I am trying to use AWS powershell to update metadata for items in my S3 bucket. I am using the script:
Set-AWSCredentials -ProfileName S3Test ;
write-S3Object -BucketName myS3bucket `
-Key Folder/Subfolder/Myfile.txt `
-Content "Myfile.txt `
-Metadata #{"x-amz-meta-custommetadata" = "TESTMEtadata"} `
-Headers #{"Content-Type" = "binary/octet-stream"} ;
I am able to run this script successfully from my own account on my computer but when I try to automate this script using a service account I am getting the error message:
write-S3Object : A WebException with status TrustFailure was thrown.
At line:1 char:1
+ write-S3Object -BucketName myS3Bucket `
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation:
(Amazon.PowerShe...eS3ObjectCmdlet:WriteS3ObjectCmdlet) [Write-S3Obje
t], InvalidOperationException
+ FullyQualifiedErrorId :
Amazon.Runtime.AmazonServiceException,Amazon.PowerShell.Cmdlets.S3.WriteS3ObjectCmdlet
From what I have found on similar issues I tried to add this line to my script:
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ;
However this results in a different error message:
write-S3Object : A WebException with status RecieveFailure was thrown.
At line:1 char:1
+ write-S3Object -BucketName myS3Bucket `
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation:
(Amazon.PowerShe...eS3ObjectCmdlet:WriteS3ObjectCmdlet) [Write-S3Obje
t], InvalidOperationException
+ FullyQualifiedErrorId :
Amazon.Runtime.AmazonServiceException,Amazon.PowerShell.Cmdlets.S3.WriteS3ObjectCmdlet
Does anyone have any idea what may be causing these problems and how I would be able to resolve them?
It seems liken a callback is run using what is defined in:
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
I'm not exactly sure what triggers it based off of what I read but the callback seems to be set on service accounts.
Try setting it to:
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = $null
Reference:
https://forrestbrazeal.com/2015/06/15/adventures-in-aws-the-worlds-scariest-stack-trace/
Check your date on the server.
I had the same error accessing AWS endpoints, but the solution was a touch simpler... I was testing a process where I set the date on the server back a couple of months, which caused the AWS connection process to throw the request out.
Related
I am trying to change all the file creation date stamp to new time. I am using below code to do that. I am running this from a VM with an admin ID which as access to all the "FILE share servers".
Am my missing nay permissions to make changes to the files?
Note: File share servers are stored in different servers and I am using my own VM which is in same domain to access those file shares.I can access them through Network path from "RUN". Not sure while access denied error is thrown.
Function Set-FileTimeStamps { Param (
[Parameter(mandatory=$true)]
[string[]]$path,
[datetime]$date = (Get-Date) )
Get-ChildItem -Path $path |
ForEach-Object {
$_.CreationTime = $date
$_.LastAccessTime = $date
$_.LastWriteTime = $date } } Set-FileTimeStamps -path \\nwst01\test$\rgadagot "07/10/19 10:10"
error:
Exception setting "CreationTime": "Access to the path
'\nwst01\test$\user \Data' is denied." Exception setting
At line:10 char:6
+ $_.CreationTime = $date
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], SetValueInvocationException
+ FullyQualifiedErrorId : ExceptionWhenSetting
Exception setting"LastAccessTime": "Access to the path '\nwst01\test$\user \Data' is
denied." At line:11 char:6
+ $_.LastAccessTime = $date
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], SetValueInvocationException
+ FullyQualifiedErrorId : ExceptionWhenSetting
Exception setting "LastWriteTime": "Access to the path
'\nwst01\test$\user \Data' is denied." At line:12 char:6
+ $_.LastWriteTime = $date }
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], SetValueInvocationException
+ FullyQualifiedErrorId : ExceptionWhenSetting
Welcome to stackoverflow.
Try to create a new file at that location (through the same script). If that fails, but you are able to create such a file otherwise, it may be a double-hop issue: Kerberos authentication prevents you from impersonating a 2nd time (even if you are logged in as a domain administrator). There is a workaround with CredSSP but maybe better look into the suggestion here: https://searchwindowsserver.techtarget.com/tutorial/How-to-avoid-the-double-hop-problem-with-PowerShell.
Trying PS command:
Set-FsrmFileGroup -Name "Anti-Ransomware File Groups" -IncludePattern #((Invoke-WebRequest -Uri "https://fsrm.experiant.ca/api/v1/combined" -UseBasicParsing).Content | ConvertFrom-Json | % {$_.filters})
Getting error:
New-FsrmFileGroup : Invalid namespace
At line:1 char:1
+ New-FsrmFileGroup -Name "Anti-Ransomware File Groups" -IncludePattern #((Invoke- ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : MetadataError: (MSFT_FSRMFileGroup:Root/Microsoft/...T_FSRMFileGroup) [New-FsrmFileGroup], CimException
+ FullyQualifiedErrorId : HRESULT 0x8004100e,New-FsrmFileGroup
I also notice some errors in FSRM:
Firewall is off and I am domain admin running this as admin. SFC and a WMI repair came back as good. I am going based off a guide (https://fsrm.experiant.ca/). This has worked across a ton of other servers so I don't believe the commands to be improperly formatted.
Output of Get-WmiObject -Namespace 'Root/Microsoft/Windows/Fsrm' -List:
Get-WmiObject : Could not get objects from namespace Root/Microsoft/Windows/Fsrm.
