Authentication and access denied errors can prevent PowerShell activities from running a
command on a target host.
Use these procedures for troubleshooting authentication failures with Orchestration PowerShell
activities and when the Remote Procedure Call (RPC) server is unavailable or when access is
denied. The authentication failure error displays when all credentials, including those of the
local MID Server service account, do not have the correct permissions to run the Powershell
script/command. The same error displays when the target host is unreachable. Figure 1. Authentication error message
Authentication failure in an Active Directory activity
This example uses the Create AD Object activity to illustrate troubleshooting
authentication failure in PowerShell.
Before you begin
Role required: Permissions to access and create accounts on Active
Directory
About this task
Validate that the account you are using has the proper permissions to run the
activity.
Procedure
Log on to the target machine using the account under which you want to run the
activity.
Active Directory tools must be installed on this machine.
Launch the Active Directory Users and Computers application.
Navigate to the OU under which you want to create the Active Directory
object.
Attempt to create the object.
If this procedure is successful under the specified user, the following might
be the cause of the authentication failure:
User name is invalid.
Password entered incorrectly.
Domain controller is unreachable.
Note:
The majority of the return codes listed in the MID Server log for this error are
1s and 3s. This is
because the Active Directory activities use the ADSI provider and not
WMI or WinRM. An error code of 1 means the
account was able to connect with the test account, but running the
script failed.
An error code of 3 means that the MID
Server attempted to run the PowerShell activity under the MID Server
service account but failed.
Authentication failure in an Exchange activity
This example uses the Create Mailbox activity to illustrate troubleshooting
authentication failure in PowerShell.
Before you begin
Role required: Permissions to access and create mailboxes on the Exchange
server
Procedure
Validate that the account you are using has the proper permissions to run the
PowerShell activity.
Log on to a machine that has the Exchange Management Shell (EMS)
installed.
Create a user using the New-mailbox Exchange commandlet.
Figure 2. Creating a new user in Exchange
If this procedure is successful under the specified credential, the following
is the likely cause of the failure:
User name is invalid.
Password entered incorrectly.
Exchange server is unreachable.
If the Exchange server is unreachable, examine the MID Server logs.
Because the Exchange activities use WinRM to access the Exchange server, the
logs can provide more troubleshooting information.
Note:
Ensure that the error is
NOT WinRM cannot process the request.
Remote Procedure Call (RPC) server unavailable or access denied
Typically, this error is logged when running a PowerShell script/command that uses
WinRM or WMI.
Possible causes of error
The target host might have one of these issues:
WinRM isn’t configured.
Firewall is blocking access to the host over TCP port 135 (WMI) or HTTP/HTTPs and TCP
port 5985 (WinRM).
Kerberos issue, caused by hopping to multiple hosts using WMI.
Example WinRM error
The Create Mailbox activity from the Exchange activity pack has generated an error in the
ECC queue involving authentication using the MID Server service credential. This occurred
because the MID Server credential is the last to be used if the targeted host is not the MID
Server.Figure 3. Authentication failure error message
The MID Server log shows that the MID Server tried to run the activity under specific credentials, but wasn’t successful and received an exit code of 1.Figure 4. MID Server error code
