I'm trying to solve this problem since a long time, every execution I perform on TF.exe command, is throwing TF30063 exception, when i'm the admin and the only user of my TFS.
Problem: Try to execute this in a clean machine, without any visual studio user logged in on visual studio, IMPORTANT: also remove your user from windows credentials.
tf.exe workspaces /computer:mycomputer
This modal pops up prompting for credentials, but I need something to be run in a command window without user interference, so checking help I see that you could send /login:user,password
Then, again let's try with that in the command:
tf.exe workspaces /computer:mycomputer /login:myuser#outlook.com,MyPassword
And now, I get the following exception:
TF30063: You are not authorized to access xxx
BUT, and for the last, if I login on that popup (which I don't want to do because it will be a remote build service) suddenly all commands works fine.
What is the point of having /login command if is not useful here? is there a way to perform this login without prompt?
Thanks for the help!
It seems you are using VSTS, not on-premises TFS. Usually /login option can be used on on-premises TFS, we use the /login option to specify the Team Foundation Server user account to run a command.
If you want to use on VSTS, you need to get a OAuth token, and specify /loginType:OAuth. The command line is:
tf workspaces /collection:https://xxxx.visualstudio.com /loginType:OAuth /login:.,[OAuth token]
Add a screenshot:
I know it's been very long since this thread is opened but I recently experienced the same issue and resolved it by following the below steps. This maybe helpful for people who will get stuck with this issue in future...
Yes, I have faced the same issue and was able to resolve the issue finally :)
The problem is that tf.exe command with the switch "/login:username,password" works as expected with the onprem versions, however you have to use OAuth for saas version. Please find the below example command for saas version for your reference.
tf workspaces /collection:https://dev.azure.com/OrganizationName /loginType:OAuth /login:.,OAuthtoken
To generate the OAuth token you should be using the following article as a reference.
https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops
Hope this helps someone at some point of time :)
Related
Is there any way to find and re-run an earlier instance of a Power Automate workflow programmatically?
I can do this manually: download the .csv file containing the instances, search in the Trigger output column the one I want, get the id, copy-paste the run URL, and click resubmit.
I tried with Power Automate itself:
The built-in Flow Management connector supports only to find a specific flow by name, and does not even go to the history.
PowerShell:
Installed the PowerApps module, I can list the instances with
Get-FlowRun -FlowName {flow name}
But I don't see the same properties as in the exported .csv file, and there's also no Run-Flow command that would let me run it.
So, I am a little stuck here; could someone please help me out?
We cannot programmatically resubmit the Flow run from the history with PowerShell or by any other api method yet.
But can avoid some manual work by using workflow function in a Flow compose step, we can automate the composition of Flow history run url. Read more
https://xxx.flow.microsoft.com/manage/environments/07aa1562-fea6-4583-8d76-9a8e67cbf298/flows/141e89fb-af2d-47ac-be25-f9176e64e9a0/runs/08586722084717816659969428791CU12?backUrl=%2Fflows%2F141e89fb-af2d-47ac-be25-f9176e64e9a0%2Fdetails&runStatus=Failed
There are 3 guids that I need to find aso that I can build up the flow history url.
The first guid is my environmentName (07aa1562-fea6-4583-8d76-9a8e67cbf298), then I’ve got the flow name ( 141e89fb-af2d-47ac-be25-f9176e64e9a0) and finally the run (08586722084717816659969428791CU12).
There is a cmdlet from Microsoft 365 CLI to resubmit a flow run
m365 flow run resubmit --environment flowEnvironmentID --flow flowGUID --name flowRunID –confirm
You can also resubmit a flow run using Power Automate REST API
https://api.flow.microsoft.com/providers/Microsoft.ProcessSimple/environments/{FlowEnvironment}/flows/{FlowGUID}/triggers/manual/histories/{FlowRunID}/resubmit?api-version=2016-11-01
For the Power Automate REST API, you will have to pass an authorization token.
For more information, go through the following post
https://ashiqf.com/2021/05/09/resubmit-your-failed-power-automate-flow-runs-automatically-using-m365-cli-and-rest-api/
I've been chasing this problem around for a while now and I can't get to the bottom of it. I've read the other solutions on here (https://identityserver4.readthedocs.io and https://github.com/IdentityServer/IdentityServer4.Quickstart.UI) and it's still not working, so I've tried to reduce this down to the absolute basics. This is not the actual problem I am facing, but produces the very same outcome. i.e. I can't get Windows Authentication to work.
