I am working on SharePoint add-in to create high trusted app. I am trying to create SharePoint add-in using certificates. I took Create high-trust SharePoint Add-ins as the reference. I have successfully generated .pfx and .cer file. Now, the next step is to configure SharePoint. I have opened my SharePoint Online Management Shell in Administrator mode. I executed these 2 lines successfully.
$publicCertPath = "C:\Certs\HighTrustSampleCert.cer"
$certificate = New-Object
System.Security.Cryptography.X509Certificates.X509Certificate2($publicCertPath)
As soon as i entered New-SPTrustedRootAuthority -Name "HighTrustSampleCert" -Certificate $certificate, I got the following exception.
New-SPTrustedRootAuthority : The term 'New-SPTrustedRootAuthority' is not recognized as the name of a
cmdlet,
function, script file, or operable program. Check the spelling of the name, or if a path was
included, verify that the
path is correct and try again.
At line:1 char:1
+ New-SPTrustedRootAuthority -Name "HighTrustSampleCert" -Certificate $ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (New-SPTrustedRootAuthority:String) [],
CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
I don't know, why am I getting this error. Is there any other way to generate high trusted SharePoint add-in?
High-trust add-in cannot be installed to Microsoft SharePoint Online, you need use low-trust for SharePoint online.
Related
To start, I am using Windows 7, I am a full adminstrator on this machine
I have tried other machines and ran as an administrator as well
I am only a sharepoint site collection admin
In powershell we connect to Sharepoint online. during this process, if I use Connect-PnPOnline -Url $masterSiteUrl -useweblogin, I get prompted for a username, however the next screen is blank and stays there.
when I do a view source of that page I get
d>Redirecting....myshn.net/certcheck" method="POST">
I do have scripting enabled and sometimes I get a certificate issue, I have clicked "Install Certificate" although I am not sure what it did, but it still doesnt work
Ive also tried -SPOManagementShell and -ClearTokenCache
and get the following error
Connect-PnPOnline : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:1
+ Connect-PnPOnline -Url $masterSiteUrl -useweblogin -spoManagementShel ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Connect-PnPOnline], ParameterBindingException
+ FullyQualifiedErrorId : AmbiguousParameterSet,SharePointPnP.PowerShell.Commands.Base.ConnectOnline
See this:
Connect to all Office 365 services in a single Windows PowerShell
and this...
Connect to all Office 365 Services PowerShell - Supports MFA too
Using our All-in-One PowerShell script, you can connect to all Office
365 Services using a single cmdlet. It supports both MFA and non-MFA
account -Exchange Online -Azure AD -SharePoint Online -Skype for
Business Online -Security & Compliance Center -Teams
Download: ConnectO365Services.ps1
O365_Logon 1.1
O365 logon cmdlets to assist IT administrators. In this module, there
are several cmdlets that simplify the process of logging onto various
O365 components.
Here's the problem:
When I run my PowerShell script manually, everything works fine. But it doesn't work via task scheduling.
The reason is probably my stored credentials for Active Directory and Mobile Device Management.I stored them with "Export-Clixml" but the xml files cant be read when i open the script with task scheduler. Without it works perfect.
The task scheduler is executed with the same user who saved the credentials in the XML before.
I hope you understand what I mean.
Edit 1:
I've tried the Solution from "Bender the Greatest".
Unfortunately it still doesn't work. I exported my credentials with "Export-Clixml" and import them with "Import-Clixml".
It doesn't matter if I generate them manually via my admin account or via the system account (with psexec). If I then execute it via the corresponding account with which the credentials were generated, it still doesn't work.
But it seems to find the credentials (I saw that in the log). But The import doesn't seem to work.
If I manually include the credentials in the script it works fine, but I would have liked to store them encrypted.
