Powershell [system.reflection.assembly].loadfile() Exception Access is denied when run by Jenkins - powershell

I have a very simple Powershell script which I want to use as part of a Jenkins build to return Assembly information. The script contains the following:
Write-Host([system.reflection.assembly]::loadfile($args[0])).FullName
When I try and call this script as part of the Jenkins build I get the following errors:
.\GetAssemblyInfo.ps1
Exception calling "LoadFile" with "1" argument(s): "Access is denied.
(Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
At C:\Jenkins\workspace\Tools\NuGetBuildSupport\GetAssemblyInfo.ps1:1 char:50
+ Write-Host([system.reflection.assembly]::loadfile <<<< ($args[0])).FullName
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
The command runs fine when it is not executing as part of the Jenkins build.
The DLL that is being passed to loadfile is not marked as Blocked
The execution policy I am using to invoke Powershell is Bypass

I recommend navigating to your servers "Services" select the Jenkins service and you can assign a specific user. As a test try giving Jenkins administrator access and if that works create another user and restrict access. The fact that it runs fine outside of the Jenkins infrastructure is an indicator for this issue.
Services: (Search for services in the start menu or the common location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools)
Navigate to the Jenkins Service
Open the properties
Select the Log in tab and set it to a user with proper permissions (E.g: administrator)

Related

ADSI commands causing Access Denied errors

I'm attempting to set the description attribute in ADSI via PowerShell, but keep getting "access denied". It's executing from a non-privileged user, but the user does have Write All Properties permissions over this object. With those permissions, I don't see why I would need to be a DA to write to that attribute.
Example shown here:
$Computer = [ADSI]"LDAP://cn=TESTER,cn=Computers,dc=lab,dc=local"
$Computer.Put("description", "test")
$Computer.setinfo()
$Computer.setinfo() Exception calling "setinfo" with "0" argument(s): "Access is denied. " At line:1 char:1 + $Computer.setinfo() + ~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI`
When I don't include the parenthesis (eg: $Computer.setinfo), it sets the attribute locally but never pushes it to AD. Yes i'm running in an elevated PS session.
As #Lee_Dailey mentioned, you'd better include the error message in the original post.
About the issue, are you running the script in an elevated prompt? It does not matter whether user has permissions on AD object or not if the resource requires running in elevated prompt. You should explicitly run as administrator if it needs. Can you please check again to see if that is the case here?

VSTS release only logs the 1st line of a Powershell exception as an error. How can I log the full exception details without enabling debug?

If I run this code (containing a null reference) in Powershell ISE
$result = $nonExistentString.Substring(0,4)
An exception is thrown and the following is output to the console
You cannot call a method on a null-valued expression.
At line:1 char:1
+ $result = $nonExistentString.Substring(0,4)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
However, if I run the same code in a VSTS release as a powershell inline script, the release log will only output the following :
2017-11-30T13:23:26.9471504Z ##[error]You cannot call a method on a null-valued expression.
This isn't enough detail to facilitate problem resolution in more complex scripts. I know I can run the scripts in debug mode and the full exception record is logged as debug entries, but this would mean we would need to run all scripts in debug at all times in order to get full exception details when they occur. Does anyone know if it possible to configure VSTS to log full exception details without having to enable debug?

Why am I getting an error when trying to remove a Microsoft.Insights/components resource?

