I'm trying to create a pre-build step with powershell in one of our team projects to increment the build number for all assemblies/applications within that VS solution. This is for TFS2015-update 2.
I found some example code here and there online and have pieced together what I imagine would work. I can run the powershell script manually on the TFS server (authenticated to the server as my windows account) and it works fine, but yet it won't function correctly within the build process.
Here is the sample code in question where I keep getting my error. It has to do with authentication/connection to the TFS server:
$CollectionUrl=New-Object System.Uri("$env:SYSTEM_TEAMFOUNDATIONCOLLECTIONURI")
$BuildUrl="$env:BUILD_BUILDURI"
# get the team project collection
$TeamProjectCollection=[Microsoft.TeamFoundation.Client.TfsTeamProjectCollectionFactory]::GetTeamProjectCollection($CollectionUrl)
# get the build server
$BuildServer=$TeamProjectCollection.GetService([Microsoft.TeamFoundation.Build.Client.IBuildServer])
# get the build detail
$BuildDetail=$BuildServer.GetBuild($BuildUrl)
# get the build definition
$BuildDefinition=$BuildDetail.BuildDefinition
There error I am getting is:
Exception calling "GetService" with "1" argument(s): "TF30063: You are not authorized to access http://servername/TPCName
I have tried using both the call above to get the TPC, and the constructer for it and neither works.
$TeamProjectCollection=New-Object Microsoft.TeamFoundation.Client.TfsTeamProjectCollection($CollectionUrl)
So I started trying to build a credential object based on my login credentials to the server and see if I could connect to the TPC that way. Still doesn't work (on server or in build process), but different error:
$netCred = New-Object System.Net.NetworkCredential($username,$password)
$basicCred = New-Object Microsoft.TeamFoundation.Client.BasicAuthCredential($netCred)
$tfsCred = New-Object Microsoft.TeamFoundation.Client.TfsClientCredentials($basicCred)
# get the team project collection
$TeamProjectCollection=New-Object Microsoft.TeamFoundation.Client.TfsTeamProjectCollection($CollectionUrl, $tfsCred)
Throws the exception:
Exception calling "GetService" with "1" argument(s): "TF400324: Team Foundation services are not available from the server.
I have also tried my best at modifying TFS permissions for the windows account that TFS service runs as to make sure there were no issues there. I'm fairly certain I added it to all roles/groups that my identity was in, but still the build wouldn't authenticate.
I'm at a loss at this point. Can someone help me figure out how to connect to the TFS server correctly using defined credentials, or help me adjust what permissions the service account, identity, configuration choices, etc; needed to access the teamProjectCollection.
You need to specifically instruct TFS/VSTS to allow the executing build to call back to TFS/VSTS. This protects your server for malicious developers exiting build scripts.
You should see an "enable Auth" option in the Options Tab of your Build.
**note: You should use the Task SDK provided: https://github.com/Microsoft/vsts-task-lib
Related
I have a C# console app that I wrote that is trying to enable mail for an AD user.
using (Runspace EnableMailboxRunspace = RunspaceFactory.CreateRunspace(ConnectionInfo(ExchangeServerURI, ExchangeUser, ExchangePassword)))
{
EnableMailboxRunspace.Open();
// Create a pipeline to process the commands
using (Pipeline EnableMailboxPipeline = EnableMailboxRunspace.CreatePipeline())
This works just fine in the dev environment, but I cannot get it to run on any production server. When the CreatePipeline command is executed I get this error:
"Connecting to remote server pc799.csnt.princegeorge.ca failed with
the following error message : The WinRM client cannot process the
request. It cannot determine the content type of the HTTP response
from the destination computer. The content type is absent or invalid.
For more information, see the about_Remote_Troubleshooting Help
topic."
I have tried this running as multiple different users, including domain admins.
This app did work a few months ago, but now it doesn't work. We moved from a fully on prem system, to a hybrid M365/On prem system and something in that seems to have broke it.
On Windows Server 2012 Datacenter with Microsoft Dynamics CRM 2016 installed, I want to run a deployment command but for every commands I get this error: "(500) Internal Server Error".
I first run this:
Add-PSSnapin Microsoft.Crm.PowerShell
and it will work fine and when I check it with get-pssnapin and Get-Help *Crm*, every thing is fine and every thing that I need is registered. but when I want to run a cmdlets command like these, I face the error: Get-CrmSetting or Get-CrmCertificate or ...
For example for Get-CrmSetting TraceSettings it give me this error:
How can I solve this problem and error?
Thanks
According to this article, you might want to try:
Get-CrmSetting –SettingType TraceSettings
Here are a couple more items to investigate, from this article:
To use the XRM tooling cmdlets, you need PowerShell version 3.0 or
later. To check the version, open a PowerShell window and run the
following command: $Host
Set the execution policy to run the signed PowerShell scripts. To do
so, open a PowerShell window as an administrator and run the
following command: Set-ExecutionPolicy -ExecutionPolicy AllSigned
Verify the (CRMDeploymentServiceAppPool Application Pool identity) has SQL SEVER SysAdmin permission. This is needed to perform any CRM configuration changes and organizational operations.
