I am getting given error when I use powershell commandlets to connect azure app -
Get-HostedService : Could not establish secure channel for SSL/TLS with authority ‘management.core.windows.net’.
here is the links I follow -
http://msdn.microsoft.com/en-us/gg271300
http://wappowershell.codeplex.com/documentation
Based on my experience there could be two problems:
The certificate you are using is not able to create a secure SSL tunnel between your computer and Windows Azure Management Portal and you get error
I have seen OS specific problems related to SSPI and SCHANEL in which the SSL tunnel could not be created.
I also think the first links you have has old info and does not help in most cases. Lets try to solve problem first which is very easy. I am writing below understanding you have Powershell Cmdlets installed in your machine:
First download the publishconfig file from your Windows Azure portal as decribed here.
Now open your Windows Powershell for Windows Azure CmdLets (In Admin Mode)
After that enter these Powershell Commands directly:
PS > Import-Subscription <include your _filename_.publishsettings here>
PS > Select-Subscription <Enter The _name_of_your_subscription which will be listed after you run above command (Note - **SubscriptionName** is needed here>
PS > Get-HostedService <This should list all of services in your subscription>
Now you can manage the subscription from Powershell Cmdlets.
If you still have problems please let me know and I will provide info on 2).
Can you please file a bug for this here: http://github.com/WindowsAzure/azure-sdk-tools
The error message back from PowerShell should be friendlier in this case.
Also, you can now use Add-AzureAccount to obtain credentials rather than having to download and import a publishsettings file
Related
I'm new to TFS2018 and i am trying to configure CI/CD Pipeline. My Build succeeded and in my release pipeline, i need to run powershell script on my deployment server and so i used RUN PowerShell on Target Machine task. I suppose, provided all required info correctly and ran the release but got the error at this task as follows
Connecting to remote server xxx.xxx.xx.xx failed with the following error message : The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
Please find my task config captured below
I tried adding my TFS2018 server as trustedHost on target server but still issue exists. Please suggest and help.
Add the TFS server machine to TrustedHost in Target machine through powershell.
Set-Item WSMan:localhost\client\trustedhosts -value ServerDC
Ensure credentials provided in this task is of admin role and at same time they have access w.r.to TFS in this case. If provided credentials does not have TFS admin previlage, the task cannot invoke agent to trigger VisualStudioRemoteDeployer.
This is what is called the double hop problem with PowerShell, usually it means you are trying to log on to a remote machine with different credentials then the credentials your user is running under. So in your case, is $(adminUserName) the same as the agent? If not then you could try and change that user to be the same as the agent. If not, then you need to do a little more then add the machine to trustedHost. Watch this video on SPN it might help https://www.youtube.com/watch?v=yFgdPcLOs-g and here is a detailed explanation on the double hop issue https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/ps-remoting-second-hop?view=powershell-7
On Windows Server 2012 Datacenter with Microsoft Dynamics CRM 2016 installed, I want to run a deployment command but for every commands I get this error: "(500) Internal Server Error".
I first run this:
Add-PSSnapin Microsoft.Crm.PowerShell
and it will work fine and when I check it with get-pssnapin and Get-Help *Crm*, every thing is fine and every thing that I need is registered. but when I want to run a cmdlets command like these, I face the error: Get-CrmSetting or Get-CrmCertificate or ...
For example for Get-CrmSetting TraceSettings it give me this error:
How can I solve this problem and error?
Thanks
According to this article, you might want to try:
Get-CrmSetting –SettingType TraceSettings
Here are a couple more items to investigate, from this article:
To use the XRM tooling cmdlets, you need PowerShell version 3.0 or
later. To check the version, open a PowerShell window and run the
following command: $Host
Set the execution policy to run the signed PowerShell scripts. To do
so, open a PowerShell window as an administrator and run the
following command: Set-ExecutionPolicy -ExecutionPolicy AllSigned
Verify the (CRMDeploymentServiceAppPool Application Pool identity) has SQL SEVER SysAdmin permission. This is needed to perform any CRM configuration changes and organizational operations.
Note: it does not matter if the account executing the PowerShell is a system admin or SQL server sysadmin because these operations are executed via the deployment web service.
Deployment Web Service (CRMDeploymentServiceAppPool Application Pool identity)
....Sysadmin permission on the instance of SQL Server to be used for the configuration and organization databases.
