Delete no longer working

[icepackbv]

Hi there, is the -Delete option no longer working? Placing the -Delete parameter at various locations in the string, the scipt does not - attempt - to delete the account in the csv file.....

kr, Chris

[AssafMiron]

Hello @icepackbv ,

can you please run the script with -debug -verbose and look at the output log? this might help find the issue

Thanks, Assaf

[icepackbv]

Hi Asaf, thanks for reaching out. here is the result: PS Microsoft.PowerShell.Core\FileSystem::\Mod.nl\Users\C4001U03\u01i5n4\My Documents> .\Accounts_Onboarding_vAug2020.ps1 -PVWAURL "https://qaj00322.mod.nl/passwordvault" -Delete -AuthType "cyberark" -CsvPath .\accounts.csv -debug -verbose

Welcome to Accounts Onboard Utility DEBUG: Setting script to use TLS 1.2 DEBUG: Trying to validate URL: https://qaj00322.mod.nl/passwordvault VERBOSE: HEAD https://qaj00322.mod.nl/passwordvault with 0-byte payload VERBOSE: received 17-byte response of content type

Getting PVWA Credentials to start Onboarding Accounts VERBOSE: Invoke-RestMethod -Uri https://qaj00322.mod.nl/passwordvault/api/auth/cyberark/Logon -Method Post -Header -ContentType "application/json" -Body { "password": "****", "username": "pamdev" } -TimeoutSec 36000 VERBOSE: POST https://qaj00322.mod.nl/passwordvault/api/auth/cyberark/Logon with -1-byte payload VERBOSE: received 182-byte response of content type application/json; charset=utf-8 VERBOSE: Invoke-REST Response: MWFkN2RhYjUtZjNmZi00YTQ1LWI4MDAtOTA3NTZhYjk0ZDhiO0FBQThEQTNCQkM3OTJFMjQ7MDAwMDAwMDI2QzUwMDk1NEFGRjczMUE3Q0I0QzBCQTBDRTYzREU4MzdBOUQ4NzU1NTQyODUxRUQ1RkM1MjY2NEE4 MkMyODUxMDAwMDAwMDA7

Starting to Onboard 1 accounts Skipping onboarding account into the Password Vault. Error: Source:; Message: Error Creating account object on row 1 Logoff Session... VERBOSE: Invoke-RestMethod -Uri https://qaj00322.mod.nl/passwordvault/api/auth/Logoff -Method Post -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "a pplication/json" -TimeoutSec 36000 VERBOSE: POST https://qaj00322.mod.nl/passwordvault/api/auth/Logoff with 0-byte payload VERBOSE: received 16-byte response of content type application/json; charset=utf-8 VERBOSE: Invoke-REST Response: @{LogoffUrl=}

Vaulted 0 out of 1 accounts successfully.

LogoffUrl

I get the same result if line 1 includes the header line or not: (actually I get the same if I substitute -delete with -create) username,address,safe,platformID,password autodetectadmin,qxi9999.dom.nl,accountsautodetect,WindowsServerLocalAccounts08-AD-AnyName,Cyberark1

thanks for your help and time, Chris Morris

[AssafMiron]

Hi @icepackbv ,

I updated the script to include more error handling for your issue could you please download it again and run again with the -debug -verbose switches?

Thanks, Assaf

[icepackbv]

For sure, Asaf. WARNING: It is not Recommended to disable SSL verification DEBUG: Trying to validate URL: https://qaj00322.mod.nl/passwordvault VERBOSE: HEAD https://qaj00322.mod.nl/passwordvault with 0-byte payload

Getting PVWA Credentials to start Onboarding Accounts VERBOSE: Invoke-RestMethod -Uri https://qaj00322.mod.nl/passwordvault/api/auth/cyberark/Logon -Method Post -Header -ContentType "application/json" -Body { "password": "****", "username": "pamdev" } -TimeoutSec 36000 VERBOSE: POST https://qaj00322.mod.nl/passwordvault/api/auth/cyberark/Logon with -1-byte payload VERBOSE: received 182-byte response of content type application/json; charset=utf-8 VERBOSE: Invoke-REST Response: MzdmN2Q1MzUtNWRmYi00N2IxLTkwMzItYjM1OGViNWQ2ZDdlOzVBNDcyN0VCQjU1MzIyNUM7MDAwMDAwMDI0NjdFQkIxRTNDODhDQUMxN0NCNTMyODMxOUZDOTUxMzZDOEREOThDNTM5RkVDQjIwRDY3MjQ3ODQ2 MDdBM0MyMDAwMDAwMDA7

Starting to Onboard 1 accounts Skipping onboarding account into the Password Vault. Error: Source:; Message: Error Creating account object on row 1 ->Source:System.Management.Automation; Message: You cannot call a method on a null-valued expression. Logoff Session... VERBOSE: Invoke-RestMethod -Uri https://qaj00322.mod.nl/passwordvault/api/auth/Logoff -Method Post -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "a pplication/json" -TimeoutSec 36000 VERBOSE: POST https://qaj00322.mod.nl/passwordvault/api/auth/Logoff with 0-byte payload VERBOSE: received 16-byte response of content type application/json; charset=utf-8 VERBOSE: Invoke-REST Response: @{LogoffUrl=}

Vaulted 0 out of 1 accounts successfully.

LogoffUrl

Should the accounts.csv include a headerrow?

[AssafMiron]

Having another try with additional logging to better refine the error place Could you please try again?

Thanks, Assaf

[icepackbv]

Hi Asaf,

well got a little extra info. I've added the logfile & the accounts.csv as I also got errors using -create thanks again for your help.