[Lizenzauswertung] Überprüfe Zugangsdaten
[Lizenzauswertung] MDM Zugangsdaten gefunden - Credentials found
[Lizenzauswertung] MDM AccessToken gefunden - Credentials found
[Lizenzauswertung] AD Zugangsdaten gefunden - Credentials found
Here im trying to decrypt the Password from the XML File:
It is not possible to call a method for an expression that has NULL.(Translated)
In C:\Scripts\ADAuswertung\AD_Auswertung_GKZ.ps1:171 Zeichen:1
+ $PSCPW = $CredsMDM.GetNetworkCredential().Password
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
It is not possible to call a method for an expression that has NULL.(Translated)
In C:\Scripts\ADAuswertung\AD_Auswertung_GKZ.ps1:171 Zeichen:1
+ $PSCPW = $CredsMDM.GetNetworkCredential().Password
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
This is a replacement for the username to have the right spelling for a webrequest:
It is not possible to call a method for an expression that has NULL.(Translated)
In C:\Scripts\ADAuswertung\AD_Auswertung_GKZ.ps1:172 Zeichen:1
+ $RPSCUser = $PSCUser.Replace("INTRA","intra.lan")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
It is not possible to call a method for an expression that has NULL.(Translated)
In C:\Scripts\ADAuswertung\AD_Auswertung_GKZ.ps1:172 Zeichen:1
+ $RPSCUser = $PSCUser.Replace("INTRA","intra.lan")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Here you can see the errors that occur when importing the MDM credentials. The reason for the errors is described above. I edit the credentials after importing them before they are passed to the script.
The MDM Access Token is not encrypted and can be read.
The AD credentials are not processed beforehand, but passed directly to the AD commands. Therefore, no error is displayed here. Since it does not finish the AD report, which I saw in the log, these are not imported either.
Here is a little Codesnippet of the Import/Export. Just got the code here for the MDM credentials. The other queries are the same.
If (Test-Path $CredentialsMDM){
$CredsMDM = Import-Clixml -Path $CredentialsMDM
Write-Host "[Lizenzauswertung] MDM Zugangsdaten gefunden" -ForegroundColor Green
} else {
Write-Host "[Lizenzauswertung] MDM Zugangsdaten nicht gefunden" -ForegroundColor Yellow
Get-Credential -Message "Zugangsdaten für MDM / Airwatch" | export-clixml -path $CredentialsMDM
$CredsMDM = Import-Clixml -Path $CredentialsMDM
}
Write-Host "[Lizenzauswertung] Zugangsdaten überprüft" -ForegroundColor Green
$PSCUser = $CredsMDM.UserName
$PSCPW = $CredsMDM.GetNetworkCredential().Password
$RPSCUser = $PSCUser.Replace("INTRA","intra.lan")
$AccessToken = $CredsMDMAT.accesstoken
$Auth = $CredsAD
(I am sorry for the spaghetti code.)
You need to provide the error you're getting but I'm going to take a shot in the dark here. I'm guessing you're either exporting secretAD.xml as one user and running your script as another user from Task Scheduler, or exporting secretAD.xml on another computer/server. By default, credentials are able to be decrypted only by the user that built it on that specific server. This is how Windows' Data Protection API (DPAPI) works.
The easy way to fix this is to generate secretAD.xml as the user you intend to run the script as. You can specify your own key for decryption, which can be used by any user on any box, but you will need to figure out a method of secure delivery of the decryption key to the runtime. If you want/need to run the script as NT Authority\SYSTEM, I recommend using psexec to open an interactive SYSTEM Powershell session, generate the credential, and then use Export-CliXml to serialize the credential to secretAD.xml.
Note that the default DPAPI key gets changed when an account password is rotated, so you'll need to remember to rebuild the credential when that happens.
I've found the solution to my problem.
The reason was that the path to the credentials was ".\secretMDM.xml".
The task scheduler executes the script at a different location.
Therefore I had to specify the whole path of the file.
Thanks for the help anyway.