....
(500) Internal Server Error, refers to a HTTP response status code. This means that the Powershell command is calling a URL and the URL is reporting a error.
You need to know the URL to really find out what the problem is. One way you can get the URL, is downloading Fiddler Classic. Once installed, you have to enable HTTPS decryption.
In my case the URL was...
https://<my-crm-domain>/XrmDeployment/2011/deployment.svc?wsdl
When I ran this URL on the server where CRM is installed, I got an exception stating...
Could not load file or assembly 'Microsoft.Crm.Application.Components.Application'
All this meant, I needed to copy a file, Microsoft.Crm.Application.Components.Application.dll, from C:\Program Files\Dynamics 365\CRMWeb\bin into folder C:\Program Files\Dynamics 365\CRMWeb\XRMDeployment\bin.
Once this was done, the URL worked and therefor my PowerShell command as well.
I'm trying to automate the deployment of the solution my team is working on through TFS Build server. One of the steps which executes a PowerShell script on the target machine fails with the following error:
Microsoft ODBC Driver 11 for SQL Server : Login failed for user 'sa'..
The PowerShell script I'm trying to execute does in fact connect to multiple databases using the sa credentials. When I try to execute the same script passing it the exact same arguments by hand (i.e: executing the script from the target machine VM itself) it works like a charm. But when it is being executed as part of the build steps it fails with the aforementioned error.
Is there a way to further debug the issue? It would be great if there is a way to output trace statements from the script so I could have some insight on what is actually going on.
Usually all the related error should reflect in TFS build log. To narrow your issue you can try to connect to the TFS build agent with the credentials used for the build service and manually run the ps script.
If you execute the ps script with your own account, which will not help to the issue. Usually this kind of problems is related to permissions. Your build service account are lack of related permission. Try to add it to Administrator or SQL Administrator group and execute the build again.
All,
I am trying to use a certificate to authenticate against azure instead of using the Azure-AddAccount. So I did the following in an administrator powershell console, i followed the instruction located at http://azure.microsoft.com/en-us/documentation/articles/install-configure-powershell/ :
Get-AzurePublishSettingsFile
This prompted me to login and download the publishsettings file. I placed the file in the same folder as the powershell console is.
Import-AzurePublishSettingsFile "D:\Dev\Powershell\azure.publishsettings"
This command doesn't return anything. I am not sure if it worked, but if I put an invalid name it blows up so I assume it works.
Get-AzureStorageAccount
I get the error "Get-AzureStorageAccount : Your credentials have expired. Please use Add-AzureAccount to log in again." At this point I thought I imported my certificate and this should work, but it doesn't. Am I missing a step? I have multiple subscriptions, maybe thats the problem?
You still need to use Add-Account in addition to importing the publish settings file. Add-Account will prompt you for the user you wish to authenicate with when running certain commands.
Add-Account utilises a different authentication mechanism to the cert-based setup with the PublishSettings File and it necessary to use both in certain scenarios (such as yours).
I'm having an amazing amount of trouble starting and stopping a service on my remote server from my msbuild script.
SC.EXE and the ServiceController MSBuild task don't provide switches to allow a username/password so they won't authenticate, so I'm using RemoteService.exe from www.intelliadmin.com
-Authenticating with \xx.xx.xx.xxx
-Authentication complete
-Stopping service
-Error: Access Denied
The user account details I'm specifying are for a local admin on the server, so whats up?! I'm tearing my hair out!
Update:
OK here's a bit more background. I have an an XP machine in the office running the CI server. The build script connects a VPN to the datacentre, where I have a Server 2008 machine. Neither of them are on a domain.
Often, you can connect to the IPC$ "pseudo-share" on the machine to help establish the credentials before running commands like SC.EXE. Use a command like:
C:\> net use \\xx.xx.xx.xx\ipc$ * /user:username
The * tells it to prompt you for the password.
I've disabled UAC and now it seems to work.
If I understand your scenario correctly, it could help running the script with a domain account which is administrator on your remote machine (or better: has the right to start and stop the service).
Quick followup question - can you use the "runas" command from an MSBuild script? If so, wouldn't you be able to simply impersonate another user with runas /user:dsfsdf /password:dfdf sc.exe ... (or similiar - I haven't researched the command-line options)?