Note: it does not matter if the account executing the PowerShell is a system admin or SQL server sysadmin because these operations are executed via the deployment web service.
Deployment Web Service (CRMDeploymentServiceAppPool Application Pool identity)
....Sysadmin permission on the instance of SQL Server to be used for the configuration and organization databases.
....
(500) Internal Server Error, refers to a HTTP response status code. This means that the Powershell command is calling a URL and the URL is reporting a error.
You need to know the URL to really find out what the problem is. One way you can get the URL, is downloading Fiddler Classic. Once installed, you have to enable HTTPS decryption.
In my case the URL was...
https://<my-crm-domain>/XrmDeployment/2011/deployment.svc?wsdl
When I ran this URL on the server where CRM is installed, I got an exception stating...
Could not load file or assembly 'Microsoft.Crm.Application.Components.Application'
All this meant, I needed to copy a file, Microsoft.Crm.Application.Components.Application.dll, from C:\Program Files\Dynamics 365\CRMWeb\bin into folder C:\Program Files\Dynamics 365\CRMWeb\XRMDeployment\bin.
Once this was done, the URL worked and therefor my PowerShell command as well.
I'm trying to automate the deployment of the solution my team is working on through TFS Build server. One of the steps which executes a PowerShell script on the target machine fails with the following error:
Microsoft ODBC Driver 11 for SQL Server : Login failed for user 'sa'..
The PowerShell script I'm trying to execute does in fact connect to multiple databases using the sa credentials. When I try to execute the same script passing it the exact same arguments by hand (i.e: executing the script from the target machine VM itself) it works like a charm. But when it is being executed as part of the build steps it fails with the aforementioned error.
Is there a way to further debug the issue? It would be great if there is a way to output trace statements from the script so I could have some insight on what is actually going on.
Usually all the related error should reflect in TFS build log. To narrow your issue you can try to connect to the TFS build agent with the credentials used for the build service and manually run the ps script.
If you execute the ps script with your own account, which will not help to the issue. Usually this kind of problems is related to permissions. Your build service account are lack of related permission. Try to add it to Administrator or SQL Administrator group and execute the build again.
We're using SSRS to generate database reports that publish to an internally hosted webserver. I'm then writing a PowerShell script that periodically runs and downloads the reports as PDFs.
I've gotten it to work running as an admin. But for security purposes, the automated task must run as a generic domain service account.
The code I use to download the PDF using my account is:
$webClient = New-Object System.Net.WebClient
$webClient.UseDefaultCredentials = $TRUE
$webClient.DownloadFile($ssrsURL, $filePath)
When I run this code as the service account, I get an 500 Internal Server error. I've tried replacing the second line of code with:
$webClient.Credentials = New-Object System.Net.NetworkCredential("Username", "Password", "Domain");
When I try this, I get a 401 Unauthorized error. Even though the Username / Password I put in the code is my own, and works when I log in to the webserver via IE.
The answer may be in my code, domain / local security policies, or SSRS security settings...
Some questions that might be in the right direction are:
What other means of authentication could I try in PowerShell
Does anyone know of any IIS / SSRS settings I could try altering?
What domain or local security policies are allowing "UseDefaultCredentials" to work when run under my account, but not the service account set up?
Thanks in advance for any ideas.
Finally figured it out... it had nothing to do with authenticating with SSRS. My first code snippet works fine.
The issue was in the permissions of the underlying databases. We have five reports, I suddenly noticed that the PowerShell script could download 4 of the 5 reports using the service account. Never noticed because I was always testing on the same report...
Went to the SSRS log file to see why the last one wasn't working - the service account didn't have access to the database that specific report is pulling data from. Hence the 500 error instead of a 401 error.
Following the guide and powershell script from this article,
https://www.windowsazure.com/en-us/develop/net/common-tasks/continuous-delivery/
I've run into an extremely odd error:
9/4/2012 9:02 PM - Creating New Deployment: In progress
New-AzureDeployment : There was no endpoint listening at https://management.core.windows.net/5921d8af-88a1-4f63-9673-5e1ae1df7e8a/services/storageservices/Build_2012-09-04_02-27.1/dist/LNEC_Admin.Azure.cspkg/keys that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
It's odd because we're on build "Build_2012-09-04_08-16.1", not the one mentioned in the URL above (which no longer even exists on the filesystem). This is under Jenkins CI which runs under the NETWORK SERVICE account. If I run it by hand with my own account the same error results, but with a lnecint in place of the build directory: https://management.core.windows.net/5921d8af-88a1-4f63-9673-5e1ae1df7e8a/services/storageservices/lnecint/keys
That keyword "lnecint" isn't mentioned anywhere in any config (I've searched every file on the entire machine and TFS server). It was the name of a storage account, but it's long ago been deleted.
VS 2012, Azure SDK 1.7.1
There's definitely an issue with your endpoint. Can you check what parameters you're passing to the "New-AzureDeployment" Cmdlet?