Does Get-VmsCameraReport require a Windows User Login?

[Mugen-2112]

Hello. I have PSTools installed and I am able to run Get-VmsCamera just fine, but when I run Get-VmsCameraReport I get the following error:

PS C:\Users\Bridge> Get-VmsCameraReport | Export-Csv '~\Desktop\report.csv' -NoTypeInformation Exception calling "GetConfiguration" with "1" argument(s): "The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'Basic realm="localhost"'." At C:\Program Files\WindowsPowerShell\Modules\MilestonePSTools\22.3.0\MilestonePSTools.psm1:8203 char:17

• $config = $scs.GetConfiguration((Get-VmsToken))

• 
  + CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordException
  + FullyQualifiedErrorId : MessageSecurityException

PS C:\Users\Bridge>

---

Get-VmsRecordingServer, Get-LicenseInfo and Get-VmsDeviceStatus all work just fine. Get-VmsManagementServer works, and returns version 22.2.0.2 get-module -listavailable MilestonePSTools returns 22.3.0 PSVersion is 5.1.19041.1682

I have tried this on two different Express+ 2022R2 servers. I have tried it from Powershell on the server itself, and from a separate PC. Same results in all scenarios.

It looks like there is a security feature enabled to block access to that from a less secure connection. I do not have domain controllers running on the two servers I am doing this on, so I am hoping there is a switch I can flip to enable this.

Cheers,

Brent

[joshooaj]

Hi @Mugen-2112,

You should be able to use any feature of the module with a Windows, AD, or Basic user credential. I often test Get-VmsCameraReport against the demo system our sales team uses since it has a wide variety of camera makes and models, and I use a basic user for testing that.

The error is being thrown while attempting to use a ServerCommandService WCF client instance. When using a WCF client as a basic user, it should connect to the management server using HTTPS. Specifically it should connect to https://your.mgmt.srv/ManagementServer/ServerCommandService.svc but I suspect it is trying to use HTTP instead for some reason.

What parameters are you providing to Connect-ManagementServer? What does the output of Get-LoginSettings | Select-Object Uri, IsBasicUser, IsOAuthConnection, IsOAuthIdentity look like?

Is there any difference whether you connect using Connect-ManagementServer -ShowDialog vs Connect-ManagementServer -ServerAddress http://your.mgmtsrv/ -Credential (Get-Credential) -BasicUser?

When constructing the URL for the ServerCommandService or ConfigurationApiService endpoints on the Management Server, we check if you're logged in as a basic user, and if so, the URI used the one you see in Get-LoginSettings, and we ensure to change the scheme to "https" and port to 443 if needed (port 443 is hard-coded in the module because it's hard-coded in Milestone as well).

Sometimes you can get more error details in PowerShell by doing the following - this would expand the error details for the last error...

$Error[0] | Format-List * -Force

$Error[0].Exception | Format-List * -Force

$Error[0].Exception.InnerException | Format-List * -Force

[Mugen-2112]

Josh, thanks for getting back with me so quick, and for putting me on the right track. It ended up being something to do with a dedicated user account I had setup with administrative rights for this purpose.

I went through your troubleshooting ideas, and saw no difference in Connect-ManagementServer variations. Get-LoginSettings also looked good.

But your comments made me think that maybe it might be the user account, so I tried it on an existing user that had full control, but not admin, rights, and it worked, but with two 'insufficient user rights' errors. I changed it to administrative rights, and it worked like a champ.

The first machine was local, then I tested the remote machine I connect to via VPN. I connected with an existing user with admin rights, and that worked, but for two errors which I think related to the end point security settings on that machine. I will be there on Thursday, and will look at it closer then, as I don't control the RMM on that machine.

In any event, it would seem that it was something in how I setup the new users, but there is not much to that. Create a user, add it to a group. I'll look into that more, and if I find a root cause, I will update you here.

Thanks again! I am super excited to dig into all these utilities.

Cheers,

B

[joshooaj]

Hi @Mugen-2112,

I'm finally making the rounds here and wanted to check in with you. Did you end up finding anything else worth sharing? Hopefully everything is working well!

[Mugen-2112]

Thanks for checking in, and for the reminder, Josh! Everything is working well, but I still have more messing about with PSTools I want to do. After overcoming that issue, I had to put it on the back burner for a bit. I am just starting to re-focus on that, and on a new Milestone rack server design that I have been wanting to build for awhile. I'll keep you posted. I want to incorporate PSTools into my regular server monitoring and management program, for sure.

Cheers

Brent.