I started to use the API on the PowerShell by instruction https://automation.deepsecurity.trendmicro.com/article/12_0/set-up-cookbook?platform=on-premise under API Cookbook - > Set up to use Bash or Powershell - to extract the managed agents status from the Deep Security.
I followed the instruction to test the access to the API on the Windows PowerShell using a pre-created API key, secret, headers and Invoke-WebRequest.
The documentation says if you receive the error message “The underlying connection was closed: An unexpected error occurred on a send” need to restart the PowerShell and repeat the test. But it does not work.
Can you please help with the automation on Powershell to successfully complete the test?
Related
I have a C# console app that I wrote that is trying to enable mail for an AD user.
using (Runspace EnableMailboxRunspace = RunspaceFactory.CreateRunspace(ConnectionInfo(ExchangeServerURI, ExchangeUser, ExchangePassword)))
{
EnableMailboxRunspace.Open();
// Create a pipeline to process the commands
using (Pipeline EnableMailboxPipeline = EnableMailboxRunspace.CreatePipeline())
This works just fine in the dev environment, but I cannot get it to run on any production server. When the CreatePipeline command is executed I get this error:
"Connecting to remote server pc799.csnt.princegeorge.ca failed with
the following error message : The WinRM client cannot process the
request. It cannot determine the content type of the HTTP response
from the destination computer. The content type is absent or invalid.
For more information, see the about_Remote_Troubleshooting Help
topic."
I have tried this running as multiple different users, including domain admins.
This app did work a few months ago, but now it doesn't work. We moved from a fully on prem system, to a hybrid M365/On prem system and something in that seems to have broke it.
Below is the code that I have been trying to get working from a Linux based AWS Lambda that runs PowerShell and/or C#. The code was adapted from this blog that discusses updating credentials programmatically via PowerShell. Locally, I can run this series of code called from a python script using subprocess.Popen with no issues (from a Windows machine). However, AWS is not the same. Needless to say, I have hit a wall when it comes to trying to encrypt credentials in order to make a patch request to the Power BI API (source here: Power BI Documentation). Since we are working in AWS and our deployments are done through Bamboo, the option to compile via C# and then deploy through the CLI is not available so any documentation about CLI isn't of value in this current process.
$credentialDetails = [Microsoft.PowerBI.Api.Models.CredentialDetails]::new(
$basicCreds,
[Microsoft.PowerBI.Api.Models.PrivacyLevel]::Private,
[Microsoft.PowerBI.Api.Models.EncryptedConnection]::Encrypted,
$credentialsEncryptor)
Trying to run the above code returns:
b'\nGAC Version Location\n--- ------- --------\nFalse v4.0.30319
opt/layer/modules/Microsoft.Rest.ClientRuntime.2.3.22/l\xe2\x80\xa6\nFalse v4.0.30319
opt/layer/powershell/Newtonsoft.Json.dll\nFalse v4.0.30319
opt/layer/modules/Microsoft.PowerBI.Api.3.20.0/lib/nets\xe2\x80\xa6\nDidn\'t get past creating the
credential details\n"Exception calling \\".ctor\\" with \\"4\\" argument(s): \\"Windows Cryptography Next
Generation (CNG) is not supported on this platform.\\""\n'
You guys have really helped me out with a few issues, this would be clutch if you could provide any valuable insight on how to effectively encrypt credentials to Windows expectations via Linux.
On Windows Server 2012 Datacenter with Microsoft Dynamics CRM 2016 installed, I want to run a deployment command but for every commands I get this error: "(500) Internal Server Error".
I first run this:
Add-PSSnapin Microsoft.Crm.PowerShell
and it will work fine and when I check it with get-pssnapin and Get-Help *Crm*, every thing is fine and every thing that I need is registered. but when I want to run a cmdlets command like these, I face the error: Get-CrmSetting or Get-CrmCertificate or ...
For example for Get-CrmSetting TraceSettings it give me this error:
How can I solve this problem and error?
Thanks
According to this article, you might want to try:
Get-CrmSetting –SettingType TraceSettings
Here are a couple more items to investigate, from this article:
To use the XRM tooling cmdlets, you need PowerShell version 3.0 or
later. To check the version, open a PowerShell window and run the
following command: $Host
Set the execution policy to run the signed PowerShell scripts. To do
so, open a PowerShell window as an administrator and run the
following command: Set-ExecutionPolicy -ExecutionPolicy AllSigned
Verify the (CRMDeploymentServiceAppPool Application Pool identity) has SQL SEVER SysAdmin permission. This is needed to perform any CRM configuration changes and organizational operations.
Note: it does not matter if the account executing the PowerShell is a system admin or SQL server sysadmin because these operations are executed via the deployment web service.
Deployment Web Service (CRMDeploymentServiceAppPool Application Pool identity)
....Sysadmin permission on the instance of SQL Server to be used for the configuration and organization databases.
....
