Closed icepackbv closed 4 years ago
Hello @icepackbv ,
can you please run the script with -debug -verbose and look at the output log? this might help find the issue
Thanks, Assaf
Starting to Onboard 1 accounts Skipping onboarding account into the Password Vault. Error: Source:; Message: Error Creating account object on row 1 Logoff Session... VERBOSE: Invoke-RestMethod -Uri https://qaj00322.mod.nl/passwordvault/api/auth/Logoff -Method Post -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "a pplication/json" -TimeoutSec 36000 VERBOSE: POST https://qaj00322.mod.nl/passwordvault/api/auth/Logoff with 0-byte payload VERBOSE: received 16-byte response of content type application/json; charset=utf-8 VERBOSE: Invoke-REST Response: @{LogoffUrl=}
I get the same result if line 1 includes the header line or not: (actually I get the same if I substitute -delete with -create) username,address,safe,platformID,password autodetectadmin,qxi9999.dom.nl,accountsautodetect,WindowsServerLocalAccounts08-AD-AnyName,Cyberark1
thanks for your help and time, Chris Morris
Hi @icepackbv ,
I updated the script to include more error handling for your issue could you please download it again and run again with the -debug -verbose switches?
Thanks, Assaf
Starting to Onboard 1 accounts Skipping onboarding account into the Password Vault. Error: Source:; Message: Error Creating account object on row 1 ->Source:System.Management.Automation; Message: You cannot call a method on a null-valued expression. Logoff Session... VERBOSE: Invoke-RestMethod -Uri https://qaj00322.mod.nl/passwordvault/api/auth/Logoff -Method Post -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "a pplication/json" -TimeoutSec 36000 VERBOSE: POST https://qaj00322.mod.nl/passwordvault/api/auth/Logoff with 0-byte payload VERBOSE: received 16-byte response of content type application/json; charset=utf-8 VERBOSE: Invoke-REST Response: @{LogoffUrl=}
LogoffUrl
Should the accounts.csv include a headerrow?
Having another try with additional logging to better refine the error place Could you please try again?
Thanks, Assaf
Hi Asaf,
well got a little extra info. I've added the logfile & the accounts.csv as I also got errors using -create thanks again for your help.
Op 5 augustus 2020 14:55 schreef Assaf Miron <notifications@github.com>: Having another try with additional logging to better refine the error place Could you please try again? Thanks, Assaf — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/cyberark/epv-api-scripts/issues/104#issuecomment-669176216 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AFSZMBZNRKTQ6UUDONREQ63R7FJCXANCNFSM4PVGKIEA .
Oops, closed the issue by accident, apologies that couldn't have seemed very polite. Hi Asaf,
well got a little extra info. I've added the logfile & the accounts.csv as I also got errors using -create thanks again for your help. @ Account_Onboarding_Utility.log
accounts.zip and the accounts.csv in zip file.
good morning, I've attached a new log file. command issued was -Delete yet still wants to create a safe that already exists. Does the same with -Create although the safe exists. Hope you van help ;-) does the account used to run the .ps1 need to be a member of VaultAdmins? Right now it has full access to the aforementioned - existing - safe TempAutoDetective. Account_Onboarding_Utility.log
Thanks for all the info @icepackbv I think the issue here is that in you CSV file you have a column named safeName instead of safe Please try changing that and running the script again, in the meanwhile I will think how to add logic around this in the script for future such errors
Thanks, Assaf
Hi Asaf, in the last log I sent I used the following as input: "userName","Address","safe","platformID","Password" "AutoDetectTest","qxi0221.mod.nl","TempAutoDetective","!@#$567*("
it came back with the safe error for both -Delete & -Create
Cheers, Chris
Hey @icepackbv ,
It seems that the user running the script might not have permissions to the safe you are requesting to delete an account from - the reason I say that is that when running the script I can see in the log that the safe does not exist Please verify that when logging in with the user running the script you can see the safe and the account that you want to delete I updated the script so it would not try to create the safe in the case of using Delete
I would appreciate if you can update me after you verify
Thanks, Assaf
Hi Asaf,
I hate to bring bad news but alas. I used this command: .\Accounts_Onboarding.ps1 -PVWAUrl "https://qaj00322.mod.nl/Passwordvault/" -Delete -CsvPath .\Accounts_Test.csv -CsvDelimiter Comma the results are in the attached zip fila as well as a screenshot of the authorizations on the safe for user pamdev. this is an internal cyberark user. kind regards, Chris pamdev_auth.zip
Hi @icepackbv
Please have a look at this article, maybe the issue is not in the script https://cyberark-customers.force.com/s/article/RESTAPI-URLs-to-retrieve-safes-getting-500-error
Let me know how it goes
Thanks, Assaf
will do!
Get Outlook for Androidhttps://aka.ms/ghei36
From: Assaf Miron notifications@github.com Sent: Thursday, August 6, 2020 4:39:55 PM To: cyberark/epv-api-scripts epv-api-scripts@noreply.github.com Cc: icepackbv chris.morris@icepackbv.nl; Mention mention@noreply.github.com Subject: Re: [cyberark/epv-api-scripts] Delete no longer working (#104)
Hi @icepackbvhttps://github.com/icepackbv
Please have a look at this article, maybe the issue is not in the script https://cyberark-customers.force.com/s/article/RESTAPI-URLs-to-retrieve-safes-getting-500-error
Let me know how it goes
Thanks, Assaf
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/cyberark/epv-api-scripts/issues/104#issuecomment-669969616, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AFSZMB3UUC3TL4V3OUI2Z3TR7K6DXANCNFSM4PVGKIEA.
Hi Asaf,
yes, that bit of coding is in the web.config file. I was wondering if the Get_Accounts.ps1 is responsible for actually retrieve the safe/account info? I'll try both on a line-by-line basis and see what comes back.
kind regards. Chris
Op 06-08-2020 16:39 schreef Assaf Miron <notifications@github.com>: Hi @icepackbv https://github.com/icepackbv Please have a look at this article, maybe the issue is not in the script https://cyberark-customers.force.com/s/article/RESTAPI-URLs-to-retrieve-safes-getting-500-error Let me know how it goes Thanks, Assaf — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cyberark/epv-api-scripts/issues/104#issuecomment-669969616 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AFSZMB3UUC3TL4V3OUI2Z3TR7K6DXANCNFSM4PVGKIEA .
Hello @icepackbv Any updates? Can we close this issue?
Hi Assaf,
yes, feel free to close. I've handed it over to another team to figure out why Delete does not work on our installation. If - and - when - we get a resolutuin, I'll re-open and update in case others encounter the same.
thanks for all your time.
Op 13-09-2020 16:09 schreef Assaf Miron <notifications@github.com>: Hello @icepackbv https://github.com/icepackbv Any updates? Can we close this issue? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cyberark/epv-api-scripts/issues/104#issuecomment-691676146 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AFSZMB5DLOGAA4PR6IVTPQTSFTG77ANCNFSM4PVGKIEA .
Hi there, is the -Delete option no longer working? Placing the -Delete parameter at various locations in the string, the scipt does not - attempt - to delete the account in the csv file.....
kr, Chris