpu alloted to that process is 0% and also it keeps running.
i want to pop up GUI of executable file on remote machine whenever i run script.
i tried..
1)
Invoke-Command -ScriptBlock {Start-Process -Wait -FilePath 'C:\Documents and Settings\user\Desktop\scripts\dbsetup_trial.exe' -ArgumentList '/S' -PassThru -Verb runas}
2) by enetring in PSsession, i tried executing exe, bt result was same.
please help me out.
i need to install file , if silent installation is option it should install file silently or just pop the window of executable and return back.
You cannot invoke a GUI on a remote system's interactive session via PowerShell. PowerShell remote sessions are unable to interact with other sessions, especially the logged-on user session(s).
psexec can do this, but the better way to do this is to run a silent/unattended install if it's an option with that application installer. We can't answer that because we don't know what that installer is or how it's made.
I'm getting the following error when running PowerShell scripts on a remote server:
Starting the CLR Failed with HRESULT 8007000e
This is basically how I'm running/calling the scripts:
On the local server I'm running a CMD script that calls a PowerShell script to create a remote session to a remote server. In the PowerShell script I also call a CMD script to run on the remote server like so:
$Script = [scriptblock]::create("cd $BuildPath | cmd.exe /c install.cmd $apptype")
The install.cmd script runs on the remote server and calls a PowerShell script that executes a series of tasks.
powershell ./Install.ps1 -BuildNum %BUILDNUM%
After the tasks are complete, the PowerShell script then calls another PowerShell script to run a separate series of tasks. This is when I hit the above error, when the second PowerShell script is called.
This is how the second PS1 script is called from the first PowerShell script:
powershell "& {. $BinToolsSrc\PostInstallValidation.ps1 -BuildNum $BuildNum -Test 'True'; Run-Validation -App $App -AppLoc $AppLoc -Env $Env:ENV -Site $Site -AppPool $AppPool -Config $Config -EnvConfig $EnvConfig -DllPath $DllPath}"
What usually causes the type of CLR error that I'm getting and how do I resolve it?
NOTE: I do not get this error when I run the install script locally on the remote server.
Thanks in advance!
UPDATE: Installing PowerShell 3 on the remote server seems to have solved the problem as it targets the .NET 4.0 runtime.
I too had the same problem because I have changed some path settings in my VScode unknowingly.
I have changed the settings to command prompt which works fine for me now...(This might not be the best solution though).screenshot
I'm trying to install a msi file on a remote server using powershell.
Server 1 is my build server and server 2 is my application server.
When the build server finishes a buil, I want to trigger a powershell script to install the latest version to my application server.
I'm using the following command to create a session and execute the installation:
# Create session to Application Server
$Session = New-PSSession -Name <ApplicationServer> -ComputerName <ApplicationServer> -Auth CredSSP -cred OURDOMAIN\MyUser
# Prepare expression and create script block
$Script = "Invoke-Expression 'msiexec /i <InstallerFile> /qn /L*v C:\Temp\install_fail.log'"
$ScriptBlock = [Scriptblock]::Create($Script)
# Execute in the session
Invoke-Command -ScriptBlock $ScriptBlock -Session $Session
# Clean up the session
Remove-PSSession $Session
The log has the following error (see attachment install_fail.log for full log)
MSI (s) (C4:1C) [17:08:05:333]: Note: 1: 1708
MSI (s) (C4:1C) [17:08:05:333]: Product: WindowsService1 -- Installation failed.
MSI (s) (C4:1C) [17:08:05:335]: Windows Installer installed the product. Product Name: WindowsService1. Product Version: 8.0.0.0. Product Language: 1033. Manufacturer: MyCompany. Installation success or error status: 1603.
When I start a session on the powershell command promt and execute the installation the installation succeeds (see attachment install_success.log for full log):
ENTER-PSSession -ComputerName
Invoke-Expression 'msiexec /i /qn /L*v C:\Temp\install_success.log'
exit
When I print whoami in both cases it returns OURDOMAIN\MyUser.
Microsoft lists the following regarding the 1603: (http://support.microsoft.com/kb/834484)
The folder that you are trying to install the Windows Installer package to is encrypted.
The folder is not encrypted
The drive that contains the folder that you are trying to install the Windows Installer package to is accessed as a substitute drive.
The drive is a partition on the harddisk of the server
The SYSTEM account does not have Full Control permissions on the folder that you are trying to install the Windows Installer package to. You notice the error message because the Windows Installer service uses the SYSTEM account to install software.
The SYSTEM account has Full Control on the drive and all folders.
Please advise...
Have you tried using PSEXEC? or are you using powershell for a reason? I find that easier for remote installs than trying to go through powershell.
Just PSEXEC into the server CMD. Copy the files locally then run MSIExec to install.
I ended up writing a second PowerShell script that runs on the server watching a specific folder for new msi files. The script runs the first script that actually performs the installation tasks.
I am trying to use the Invoke-Command powershell cmdlet to install a MSI installer. From within powershell on the local machine and from the proper directory, the following works:
./setup /quiet
The following does not seem to work:
$script =
{
param($path)
cd "$path"
& ./setup /quiet
return pwd
}
return Invoke-Command -ComputerName $product.IPs -ScriptBlock $script -Args $sourcePath
For test purposes I am working on the local machine passing in "." for the -ComputerName argument. The paths have been verified correct before passing in to Invoke-Command, and errors generated on different versions of this code indicate the paths are correct. I have also tried with and without the "& " on the remote call to setup. Other Invoke-Command calls are working, so I doubt it is a permissions issue. I have verified that the return from the pwd call is the expected directory.
How do I get the install to work?
What error (if any) are you receiving? Unfortunately, you must run the shell as admin on your local machine to be able to connect to your local machine with invoke-command or any WINRM based command that requires administrative privilege (this is not a requirement when connecting remotely).
When connecting to loopback, I believe it is unable (for some security reason) to enumerate groups and determine if you are in an admin enabled AD or local group, which is how it auto elevates when invoking on a remote machine. The only solution may be to have a conditional which checks for localhost and if so, don't use the -ComputerName parameter.
This GitHub Issue covers it
You might try using Start-Process in your script block:
cd $path
start-process setup.exe -arg "/quiet"
Not sure if you will want or need to wait. Look at help for Start-Process.
I have had weird issues when trying to remotely execute a script on a local machine. In other words, remote powershell to the local machine. It comes back with an error that seems to say that PowerShell remoting is not enabled on the machine, but it was. I can run the script remotely from another machine to the target, but when using remoting to the same box, the issue crops up.
Verify that the WinRM service is running.
Verify powershell remoting has been enabled as in Enable-PSRemoting -force.
Verify your powershell execution policy is loose enough as in Set-ExecutionPolicy Unrestricted, for example. If the policy was set to RemoteSigned, this might be the problem.
You might also want to verify the user you are running the script as (locally, but using remoting) has privileges to "log on as a service" or as a batch job. Just guessing there, if the above list doesn't solve anything.