I have a script that I created and it works fine locally with no errors. I'm using a powershell script to pull all the Active Directory Users. When I run the job on the Jenkins Server it fails. The slave server is running Windows 2012 Server and the Master is Linux.
This is the error message that I am getting:
PowerShell Script] $ powershell.exe -NonInteractive -ExecutionPolicy ByPass "& 'C:\Users\Jenkins$\AppData\Local\Temp\jenkins275111606630255654.ps1'"
Get-ADUser : Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.
At C:\Users\Jenkins$\AppData\Local\Temp\jenkins275111606630255654.ps1:1 char:1
+ Get-ADUser -Filter * -SearchBase "dc=,dc=com" -properties *|Select-Object N ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [Get-ADUser], ADServerDownException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADU
The server is running Active Directory Web Services the server is up and running the slave can talk to the active directory server. I removed some of the domain credentials in this post. I have the plugin installed for powershell.
Related
I have a remote machine where PS-Remoting enabled and I am able to run commands and scripts from my client/workstation. I want to run certain tasks as different user, in other words not the same user as I connect the remote-session.
Why I am doing this ?
I am using puppet-bolt for remote execution, where I can re-use some already existing puppet modules. And this bolt tools uses WinRM.
Issue I am facing is, while executing the below command directly on the remote machine works fine. I am using jetbrains runas utility.
# Executing this command directly on the remote machine's powershell prompt works.
C:\agent\tools\custom_runas.exe '-u:ad_domain\username' '-p:password' C:\Windows\System32\HOSTNAME.EXE
If I execute the same command over PS-RemoteSession (or) Invoke-Command gives me same error again. User which I use to connect WinRM service is an administrator user.
PS C:\WINDOWS\system32> Invoke-Command -ComputerName $CName -Credential $Crdn -ScriptBlock { C:\agent\tools\custom_runas.exe '-u:ad_domain\username' '-p:password' C:\Windows\System32\HOSTNAME.EXE }
JetBrains RunAs x86 1.0.0.061
Copyright (C) 2017 JetBrains. All rights reserved.
Runs a process under the specified windows user account.
Argument(s): -u:ad_domain\username -p:***** C:\Windows\System32\HOSTNAME.EXE
Settings:
user_name: username
domain: ad_domain
working_directory: C:\Users\UserName\Documents
exit_code_base: -100000
integrity_level: auto
inheritance_mode: auto
show_mode: hide
self_testing: 0
executable: C:\Windows\System32\HOSTNAME.EXE
NotSpecified: (:String) [], RemoteException
+ CategoryInfo : NotSpecified: (:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : remotemachine
NotSpecified: (:) [], RemoteException
Error: Access is denied.
CreateProcessWithLogonW returns the Win32 error 0x00000005.
command_line_args:
Some observations, running "runas" command on the PSRemoteSession session doesn't wait for entering password and I also tried using PsExec.exe apart of JetBrains runas which also has the same behavior.
I have a TFS build definition contains a PowerShell Script build step. I would like to run the following command on a remote computer(DEVWS45PC) which should restart the service named StartSeleniumGridHub:
winrm s winrm/config/client '#{TrustedHosts="DEVWS45PC"}'
Restart-Service -InputObject $(Get-Service -Computer DEVWS45PC -Name StartSeleniumGridHub)
This gives me this error:
##[error]Get-Service : Cannot find any service with service name 'StartSeleniumGridHub'.
At E:\builds_2017\killBrowsersOnAllNodesAndRestartHub.ps1:43
char:36
+ Restart-Service -InputObject $(Get-Service -Computer DEVWS45PC -Name StartSe ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (StartSeleniumGridHub:String) [Get-Service], ServiceCommandException
+ FullyQualifiedErrorId : NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.GetServiceCommand
Restart-Service : Cannot validate argument on parameter 'InputObject'. The argument is null or empty. Provide an
argument that is not null or empty, and then try the command again.
