How would I check if my credentials are already cached for a specific server using tf.exe? I am trying to do slight automation for tfs get and workspace/workfold configuration. The assumption is that most machines already have the credentials cached, but I want to be able to double check beforehand, and throw an error in powershell if they are not.
Thank you,
Derongan
Try using vaultcmd.exe e.g.:
vaultcmd /listcreds:"Windows Credentials" /all
You could run that through a Where-Object command looking for a string that matches the TFS server name.
Related
I'm new to TFS2018 and i am trying to configure CI/CD Pipeline. My Build succeeded and in my release pipeline, i need to run powershell script on my deployment server and so i used RUN PowerShell on Target Machine task. I suppose, provided all required info correctly and ran the release but got the error at this task as follows
Connecting to remote server xxx.xxx.xx.xx failed with the following error message : The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
Please find my task config captured below
I tried adding my TFS2018 server as trustedHost on target server but still issue exists. Please suggest and help.
Add the TFS server machine to TrustedHost in Target machine through powershell.
Set-Item WSMan:localhost\client\trustedhosts -value ServerDC
Ensure credentials provided in this task is of admin role and at same time they have access w.r.to TFS in this case. If provided credentials does not have TFS admin previlage, the task cannot invoke agent to trigger VisualStudioRemoteDeployer.
This is what is called the double hop problem with PowerShell, usually it means you are trying to log on to a remote machine with different credentials then the credentials your user is running under. So in your case, is $(adminUserName) the same as the agent? If not then you could try and change that user to be the same as the agent. If not, then you need to do a little more then add the machine to trustedHost. Watch this video on SPN it might help https://www.youtube.com/watch?v=yFgdPcLOs-g and here is a detailed explanation on the double hop issue https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/ps-remoting-second-hop?view=powershell-7
On Windows Server 2012 Datacenter with Microsoft Dynamics CRM 2016 installed, I want to run a deployment command but for every commands I get this error: "(500) Internal Server Error".
I first run this:
Add-PSSnapin Microsoft.Crm.PowerShell
and it will work fine and when I check it with get-pssnapin and Get-Help *Crm*, every thing is fine and every thing that I need is registered. but when I want to run a cmdlets command like these, I face the error: Get-CrmSetting or Get-CrmCertificate or ...
For example for Get-CrmSetting TraceSettings it give me this error:
How can I solve this problem and error?
Thanks
According to this article, you might want to try:
Get-CrmSetting –SettingType TraceSettings
Here are a couple more items to investigate, from this article:
To use the XRM tooling cmdlets, you need PowerShell version 3.0 or
later. To check the version, open a PowerShell window and run the
following command: $Host
Set the execution policy to run the signed PowerShell scripts. To do
so, open a PowerShell window as an administrator and run the
following command: Set-ExecutionPolicy -ExecutionPolicy AllSigned
Verify the (CRMDeploymentServiceAppPool Application Pool identity) has SQL SEVER SysAdmin permission. This is needed to perform any CRM configuration changes and organizational operations.
Note: it does not matter if the account executing the PowerShell is a system admin or SQL server sysadmin because these operations are executed via the deployment web service.
Deployment Web Service (CRMDeploymentServiceAppPool Application Pool identity)
....Sysadmin permission on the instance of SQL Server to be used for the configuration and organization databases.
....
(500) Internal Server Error, refers to a HTTP response status code. This means that the Powershell command is calling a URL and the URL is reporting a error.
You need to know the URL to really find out what the problem is. One way you can get the URL, is downloading Fiddler Classic. Once installed, you have to enable HTTPS decryption.
In my case the URL was...
https://<my-crm-domain>/XrmDeployment/2011/deployment.svc?wsdl
When I ran this URL on the server where CRM is installed, I got an exception stating...
Could not load file or assembly 'Microsoft.Crm.Application.Components.Application'
All this meant, I needed to copy a file, Microsoft.Crm.Application.Components.Application.dll, from C:\Program Files\Dynamics 365\CRMWeb\bin into folder C:\Program Files\Dynamics 365\CRMWeb\XRMDeployment\bin.
Once this was done, the URL worked and therefor my PowerShell command as well.
All the docs and help threads I can find reference connection strings with Authentication=ActiveDirectoryIntegrated to hit SQL with AAD integration. If I'm using SSMS I can also choose "Active Directory Universal" which gives a prompt if MultiFactorAuth (MFA) is required.
I want to use powershell to invoke-sqlcmd, or even sqlcmd.exe directly -- do either support an MFA flow? How else can I get commandline queries against an AAD-enabled MFA-enabled SQLAzure instance?
invoke-sqlcmd : Failed to authenticate the user NT Authority\Anonymous Logon in Active Directory
(Authentication=ActiveDirectoryIntegrated).
Error code 0xCAA2000C; state 10
AADSTS50079: The user is required to use multi-factor authentication.
Trace ID: 54f0cb31-2f0f-4137-b142-b312a6cd441b
Correlation ID: 70204904-576c-4db5-9c3b-6ccd7fe6b409
Timestamp: 2017-02-09 22:56:39Z
I've seen https://learn.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication, and everything was working fine right up until MFA either was applied, or when it realized it was time to re-auth and prompt.
If there is a way for me to cache creds so ActiveDirectoryIntegrated generally works, and I just need to re-auth and re-cache when it decides it is time to force an MFA prompt I'm also open to that.
I want to use powershell to invoke-sqlcmd, or even sqlcmd.exe directly -- do either support an MFA flow?
No. As far as I know, the SSMS is the only tool currently enabled for MFA through Active Directory Universal Authentication.( refer here)
If you have any idea or suggestion about Azure SQL database, you can submit them from here.
Beginning with version 15.0.1, sqlcmd utility and bcp utility support Active Directory Interactive authentication with MFA.
I am using Version 1.0.1 Azure PowerShell module and it seems there is some breaking changes I cannot figure out.
I have logged into Azure and the Get-AzureSubscription cmdlet returns my two accounts. However, executing Get-AzureVM's returns nothing even though the Azure Portal is properly reporting about a dozen.
What am I doing wrong?
Thanks
Run Add-AzureAccount; this will load the Azure login dialogue, allowing you to sign in.
Once done, running Get-AzureSubscription should work as you'd expect.
Sadly no helpful error's displayed to say "you're not logged in; run Add-AzureAccount to login" if the command's run without you being logged in.
If you are attempting to fetch ARM resources, please use “Get-AzureRmVM” cmdlet.
Get-AzureVM - To fetch classic instances
Get-AzureRmVM - To fetch ARM instances.
All,
I am trying to use a certificate to authenticate against azure instead of using the Azure-AddAccount. So I did the following in an administrator powershell console, i followed the instruction located at http://azure.microsoft.com/en-us/documentation/articles/install-configure-powershell/ :
Get-AzurePublishSettingsFile
This prompted me to login and download the publishsettings file. I placed the file in the same folder as the powershell console is.
Import-AzurePublishSettingsFile "D:\Dev\Powershell\azure.publishsettings"
This command doesn't return anything. I am not sure if it worked, but if I put an invalid name it blows up so I assume it works.
Get-AzureStorageAccount
I get the error "Get-AzureStorageAccount : Your credentials have expired. Please use Add-AzureAccount to log in again." At this point I thought I imported my certificate and this should work, but it doesn't. Am I missing a step? I have multiple subscriptions, maybe thats the problem?
You still need to use Add-Account in addition to importing the publish settings file. Add-Account will prompt you for the user you wish to authenicate with when running certain commands.
Add-Account utilises a different authentication mechanism to the cert-based setup with the PublishSettings File and it necessary to use both in certain scenarios (such as yours).