Orchestration powershell activity returning "Access to path denied" for file creation on local host

Todor · ‎08-03-2018

Hi all,

I've created a custom PowerShell activity with a simple purpose of saving a txt file on the server, where MID server resides. I'm using the MID server credentials and I've tested the PowerShell command locally:

New-Item -path $path -Name $file -Value "$data" -ItemType file -force

Now, everytime I'm testing this from ServiceNow, I'm getting this:

{
    "hresult": "-2147024891",
    "output": "\n",
    "errorMessages": "Access to the path 'C:\\temp' is denied.Stack Trace:    at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)at Microsoft.PowerShell.Commands.FileSystemProvider.NewItem(String path, String type, Object value)\n",
    "debugMessages": null,
    "credentialDebugInfo": "2018-08-03 15:47:59 Tried credential: MID service account, status=?\r\n",
    "eccSysId": "604db84c4f3713001521e321a310c74b",
    "tags": {
        "__text__": "\n"
    }
}

Please help. Is there a specific place to save files on local host? Is it forbidden totally? I've managed to print from an activity to local printer and managed to retrieve system wmi services flawlessly - all using the MID server credentials, which are local administrator user.

Any ideas?

rajeshraya · ‎08-03-2018

This error is definitely due to lack of permissions on the local host folder path you are providing in your PowerShell activity. Please verify the account being used for Orchestration has the required permissions to create files on destination folder.

You need to have create and/or modify permissionson destination folder and its child folders.

Please let me know if you need any further help.

Todor · ‎08-06-2018

Hi rajeshraya,

The user is local admin with access to the whole HDD. It is used to run the MID server, which is installed on the same machine. I'm accessing the local host via the MID server with thia user exactly.

The PowerShell command runs flawlessly from a PowerShell console on the localhost with that same user, so I'm inclined to think it is something with the Orchestration setup.

Additionally, this same user returns result with different PowerShell commands from Orchestration, so I'm unable to get the issue. Is there some effective way to pinpoint the issue, use more logs (for example MID server logs)?

Any help will be welcome!

rajeshraya · ‎08-06-2018

I think I understood the issue. Can you please explicitly map the credentials in the add-item command?

You will need to create a powershell credential object (using the user id and password combo you have) and use the -credential parameter in the command whose value is going to be the credential object.

Please try that let me know the result.

Thanks

Rajesh

Todor · ‎08-06-2018

Hi Rajesh,

Learned some more on the PowerShell, thanks to your idea! However, I'm getting this now:

For reference, the Command looks like this now:

$Username = '.\xxxxxxxxx'
$Password = '123456'
$pass = ConvertTo-SecureString -AsPlainText $Password -Force

$SecureString = $pass
# Users you password securly
$MySecureCreds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecureString

New-Item -credential $MySecureCreds -path $path -Name $file -Value "$data" -ItemType file -force