At E:\builds_2017\killBrowsersOnAllNodesAndRestartHub.ps1:43
char:34
+ Restart-Service -InputObject $(Get-Service -Computer DEVWS45PC -Name StartSe ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Restart-Service], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.RestartServiceCommand
I can run this script without any problem from any of my computers. Note that 'DEVWS45PC' is truly set as a trusted host on the TFS build agent computer, so it's not the problem.
I have no clue what is the problem. Maybe authentication problems?
You could manually RDP to the remote machine DEVWS45PC with your build service account and run the powershell script.
Most likely lacking of permissions of your build service account(Due to could not find the service). Suggest you add the service account to your local Administrator group on the remote machine DEVWS45PC and try again.
Also make sure you are using the PowerShell on Target Machines task instead of powershell task in the build definition.
I need to run in PowerShell script cmd command, which command will be running on remote cmd line. So I put in my script
Invoke-Command -ComputerName $line -scriptblock {cmd.exe /c "whoami"} -credential $Cred
and it works, but only if on remote host was run Enable-PSRemoting -Force
Otherwise I get error:
[192.168.1.1] Connecting to remote server 192.168.1.1 failed with the following error message : Access denied. For more information, see the about_Remote_Trou
bleshooting Help topic.
+ CategoryInfo : OpenError: (192.168.1.1:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken
I need run that command to many (about 200) remote hosts, so the question is how can I do this without manually running on each remote host Enable-PSRemoting -Force? Server is in domain but romote hostd don't.
If your servers are on a domain, you could enable PS Remoting on them all via Group Policy: https://www.briantist.com/how-to/powershell-remoting-group-policy/
I want to install Windows certificate in Windows based Vagrant machine via PowerShell.
I tried to use this command
vagrant.exe powershell - c "Import-Certificate -Filepath C:\vagrant\Microcosm.cer"
But I revived an error
vagrant.exe : The machine with the name '-' was not found configured for
At line:1 char:1
+ vagrant.exe powershell - c "Import-Certificate -Filepath C:\vagrant\M ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (The machine wit... configured for:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
this Vagrant environment.
Isn't that a typo in your command? Shouldn't that be -cinstead of - c (mind the space) after the powershell verb.
I'm running Windows 2019 Core and having difficulty sharing a folder on my network; however, I am able to see, from the network, that I can reach a location shared through IIS on the VM's host machine. (running IIS with Access to a folder on the host machine) The network uses a domain issued certificate so the certificate should be accepted but it is not.
Workaround:
[Net.ServicePointManager]::ServerCertificateValidationCallback= {$true}
[Net.ServicePointManager]::SecurityProtocol = [Net.ServiceProtocolType]:: Tls -bor [Net.ServicePointManager]::SecurityProtocol = [Net.ServiceProtocolType]:: Tls11 -bor [Net.ServicePointManager]::SecurityProtocol = [Net.ServiceProtocolType]:: Tls12
$url=https://192.168.1.1/ChromeSetup.exe"
$WebClient=New-Object System.Net.WebClient
$WebCleint.DownloadFile($url,"C:\ChromeSetup.exe")
On the non-domain server SERVER I have a local administrator account USER.
On the domain client machine I am running as a domain user.
Using the following code I attempt to view all services on SERVER
$cred = Get-Credential "SERVER\USER"
Invoke-Command -ComputerName SERVER -ScriptBlock {Get-Service} -Credential $cred
However, I receive the following error
Cannot open Service Control Manager on computer '.'. This operation might require other privileges.
+ CategoryInfo : NotSpecified: (:) [Get-Service], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.GetServiceCommand
Yet, if I RDP to SERVER as USER, I can manually open a Powershell window and run Get-Service without any issues. What's going on?
When remoting cross-domain, the remote command/session will not run with administrative rights. Even though you're connecting as a local admin, the resulting PSSession will not be elevated.
To fix this, you need to set the registry key LocalAccountTokenFilterPolicy located in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System to 1. See Microsoft for more details