(500) Internal Server Error, refers to a HTTP response status code. This means that the Powershell command is calling a URL and the URL is reporting a error.
You need to know the URL to really find out what the problem is. One way you can get the URL, is downloading Fiddler Classic. Once installed, you have to enable HTTPS decryption.
In my case the URL was...
https://<my-crm-domain>/XrmDeployment/2011/deployment.svc?wsdl
When I ran this URL on the server where CRM is installed, I got an exception stating...
Could not load file or assembly 'Microsoft.Crm.Application.Components.Application'
All this meant, I needed to copy a file, Microsoft.Crm.Application.Components.Application.dll, from C:\Program Files\Dynamics 365\CRMWeb\bin into folder C:\Program Files\Dynamics 365\CRMWeb\XRMDeployment\bin.
Once this was done, the URL worked and therefor my PowerShell command as well.
I'm trying to create a pre-build step with powershell in one of our team projects to increment the build number for all assemblies/applications within that VS solution. This is for TFS2015-update 2.
I found some example code here and there online and have pieced together what I imagine would work. I can run the powershell script manually on the TFS server (authenticated to the server as my windows account) and it works fine, but yet it won't function correctly within the build process.
Here is the sample code in question where I keep getting my error. It has to do with authentication/connection to the TFS server:
$CollectionUrl=New-Object System.Uri("$env:SYSTEM_TEAMFOUNDATIONCOLLECTIONURI")
$BuildUrl="$env:BUILD_BUILDURI"
# get the team project collection
$TeamProjectCollection=[Microsoft.TeamFoundation.Client.TfsTeamProjectCollectionFactory]::GetTeamProjectCollection($CollectionUrl)
# get the build server
$BuildServer=$TeamProjectCollection.GetService([Microsoft.TeamFoundation.Build.Client.IBuildServer])
# get the build detail
$BuildDetail=$BuildServer.GetBuild($BuildUrl)
# get the build definition
$BuildDefinition=$BuildDetail.BuildDefinition
There error I am getting is:
Exception calling "GetService" with "1" argument(s): "TF30063: You are not authorized to access http://servername/TPCName
I have tried using both the call above to get the TPC, and the constructer for it and neither works.
$TeamProjectCollection=New-Object Microsoft.TeamFoundation.Client.TfsTeamProjectCollection($CollectionUrl)
So I started trying to build a credential object based on my login credentials to the server and see if I could connect to the TPC that way. Still doesn't work (on server or in build process), but different error:
$netCred = New-Object System.Net.NetworkCredential($username,$password)
$basicCred = New-Object Microsoft.TeamFoundation.Client.BasicAuthCredential($netCred)
$tfsCred = New-Object Microsoft.TeamFoundation.Client.TfsClientCredentials($basicCred)
# get the team project collection
$TeamProjectCollection=New-Object Microsoft.TeamFoundation.Client.TfsTeamProjectCollection($CollectionUrl, $tfsCred)
Throws the exception:
Exception calling "GetService" with "1" argument(s): "TF400324: Team Foundation services are not available from the server.
I have also tried my best at modifying TFS permissions for the windows account that TFS service runs as to make sure there were no issues there. I'm fairly certain I added it to all roles/groups that my identity was in, but still the build wouldn't authenticate.
I'm at a loss at this point. Can someone help me figure out how to connect to the TFS server correctly using defined credentials, or help me adjust what permissions the service account, identity, configuration choices, etc; needed to access the teamProjectCollection.
You need to specifically instruct TFS/VSTS to allow the executing build to call back to TFS/VSTS. This protects your server for malicious developers exiting build scripts.
You should see an "enable Auth" option in the Options Tab of your Build.
**note: You should use the Task SDK provided: https://github.com/Microsoft/vsts-task-lib
Following the guide and powershell script from this article,
https://www.windowsazure.com/en-us/develop/net/common-tasks/continuous-delivery/
I've run into an extremely odd error:
9/4/2012 9:02 PM - Creating New Deployment: In progress
New-AzureDeployment : There was no endpoint listening at https://management.core.windows.net/5921d8af-88a1-4f63-9673-5e1ae1df7e8a/services/storageservices/Build_2012-09-04_02-27.1/dist/LNEC_Admin.Azure.cspkg/keys that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
It's odd because we're on build "Build_2012-09-04_08-16.1", not the one mentioned in the URL above (which no longer even exists on the filesystem). This is under Jenkins CI which runs under the NETWORK SERVICE account. If I run it by hand with my own account the same error results, but with a lnecint in place of the build directory: https://management.core.windows.net/5921d8af-88a1-4f63-9673-5e1ae1df7e8a/services/storageservices/lnecint/keys
That keyword "lnecint" isn't mentioned anywhere in any config (I've searched every file on the entire machine and TFS server). It was the name of a storage account, but it's long ago been deleted.
VS 2012, Azure SDK 1.7.1
There's definitely an issue with your endpoint. Can you check what parameters you're passing to the "New-AzureDeployment" Cmdlet?