Powershell Installation Scripts Fails on API Autodiscover

[ay-kay]

The Powershell installation script fails with the following error message:

Unhandled error occurred while authenticating to the CrowdStrike Falcon API. Error: A positional parameter cannot be
found that accepts argument '$null'.
At C:\Users\User\Desktop\falcon_windows_install.ps1:204 char:17
+                 throw $message
+                 ~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (Unhandled error...gument '$null'.:String) [], RuntimeException
    + FullyQualifiedErrorId : Unhandled error occurred while authenticating to the CrowdStrike Falcon API. Error: A p
   ositional parameter cannot be found that accepts argument '$null'.

I have analyzed this further and found that it has to do with autodiscover. The first HTTP request goes to https://api.crowdstrike.com/oauth2/token. If correct client_id and client_secret are sent, the server responds with a 308 Permanent Redirect to, in our case, location: https://api.eu-1.crowdstrike.com/oauth2/token. However, the script obviously cannot follow this redirect and then returns the above error message.

I can work around the problem by specifying the -FalconCloud parameter, in our case -FalconCloud eu-1. Then the initial authentication request is directed to https://api.eu-1.crowdstrike.com/oauth2/token and the script works as expected.

[carlosmmatos]

@ay-kay Looking into this today.

You already found one workaround, the other is to use v1.1.7 of the script.

example:

Invoke-WebRequest -Uri https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.1.7/powershell/install/falcon_windows_install.ps1 -OutFile falcon_windows_install.ps1