User credentials cannot be used for local connections

brandonwilson
Giga Contributor

‎05-16-2016 08:02 AM

I am new to ITOM and I wanted to create a simple PowerShell script using the PowerShell activity to remove a user from a group. Since for some reason there is an activity built to add a user to a group, but none to remove a user. The script is below:

Remove-ADGroupMember -Identity "Share" -Members "tuser1" -confirm:$false -credential $cred

Where $cred uses the credential table for user information. When I run the workflow, I get the following error:   "User credentials cannot be used for local connections". Maybe I do not understand how SN carries out the script, if it is conducted via a remote script or something else. If I don't use the credential table and use the mid server service user, it works fine, in the dev instance, since the dev user has privileges for this, the prod user does not.

I have tried to use Set-ExecutionPolicy Bypass -force   to bypass this but still not luck. There is no documentation advising what is the best practice way of doing this or how SN carries out this task. I have a lot of orchestration stuff coming down the pipeline soon, so I will need to figure this out as soon as possible to create documentation on the best way to do this.

I few key points that are still up in the air:

  1. How does SN carry about PowerShell?
  2. What should the MID Server Services user be (should it be a domain admin or just have the privileges needed to carry out tasks)?
  3. How is the credentials from the credential table passed to the MID server?
0 Helpfuls
  • 7,693 Views
20 REPLIES 20

Steven Parker
Giga Sage

‎07-17-2018 12:56 PM

We have a similiar issue

 

Just upgraded our DEV to Kingston and a custom PowerShell activity that works perfectly fine in Jakarta, does not work in Kingston.  I can use test inputs and it works in PROD Jakarta, but not in DEV Kingston.

 

It's a simple activity that just converts a date to a windows time format...simple.

 

find_real_file.png

 

and we get some crazy error back about Credentials when nothing has changed there and the same activity with the same test input works fine in PROD Jakarta.

Here is the error in Kingston:

find_real_file.png

 


Please mark this response as correct and/or helpful if it assisted you with your question.
Steven
Preview file
77 KB
Preview file
54 KB
0 Helpfuls

Mike225
Tera Expert

‎01-11-2019 10:30 AM

Same issue, not holding my breath for an answer.

0 Helpfuls

Steven Parker
Giga Sage
In response to Mike225

‎01-11-2019 11:04 AM

We were able to resolve this issue by checking the box that says "Use MID Service Account".  


Please mark this response as correct and/or helpful if it assisted you with your question.
Steven
0 Helpfuls

Mike225
Tera Expert
In response to Steven Parker

‎01-11-2019 01:45 PM

Where is this checkbox?

0 Helpfuls

Steven Parker
Giga Sage
In response to Mike225

‎01-11-2019 01:51 PM

On the Execution Tab of the Custom Activity

find_real_file.png


Please mark this response as correct and/or helpful if it assisted you with your question.
Steven
Preview file
54 KB
0 Helpfuls