I am trying to execute a PowerShell script that will sequentially remove Azure Resources from a resource group using a .ps1 file, and have isolated an error I am getting to whenever I try to remove the Microsoft.Insights/components resource using the command:
Remove-AzureRmResource -ResourceId "/subscriptions/e41d3122-bbd8-48dc-a212-0337139671cc/resourceGroups/TestRG/providers/Microsoft.Insights/components/WA-Stag-API-EMEA-zgqmgcwnigknu"
The error I'm getting after running this once is as follows:
Remove-AzureRmResource : {"code":"Message: {\"Errors\":[\"One of the
specified pre-condition is not met\"]}","message":"Message:
{\"Errors\":[\"One of the specified pre-condition is not
met\"]}\r\nActivityId: 845b19fa-b6b4-4952-9b62-75bfc6e98646, Request
URI:
/apps/1921ec42-1c88-4fdd-8d6c-78646cba4b15/services/a32b484a-6ee1-4ad7-ab43-4e9
d57bb0b81/partitions/fab8c193-3ec3-45e8-b7a6-0e21d1e071da/replicas/131441657816991616p","innererror":{"diagnosticcontext":"597ea546-7625-474d-b27f-560a1140a652","time":"2017-
07-18T19:41:25.3734216Z"}} At line:1 char:1
+ Remove-AzureRmResource -ResourceId "/subscriptions/e41d3122-bbd8-48dc ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Remove-AzureRmResource], ErrorResponseMessageException
+ FullyQualifiedErrorId : Conflict,Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.RemoveAzureResourceCmdlet
From what I can tell, there seems to be some kind of "pre-condition" that needs to be met before you can delete it... but the weirdest part is that if I execute the same command again, I don't get an error and the resource is successfully deleted...
Is there any reason why this would fail once, but then succeed in being deleted after executing again?
This is because the Insights is used by your Web APP. Please refer to this link. When you enable client side monitoring, you will get the error log. I test in my lab, I get the same result with you.
If you want to avoid this error log. Please refer to the following steps:
1.Delete APPINSIGHTS_JAVASCRIPT_ENABLED key.
2.Restart your app.
3.Delete Insights.

TFS build fails when running custom powershell script

I've added a Powershell script step to my on-premises TFS 2015 build definition. The script modifies assembly version in AssemblyInfo.cs file.
I tested the script with the Build Agent account in PowerShell ISE and it worked fine. However, the PowerShell step fails in TFS build with an access denied error.
The Build Agent account has full control permission to C:\agent\_work\11\s\source\MyProject\Properties folder.
Get-Content : Access to the path 'C:\agent_work\11\s\source\MyProject\Properties' is denied.
At C:\agent_work\11\s\source\MyProject\BuildScript\Update-AssembyInfoFile.ps1:64 char:10
+ (Get-Content $file) |
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\agent_work...MyProject\Properties:String) [Get-Content], Unauthorized
AccessException
+ FullyQualifiedErrorId : GetContentReaderUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetContentCommand
The script error was caused by missing the file name in the file path. The message Access to the path 'C:\agent_work\11\s\source\MyProject\Properties' is denied is kind of confusing but it gives you idea that the file name is missing in the path. The path in the error message is a folder name rather than a filename. Hence, the error occurred.

Security Token Validation Error with JWT token -- HDInsight

I created a new storage account and provisioned an HDInsight cluster on Windows Azure. However, when I try to run any command on Windows Azure Powershell related to the cluster, I get the following error:
PS C:\> Get-AzureHDInsightCluster -Name $clusterName
Get-AzureHDInsightCluster : Request failed with code:Unauthorized
Content:<Error xmlns="http://schemas.microsoft.com/windowsazure"
xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><Code>AuthenticationFailed</Code><Message>A security token
validation error occured for the received JWT token.</Message></Error>
At line:1 char:1
+ Get-AzureHDInsightCluster -Name $clusterName
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzureHDInsightCluster], HttpLayerException
+ FullyQualifiedErrorId : Microsoft.Hadoop.Client.HttpLayerException,Microsoft.WindowsAzure.Management.HDInsight.C
mdlet.PSCmdlets.GetAzureHDInsightClusterCmdlet
I'm completely new to HDInsight, but I ran a script before this command to add the Azure account, create variables for the subscription name, storage account name, and container name from this page.
Do you know what this error means? And how to fix it? I'm trying to run a script with Pig commands after following this website.
It looks like the PowerShell environment is not properly setup. You should add your Azure subscription first with GetAzureSubscription. See: http://www.windowsazure.com/en-us/documentation/articles/install-configure-powershell/#Connect