Custom Powershell Credential Error

ddrelincourt
Kilo Contributor

‎10-10-2017 08:40 PM

I'm trying to run a custom powershell activity against a domain controller from the Mid server as part of a requested item workflow. However, each time I run it, I receive credential errors.

The credentials appear to be fine & I can run the commands successfully against the domain controller from the Mid server directly via powershell.

I'm setting the scratchpad variables via a script & then running the powershell activity.

The powershell command is:

find_real_file.png

The ECC error is:

find_real_file.png

The RITM workflow context is:

find_real_file.png

I'm obviously missing something here... Just not sure what it is?

Labels:
Preview file
117 KB
Preview file
22 KB
Preview file
61 KB
0 Helpfuls
  • 2,199 Views
9 REPLIES 9

benly
ServiceNow Employee
ServiceNow Employee

‎10-10-2017 08:59 PM

Hi Dean,



One thing to check would be that the Windows account running the MID Server Service also has administrator access to the target DC, as this can cause issues if it doesn't. Check that and let me know how it goes.



Cheers,


Ben


0 Helpfuls

ddrelincourt
Kilo Contributor
In response to benly

‎10-10-2017 09:43 PM

Thanks Ben,



The Mid Server Service is already running with an account that has full access.



Do the variables look like they should be passed correctly?



Cheers



Dean


0 Helpfuls

VivekSattanatha
Mega Sage
Mega Sage
In response to ddrelincourt

‎10-11-2017 12:07 AM

Hi Dean,



You said your MID server service account is having the capability to create a user in the AD. In that scenario create your custom activity like below



- Target host - MID Server IP address (Not domain controller IP)


- Powershell command (Not MID Server Powershell script) - New-ADUSer -givename $firstname -surname $lastname -samaccountname $username -userprinicipalname $username



In my opinion, For the first time, you can hardcode the values instead of passing variables. Let me know if the above didn't work.



Regards,


Vivek


0 Helpfuls

terrywang
ServiceNow Employee
ServiceNow Employee

‎10-10-2017 10:01 PM

Hi Dean,



When activity runs, MID server will test the credential against "target host" first before running the script block.



The error is very likely a result of failed credential test.



==



The credential test will do a WMI query to "target host".


Thus the error indicates the credential does not have permission to do WMI query on remote host.



==



There is a workaround to this. You can create powershell variable: credType with value AD


With this variable, the MID server will not test WMI query, but will do an AD query to target host.


The limitation is that the target host must be a domain controller that is running domain service on port 389.



All the Out of the box AD Orchestration Activities have this variable.



==



Let me know if this answers your question.



Kind Regards,



Terry


0 Helpfuls