Isa Carotti
Tera Explorer
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
08-14-2023
05:23 AM
Introduction
The Microsoft AD Spoke enables the organizations to automate the actions to Create, delete, and manage objects in Microsoft Active Directory with low-code capability. Through the flow designer you can configure IT process and automate action on AD Spoke.
There are multiple documentations to follow to activate and configure the Microsoft AD Spoke. in addition to the official docs, my favorite documentation to understand the AD SPOKE is Spoke Installation.
A strange issue with a generic error was raised during the setup:
"PowerShell script execution failed. Script returned status 1 using account user".
Prerequisites
For a correct setup you need to:
- Verify your subscriptions. AD Spoke works with Powershell scripts, so enable IntegrationHub Professional
- Enable and/or repair the plugin "Microsoft AD Spoke" or "Microsoft Active Directory v2 Spoke".
- Ensure that MID server is configured, up and running without issues
- Verify and enable the LDAP connection from MidServer (port 389)
- Verify the Credential and Permission to connect in AD. The account requires right permissions (KB0995394,KB0995394).
LDAP connection issue and Troubleshooting
A generic error will be raised when the LDAP connection is not enabled from the MidServer:
| IPaaSActionProbe | PowerShell script execution failed. Script returned status 1 using account user PowerShell script execution failed. Script returned status 1 using account user |
How did i find the cause and the solution?
Before to start our path, remember the spoke is based on Powershell scripts defined in MidServer --> Script Files and you can change temporary the script OOTB applying additional logs following the link Write Output in Powershell. Remember to revert the scripts to the OOTB after your troubleshooting.
When ServiceNow executes the spoke the follow Powershell command runs in the MidServer:
...\powershell.exe -executionpolicy unrestricted -noninteractive -nologo -noprofile -command "& {& 'scripts\PowerShell\PSScript.ps1' -computer '<IP Address/Host>' -script '...\agent\scripts\PowerShell\ADSpoke\ActionLookupUser.ps1' -useCred $true -ismid $false -isDiscovery $true -debug $true -logInfo $false -logLevel '' -skipTest $false -executeRemote $false -processTimeout 600 -copyScriptToTarget $false; exit $LASTEXITCODE}" |
then before to execute the ps script for the specific action, the AD Spoke executes the script PSScript.ps1.
in this last script I added the trace log and I found that
The PSScript.ps1 is executed to test the credential and connection through the command
$cred = & $credTestFunc -computer $computer -user $Private:userProtected -password $Private:passwordProtected -debug $debug
then the command executes the script TestCredentialAD e.g. New-Object System.DirectoryServices.DirectoryEntry "LDAP://IP/Host", <account>, (unprotect <password>) |
I executed the same command in the MidServer
New-Object System.DirectoryServices.DirectoryEntry "LDAP://IP/Host", <account>, (unprotect <password>)
I found that the port 389 wasn't opened.
1 Comment
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
