getting "[Connect-MsolService], HttpRequestException" with a service account

getting "[Connect-MsolService], HttpRequestException" with a service account - powershell

I have an issue when connecting to MSonline using a service account to run scheduled tasks
When running the following lines under my admin account, it connects fine but if I run it under a service account (srv_scheduler), it fails
#Load MSOL Module
Import-Module -Name MSOnline
# Define variables.
$usr = "srv_m365_read#xxxxxx.com"
$pwd = ConvertTo-SecureString 'xxxxxx' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PsCredential $usr,$pwd
#Load MSOL Module
Connect-MsolService -cred $cred
Connect-MsolService : An error occurred while sending the request.
At line:1 char:1
+ Connect-MsolService -cred $cred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], HttpRequestException
+ FullyQualifiedErrorId : System.Net.Http.HttpRequestException,Microsoft.Online.Administration.Automation.ConnectMsolService
The service account has MFA disabled. What am I missing ?
Thanks.
Gaetan

Related

I want to store encrypted credentials and use them to open a powershell instance and run a script that makes a change to a field in AD

Below is my code, I've used the same process for connecting to sftp securely. I'm getting the error at the bottom of my post. Not sure if I'm missing a step in the creation of the key and password. Thanks.
#Set the credentials
$Password = Get-Content "c:\password.txt" |
ConvertTo-SecureString -Key (Get-Content "c:\aes.key")
$Credential = New-Object System.Management.Automation.PSCredential ('serviceaccount', $Password)
# Start a new instance of Windows PowerShell using the credentials
# stored in $Credential and run the script in $scriptblock
$powershellPath = "$env:windir\system32\windowspowershell\v1.0\powershell.exe"
$process = Start-Process $powershellPath -Credential $Credential -NoNewWindow `
-ArgumentList ("-ExecutionPolicy Bypass -noninteractive -noprofile " + $scriptBlock) -PassThru
# Script to execute in the new PowerShell instance
$scriptBlock = {
Import-Module ActiveDirectory
Get-ADUser ecarlsson | Set-ADUser -Manager bbob
Read-Host
}
I tried the code above and go the password error below.
Start-Process : This command cannot be run due to the error: The user name or password is incorrect.
At\filepath \\fV3.ps1:7 char:12
+ $process = Start-Process $powershellPath -Credential $Credential -NoN ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

Excute Shell Script remotely to Azure Linux VM

i'am trying to excute a shell script to an azure linux virtual machine using powershell
Why I'm i using powershell? :
The virtual machine has a Copied VHD from storage account which means it doesn't have Azure VM agent
so i can't use :
azure vm extentions
azure vm Runs
i tried also using an automation runbook with the ssh module and got those errors :
Exception calling "Connect" with "0" argument(s): "Server HMAC algorithm not found" At C:\Modules\User\SSH\SSH.psm1:68 char:5 + $SSHConnection.Connect() + ~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : SshConnectionException
and
Exception calling "RunCommand" with "1" argument(s): "Client not connected." At C:\Modules\User\SSH\SSH.psm1:69 char:5 + $ResultObject = $SSHConnection.RunCommand($ScriptBlock.ToString() ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : SshConnectionException
which is based on my understanding caused by the vm that is missing KexAlgorithms to describe which methods are supported by the SSH daemon
What i'm trying to do now is to ssh into the vm and excute the command using powershell
here is what i got now (a Powershell scripot to ssh into the vm and excute a command):
$Password = "pwd"
$User = "pwd"
$ComputerName = "ip adress"
$Command = "touch tst.txt"
$secpasswd = ConvertTo-SecureString $Password -AsPlainText -Force
$Credentials = New-Object System.Management.Automation.PSCredential($User, $secpasswd)
echo 'logging...'
$SessionID = New-SSHSession -ComputerName $ComputerName -Credential $Credentials #Connect Over SSH
echo 'Executing...'
$output = (Invoke-SSHCommand -Index $SessionID -Command $Command).Output
Remove-SSHSession -Name $SessionID | Out-Null
im getting this error :
Invoke-SshCommand : A parameter cannot be found that matches parameter name 'Index'.
At C:\Users\octoadmin\Desktop\sign in.ps1:11 char:30
+ $output = (Invoke-SSHCommand -Index $SessionID -Command $Command).Out ...
+ ~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Invoke-SshCommand], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Invoke-SshCommand
i looked in the internet but couldn't find anything.
apparently the ssh invoke command can't find a session with the index $SessionID
but i don't know where exactly is the problem
hope someone can guide me to the right direction.