I clone https://github.com/IdentityServer/IdentityServer4.Samples
I amend Quickstarts/7_JavaScriptClient/src/QuickstartIdentityServer/Quickstart/Account/AccountController.cs so that WindowsAuthenticationEnabled is true
I then goto http://localhost:5000/account/login and attempt to use the Windows external provider and I get 401.
The only difference with this simple sample here, and what I see on my actual system is that I'm getting challenged for credentials on my real site.
Debugging the code I never see if(HttpContext.User is WindowsPrincipal) succeeding, because it's always a ClaimsPrincipal.
Can someone explain to me what I'm doing wrong?
Do you have windows authentication enabled on your IIS site? This needs to be enabled for your WindowsPrincipal to be assigned. Note that windows authentication only works when running behind IIS or IIS Express.
I have been working diligently to get Dynamics Installed on Azure, I have made it a good way through the Example-1VM.ps1 before encountering a failure to 'Install-AzureWinRMCertificate' error message indicating access denied. The error is coming while running the PowerShell script 'New-NAVAdminSession.ps1' I can see from looking in Azure, much of the work has been done properly from the Example-1VM.ps1 file, but I'm not sure what is next, Can I manually install the certificate and if so may I know how? If not, how do I correct this so I can re-run the Example-1VM.ps1 script.
Thanks to Walter slapping me upside the head (kindly of course) to double check if I was running PowerShell ISE as Administrator I was able to get this resolved.
Once I exited PowerShell ISE and re-entered the desktop application with the option 'run as Administrator' all worked fine.
Just goes to show sometimes we are too close to our own problems.
Cheers Walter
According to your error log, it seems a permission issue. Please close your PowerShell and run PowerShell Run as Administrator.
Greeting Everyone,
Hoping someone has a quick insight but I am getting access denied on a service account using the PowerShell command Remove-CMDevice.
This process is as per outlined here, https://technet.microsoft.com/en-us/library/jj821759(v=sc.20).aspx
The account has permission to remove devices from SCCM and this works fine through the GUI but not the command line. I have been unable to find documentation on what permissions the account need to do this via command line, it works fine manually in the GUI.
If anyone can shed light on this it will be wonderful, I do want to keep this service account as having as minimal permissions as possible.
Many thanks,
Edit to Add Image as follows,
After a lot of testing, I'm here with an answer on the Permission part when using PowerShell console to remove CM system object. Of course the symptom is the same: The account can delete from Admin console, however, when using PowerShell, it failed with Permission error message.
The account to perform the Remove-CMDevice cmdlet must have proper RBA Permission on the object. Assume the security scope is default one, the account connected to Configuration Manager console must have below RBA permission which I tested is almost minimal permission:
In the screenshot the Collection part, the permission is easy to understand, Read, Delete Resource, etc.
For the Computer Association part, you may get confused, why?
Steps I did the troubleshooting:
I opened a PowerShell Console connecting to Configuration Manager using my test account and run below command to see what will happen:
Remove-CMDevice 'Rsuraceccc' -Verbose
I got below error:
Yes, it's trying to querying from the SMS_StateMigration. Then I try to run a simple command:
Get-WMIObject -NameSpace root\sms\site_clt -Query 'Select * from SMS_StateMigration'
Once again, I got error. So I get the conclusion that the account needs Permission on SMS_StateMigration. So I add 'Recover User State' permission of Computer Association on the role and tried again, cheers, this time all command runs successfully.
I don't know why it's using SMS_StateMigration, but this is the case here.
All,
I am trying to use a certificate to authenticate against azure instead of using the Azure-AddAccount. So I did the following in an administrator powershell console, i followed the instruction located at http://azure.microsoft.com/en-us/documentation/articles/install-configure-powershell/ :
Get-AzurePublishSettingsFile
This prompted me to login and download the publishsettings file. I placed the file in the same folder as the powershell console is.
Import-AzurePublishSettingsFile "D:\Dev\Powershell\azure.publishsettings"
This command doesn't return anything. I am not sure if it worked, but if I put an invalid name it blows up so I assume it works.
Get-AzureStorageAccount
I get the error "Get-AzureStorageAccount : Your credentials have expired. Please use Add-AzureAccount to log in again." At this point I thought I imported my certificate and this should work, but it doesn't. Am I missing a step? I have multiple subscriptions, maybe thats the problem?
You still need to use Add-Account in addition to importing the publish settings file. Add-Account will prompt you for the user you wish to authenicate with when running certain commands.
Add-Account utilises a different authentication mechanism to the cert-based setup with the PublishSettings File and it necessary to use both in certain scenarios (such as yours).