Edit:
Out of interest I created the "Credential" - XML files with the Task Scheduler. Have a look where it stores the files ;)
We have a WebDAV site that runs on IIS. From PowerShell we try to download a folder info
Get-ChildItem \\webserver#SSL\davwwwroot\webdav\Folder1\Folder2 -Name
It says
'\\webserver#SSL\davwwwroot\webdav\Folder1\Folder2' because it does not exist.
At GetWebDAVFolderContents.ps1:33 char:10
+ $items = Get-ChildItem $url -Name
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (\\webserver#SSL\...der1\Folder2:String) [Get-ChildItem], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand
The folder does exist. The very strange things: we start the File Explorer on that client PC, enter an URL like https://inside.mycompany.com/it/site which is a WebDAV site on our company's SharePoint site, then it asks for a login. After successful login to this site, the PowerShell script begins to work, drops no error anymore, and can download the Folder1\Folder2 info from our WebDAV site.
Why? How can I avoid to manually enter a login information to another site to get this script work? Is it because our WebDAV site is not correctly configured under the IIS?
It happens that a local service named "WebClient" is needed to be started. By default it is "manually" start with "trigger". It seems that the powershell way it won't trigger the service start, but the explorer thing will. As it remains started the powershell script suddenly works. The solution is to change the service start to automated, and 'till now it works.
To use Azure Machine Learning Web service here you can find some sample code in C#, R, Python and JavaScript. I want to use it in PowerShell.
I found this tutorial, but when I am running bellow line of code, it will return error that it is not recognized:
Set-AzureMLWebServiceConnection -URI $Url -APIKey $API_key
Output:
Set-AzureMLWebServiceConnection : The term 'Set-AzureMLWebServiceConnection' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Users\Reza\Desktop\ndbench\Azure\Automation\01_get_metrics\add_target_to_tables - runbook_01.ps1:33 char:1
+ Set-AzureMLWebServiceConnection -URI $Url -APIKey $API_key
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Set-AzureMLWebServiceConnection:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
I can't found Set-AzureMLWebServiceConnection in my PowerShell command-list and I don't know how I can enable/install it.
Can you please guide me, how I can connect to Azure Machine Learning Web service using PowerShell?
The comment #gvee mentioned may be the best to use going forward though it is in beta.
However, to answer your question, use the Install-Module -Name AzureML command to get access to the Azure ML commands.
I'm trying to deploy my first web part on 2010. I developed a web part using VS2008 and tested it on SP2007.
I copied the CAB to the 2010 server and tried to use the power shell to install it:
PS C:\Users\sa_portalt> Install-SPWebPartPack -LiteralPath "c:\transfer\webparts\redirectwebpart.cab" -Name "RedirectWebPart"
Install-SPWebPartPack : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:22
+ Install-SPWebPartPack <<<< -LiteralPath "c:\transfer\webparts\redirectwebpart.cab" -Name "RedirectWebPart"
+ CategoryInfo : InvalidArgument: (:) [Install-SPWebPartPack], ParameterBindingException
+ FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.SharePoint.PowerShell.SPCmdletInstallWebPartPack
What am I doing wrong? Is this the right way to install web parts?
If you can, I recommend you upgrade to Visual Studio 2010 which has built-in support for SharePoint 2010. When you build a project built from the SharePoint template it will create the wsp for you. You can also immediately deploy to the local server from VS2010 so you never need to get into PowerShell on your local development machine.
When you need to deploy to a different server, you can then run
Add-SPSolution -LiteralPath C:\webparts\MyWebPart.wsp to add the solution to Central Administation
and then
Install-SPSolution -Identify MyWebPart.wsp -WebApplication http://mySharePointserver to deploy the solution to the specified web application
This was the first article I found that provided the actual answer, however, in the Install-SPSolution, there is a typeo, the -Indentify parameter should be -Identity
Also, in most cases (if adding to the GAC) need to add the -GACDeployment to the Install-SPSolution.
So the line should look like:
Install-SPSolution -Identity BasicWebPart.wsp -WebApplication http://vsp -GACDeployment