Hallo all,
I was reading lots of White papers regarding credentials and found also a lot of threats regarding missed credentials but I did not got an answer yet.
I want to run a simple powershell test script on a midserver.
I am using the Service now test lab / Version Kingston
The midserver is installed on a EC2 - AWS Client (Amazon Cloud) . The Service is started with a local Admin Account. I use this account to remote logon to the AWS Client.
Powershell execution policy is unrestricted.
In Service Now I see the Midserver is up and validated.
I created a powershel activity;
(the target host is the internal IP of the midserver computer)
I created an alias for the credentials :
If running "test Inputs" the raw Output is pretty empty. (No screenshot)
The Output ECC-Queue shows error : "powershell_false_use_mid_servce_account":
.....
<parameter name="credential_tag" value="AWS"/>
<parameter name="credentials_debug" value="true"/><parameter name="powershell_false_use_mid_service_account" value="false"/>
<parameter name="rba_powershell_v2" value="true"/><parameter name="probe_name" value="Windows - Powershell"/></parameters>
MidServer agent log shows error (Access Denied) :
02/06/18 16:09:09 (854) ECCSender.1 Sending ecc_queue.1382b83adb441300c0eaf11ebf961961.xml
02/06/18 16:09:28 (088) Worker-Standard:PowershellProbe Worker starting: Powershell source: 172.31.12.48
02/06/18 16:09:28 (088) Worker-Standard:PowershellProbe SEVERE *** ERROR *** Failed while executing script4617295180681968705.PS1 (Access denied)
02/06/18 16:09:28 (088) Worker-Standard:PowershellProbe Enqueuing: C:\snow\agent\work\monitors\ECCSender\output_2\ecc_queue.fb92f83adb441300c0eaf11ebf9619ed.xml
02/06/18 16:09:28 (104) Worker-Standard:PowershellProbe Worker completed: Powershell source: 172.31.12.48 time: 0:00:00.000
02/06/18 16:09:28 (104) ECCSender.1 Sending ecc_queue.fb92f83adb441300c0eaf11ebf9619ed.xml
The account credentials is in the form : Workgroup\AccountName, I tried also : Computername\AccountName
Testing the account credentials shows:
What I understand is that the connection to the midserver is correct and working. Running the script results to entries in the log of the mid server computer
What I don't understand is : Why is the authentication failed if testing the credentials directly? The account exists on the midserver and has admin privileges. The midserver service is running with this account and I can remote logon with it. Why is the execution on the MidServer Computer not accepting the configured credentials? (There is no typo error )
Also what I don't understand is the use of the credential tag . It seems this is not the error but why is the field only a string and not a reference to the alias record?
Please , does anybody had similar issues and found the solution ? DOes anybody know where to find the error or knows what it is?
Kind regards Hans-Joerg
Hi Hans-Joerg,
For the "Test Credential" returns Authentication failed, I presume you test the credentials to the target server which also has MID Server installed (The MID server was specified in the Test Credential pop up box)
ie:
In above example target server and MID server are on the same box ie: 192.168.226.130.
If that's the case, the test credential is expected to return "Authentication failed" as I remember there is a limitation in Powershell.
Powershell command "Get-WmiObject" cannot use credential against localhost. The powershell command use during test credential is something as below:
Get-WmiObject -Class Win32_ComputerSystem -ComputerName $computer -Credential $cred
When MID server pass the command to the target server (in this case the same server box as MID server on), the powershell command will return error as the command cannot run on localhost. It expects the command run to remote computer.
Regards,
Ka Meng
Hi Hans-Joerg,
For the "Test Credential" returns Authentication failed, I presume you test the credentials to the target server which also has MID Server installed (The MID server was specified in the Test Credential pop up box)
ie:
In above example target server and MID server are on the same box ie: 192.168.226.130.
If that's the case, the test credential is expected to return "Authentication failed" as I remember there is a limitation in Powershell.
Powershell command "Get-WmiObject" cannot use credential against localhost. The powershell command use during test credential is something as below:
Get-WmiObject -Class Win32_ComputerSystem -ComputerName $computer -Credential $cred
When MID server pass the command to the target server (in this case the same server box as MID server on), the powershell command will return error as the command cannot run on localhost. It expects the command run to remote computer.
Regards,
Ka Meng
Hi Kar Meng Chook
Thank you for the information.
Yes, mid-server and target server are the same computer. (Windows Server 2016)
The solution is to not use credential Information in the powershell activity .
Credential tag is empty. Then the script runs.
Kind regards Hans-Joerg