Invalid namespace
At line:1 char:1
+ Get-WmiObject -Namespace 'Root/Microsoft/Windows/Fsrm' -List
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : INVALID_NAMESPACE_IDENTIFIER,Microsoft.PowerShell.Commands.GetWmiObjectCommand
I am writing an automation script for Infrastructure creation in Azure which contains the following code:
Azure-LoginAndPickSubscription -azureSubscriptionId $CONFIG_AZURE["SUBSCRIPTIONID"] `
-azureUsername $CONFIG_AZURE["USERNAME"] `
-azureEncryptedPassword $CONFIG_AZURE["PASSWORD"] `
-passwordKeyFilePath "$SCRIPT_DIRECTORY\private.key"
$solutionRoot = Split-Path -Path $SCRIPT_DIRECTORY -Parent
$storContext = (New-AzureStorageContext -StorageAccountName mystorename -StorageAccountKey "mystoragekey")
Publish-AzureVMDscConfiguration "$SCRIPT_DIRECTORY\NewDSC\InitialConfig.ps1" -ContainerName "windows-powershell-dsc" -Force -StorageContext $storContext
The last line (Publish-AzureVMDscConfiguration) throws an error:
Publish-AzureVMDscConfiguration : Object reference not set to an
instance of an object. At
C:\temp\Base.Deploy\ARM.Create.ps1:38 char:5
+ Publish-AzureVMDscConfiguration "$SCRIPT_DIRECTORY\NewDSC\Initia ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Publish-AzureVMDscConfiguration], NullReferenceException
+ FullyQualifiedErrorId : System.NullReferenceException,Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.DSC.PublishAzureVMDscConfigurationCommand
I have checked the script (InitialConfig.ps1) exists, and the $storContext object is populated. Any ideas what may be causing this?
#Carl,
From your PowerShell code and error message, it seems that you used the ARM mode in your PowerShell. However, your code should use the ASM mode. I recommedn you can use Switch-AzureMode to switch your powershell mode and then run your code again. Please refer to this blog to check their difference (https://blogs.msdn.microsoft.com/powershell/2015/07/20/introducing-azure-resource-manager-cmdlets-for-azure-powershell-dsc-extension/ ). Like this
PS C:\> Switch-AzureMode -Name AzureResourceManager
PS C:\>Switch-AzureMode -Name AzureServiceManagement
Any results, please let me know.
I was trying to make a dummy diagnostics worker role using the following article
When i run the following command in step 4 :
(Get-AzureServiceAvailableExtension -ExtensionName 'PaaSDiagnostics' -ProviderNamespace 'Microsoft.Azure.Diagnostics').PublicConfigurationSchema | Out-File -Encoding utf8 -FilePath 'WadConfig.xsd'
I get the following error in azure powershell, we need the subscription in this command but not sure where.
Also, is there a place where I can find how to make a dummy diagnostics worker role.
VERBOSE: 3:32:14 PM - Begin Operation: Get-AzureServiceAvailableExtension
Get-AzureServiceAvailableExtension : No default subscription has been designated. Use Select-AzureSubscription
-Default <subscriptionName> to set the default subscription.
At line:1 char:2
+ (Get-AzureServiceAvailableExtension -ExtensionName 'PaaSDiagnostics' -ProviderNa ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureServiceAvailableExtension], ApplicationException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.Extensions.GetAzureServiceAvailableExt
ensionCommand
VERBOSE: 3:32:14 PM - Completed Operation: Get-AzureServiceAvailableExtension
Out-File : Access to the path 'C:\WadConfig.xsd' is denied.
At line:1 char:148
+ ... rationSchema | Out-File -Encoding utf8 -FilePath 'WadConfig.xsd'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], UnauthorizedAccessException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand
First add your credentials using:
add-azureaccount
Next, select desired subscription (if you have more than one) using:
Select-AzureSubscription -SubscriptionId <id>
Finally, try again.
Not sure what the eff' is wrong! I am using Powershell 2.0 on Windows 7. Had this same script working on Windows XP , am i just missing something?
$server = "server1-vm1.prod.ds.russell.com"
$name = "Superduper_Reports"
$iis = [ADSI]"IIS://$server/W3SVC/AppPools/$name"
$iis.psbase.invoke("recycle")
Error (that invoke looks okay to me?):
Exception calling "Invoke" with "2" argument(s): "Unknown error (0x80005000)"
At line:3 char:19
+ $iis.psbase.invoke <<<< ("recycle")
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
When just running $iis variable i get this error:
The following exception occurred while retrieving member "PSComputerName": "Unknown error (0x80005000)"
+ CategoryInfo : NotSpecified: (:) [format-default], ExtendedTypeSystemException
+ FullyQualifiedErrorId : CatchFromBaseGetMember,Microsoft.PowerShell.Commands.FormatDefaultCommand
Roooarr! I'd rather use ADSI over WMI! Any help? :)
I think that you can use WebAdministration module for that
Import-Module WebAdministration
Get-Command -Module WebAdministration
Get-ChildItem IIS:
You will find a lots of Cmdlets to admin IIS and a new drive IIS:
You will find on this Microsoft Web site some explanations.
This question has a WMI script which has been stated to work.
Alternatively ADSI equivalent would look something like this ...
http://geekswithblogs.net/Lance/archive/2010/12/16/powershell-ndash-recycle-all-iis-app-pools.aspx
function Recycle-AppPools {
param(
[string] $server = "3bhs001",
[int] $mode = 1, # ManagedPipelineModes: 0 = integrated, 1 = classic
)
$iis = [adsi]"IIS://$server/W3SVC/AppPools"
$iis.psbase.children | %{
$pool = [adsi]($_.psbase.path);
if ($pool.AppPoolState -eq 2 -and $pool.ManagedPipelineMode -eq $mode) {
# AppPoolStates: 1 = starting, 2 = started, 3 = stopping, 4 = stopped
$pool.psbase.invoke("recycle")
}
}
}
You can't recycle a stopped AppPool however so you need to check for that.