Updating Posh-SSH worked for me with this code :
to install Posh-SSH :
Install-Module -Name Posh-SSH -RequiredVersion 2.1
The Script:
$Command = "fetch $scripturl; sh script.sh"
$secpasswd = ConvertTo-SecureString $Password -AsPlainText -Force
$Credentials = New-Object System.Management.Automation.PSCredential($User, $secpasswd)
$ComputerName = Get-AzPublicIpAddress -ResourceGroupName $RG -Name $IPName | Select-Object -ExpandProperty ipAddress
echo 'ip is : '
echo $ComputerName
echo 'logging...'
$SessionID = New-SSHSession -ComputerName $ComputerName -AcceptKey -Credential $Credentials
echo 'Exucuting...'
$Query = (Invoke-SshCommand -SSHSession $SessionID -Command $Command).Output
echo $Query
Remove-SSHSession -Name $SessionID | Out-Null

Remove-ItemProperty does not support credentials

I tried to remove registry object using admin credentials by powershell
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User,$pass
Invoke-Command -ScriptBlock {Remove-ItemProperty -Path "HKCU:\Software\Policies\Microsoft\office\16.0\outlook\security" -Name "clearsign" -Credential $Credential}
But i got en error below:
The provider does not support the use of credentials. Perform the operation again without specifying credentials.
At line:1 char:1
+ Remove-ItemProperty -Path "HKCU:\Software\Policies\Microsoft\office\1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotImplemented: (:) [], PSNotSupportedException
+ FullyQualifiedErrorId : NotSupported
Based on what microsoft documentation says i have to do use -credentials with Invoke command since it is not supprted , but its still not working
any suggestion how i suppose to do it ?

Start-Process : This command cannot be run due to the error: Logon failure: unknown user name or bad password

I am using following code for running exe from PowerShell. However, it is throwing the error mentioned in the subject.
$uid = "ABCDomina\builder"
$pwd = "password"
$Args = "-Verb RunAs -Wait -passthru"
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList #($uid,(ConvertTo-SecureString -String $pwd -AsPlainText -Force))
Start-Process -FilePath C:\windows\system32\system32\notepad.exe -Credential ($cred) -Argumentlist $Args
Error:
Start-Process : This command cannot be run due to the error: Logon failure:
unknown user name or bad password.
At C:\CD_Clinical\Nightly\DataLabs\Untitled1.ps1:5 char:1
+ Start-Process -FilePath C:\windows\system32\system32\notepad.exe -Credential ($c ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

Why not use -Credential Get-Credential? it seems a bit pointless as well trying to convert an item to a secure string if you are displaying it plain text, this will mean it gives you a prompt for username and password.
But if thats the route you want to go down then this should work.
$MyCredential=New-Object -TypeName System.Management.Automation.PSCredential `
-ArgumentList $Uid, ($pwd | ConvertTo-SecureString -AsPlainText -Force)

Script to Re-Join Domain with Powershell

Sorry for my English.
I have VMs on VMWare ESXi running Windows 7. All of the machines are in domain, but sometimes they leave domain, so I need to rejoin it. I wrote simple script to do this:
$credential = New-Object System.Management.Automation.PsCredential("mydomain\user", (ConvertTo-SecureString "password" -AsPlainText -Force))
Add-Computer -WorkGroupName TEMP -Credential $credential
Add-Computer -DomainName "mydomain" -Credential $credential
Restart-Computer
But it doesn't work; I have this error:
Add-Computer : This command cannot be executed on target computer('') due to following error: An existing connection was forcibly closed by the remote host.
At C:\Tools\Re-Join.ps1:2 char:13
+ Add-Computer <<<< -WorkGroupName TEMP -Credential $credential
+ CategoryInfo : InvalidOperation: (:) [Add-Computer], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.AddComputerCommand<br>
If I manually join 'workgroup' and then run the script all works fine.

Here's the script I use to join domain:
$computer = Get-WmiObject Win32_ComputerSystem
$computer.JoinDomainOrWorkGroup("cloud.com" , "PASSWORD HERE", "USER", $null, 3)
Restart-Computer -Force

You may add an unjoin before the join, you won't need to reboot before rejoining the domain:
$computer.UnJoinDomainOrWorkGroup("PASSWORD HERE", "USER", 0)