Op 5 augustus 2020 14:55 schreef Assaf Miron <notifications@github.com>:

Having another try with additional logging to better refine the error place
Could you please try again?

Thanks,
Assaf

—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub https://github.com/cyberark/epv-api-scripts/issues/104#issuecomment-669176216 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AFSZMBZNRKTQ6UUDONREQ63R7FJCXANCNFSM4PVGKIEA .

[2020-08-05 03:15:26] [VERBOSE] Invoke-RestMethod -Uri https://qaj00322.mod.nl/passwordvault/api/auth/cyberark/Logon -Method Post -Header -ContentType "application/json" -Body { "password": "****", "username": "pamdev" } -TimeoutSec 36000 [2020-08-05 03:15:26] [VERBOSE] Invoke-REST Response: YmQ4NTBlNjUtOTU3MC00ZGMwLTljNzUtODhkZTM2OWNhNWE3OzU5NDEzMkU4MzMzQkIwQzQ7MDAwMDAwMDJCNUVCRERFNjcwMzIzRkQxODZCRTcxODE3QjY5N0VFNEVENDI0RjQ2M0Q2RUQzMzRBOUYwODJERkZGOUI1RTc0MDAwMDAwMDA7

[2020-08-05 03:15:26] [INFO] Starting to Onboard 0 accounts [2020-08-05 03:15:26] [VERBOSE] Creating the account object mapping... [2020-08-05 03:15:26] [VERBOSE] Handling Account custom properties... [2020-08-05 03:15:26] [VERBOSE] Inspecting 1 custom properties [2020-08-05 03:15:26] [VERBOSE] Handling Account secret management... [2020-08-05 03:15:26] [VERBOSE] Handling Account remote machines access... [2020-08-05 03:15:26] [INFO] Skipping onboarding account into the Password Vault. Error: Source:System.Management.Automation; Message: Cannot validate argument on parameter 'safeName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. ->Source:System.Management.Automation; Message: The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. [2020-08-05 03:15:26] [VERBOSE] Invoke-RestMethod -Uri https://qaj00322.mod.nl/passwordvault/api/auth/Logoff -Method Post -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000 [2020-08-05 03:15:26] [VERBOSE] Invoke-REST Response: @{LogoffUrl=} [2020-08-05 03:15:26] [INFO] Vaulted 0 out of 0 accounts successfully.

======================================= [2020-08-05 03:23:34] [INFO] Welcome to Accounts Onboard Utility [2020-08-05 03:23:36] [DEBUG] Trying to validate URL: https://qaj00322.mod.nl/passwordvault

[2020-08-05 03:23:37] [INFO] Getting PVWA Credentials to start Onboarding Accounts [2020-08-05 03:23:45] [VERBOSE] Invoke-RestMethod -Uri https://qaj00322.mod.nl/passwordvault/api/auth/cyberark/Logon -Method Post -Header -ContentType "application/json" -Body { "password": "****", "username": "pamdev" } -TimeoutSec 36000 [2020-08-05 03:23:45] [VERBOSE] Invoke-REST Response: ZjI3NjU1OTYtN2RiMy00YTY4LThiNmItMWUyNDEyOTlhNzdlO0NERjIxQkMwRjVFNDQ0MjI7MDAwMDAwMDJCODZFOTJGMjc1QTZCNDM1QjUxQjVGMjBFQzZDQTMwQTkxMEEyRkJGMTEwNzYwNDA1OTVCQjMxM0ZDN0M4Q0M5MDAwMDAwMDA7

[2020-08-05 03:23:46] [INFO] Starting to Onboard 0 accounts [2020-08-05 03:23:46] [VERBOSE] Creating the account object mapping... [2020-08-05 03:23:46] [VERBOSE] Handling Account custom properties... [2020-08-05 03:23:46] [VERBOSE] Inspecting 2 custom properties [2020-08-05 03:23:46] [VERBOSE] Handling Account secret management... [2020-08-05 03:23:46] [VERBOSE] Handling Account remote machines access... [2020-08-05 03:23:46] [INFO] Skipping onboarding account into the Password Vault. Error: Source:System.Management.Automation; Message: Cannot validate argument on parameter 'safeName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. ->Source:System.Management.Automation; Message: The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. [2020-08-05 03:23:46] [VERBOSE] Invoke-RestMethod -Uri https://qaj00322.mod.nl/passwordvault/api/auth/Logoff -Method Post -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000 [2020-08-05 03:23:46] [VERBOSE] Invoke-REST Response: @{LogoffUrl=} [2020-08-05 03:23:46] [INFO] Vaulted 0 out of 0 accounts successfully.

[icepackbv]

Oops, closed the issue by accident, apologies that couldn't have seemed very polite. Hi Asaf,

well got a little extra info. I've added the logfile & the accounts.csv as I also got errors using -create thanks again for your help. @ Account_Onboarding_Utility.log

[icepackbv]

accounts.zip and the accounts.csv in zip file.

[icepackbv]

good morning, I've attached a new log file. command issued was -Delete yet still wants to create a safe that already exists. Does the same with -Create although the safe exists. Hope you van help ;-) does the account used to run the .ps1 need to be a member of VaultAdmins? Right now it has full access to the aforementioned - existing - safe TempAutoDetective. Account_Onboarding_Utility.log

[AssafMiron]

Thanks for all the info @icepackbv I think the issue here is that in you CSV file you have a column named safeName instead of safe Please try changing that and running the script again, in the meanwhile I will think how to add logic around this in the script for future such errors

Thanks, Assaf

[icepackbv]

Hi Asaf, in the last log I sent I used the following as input: "userName","Address","safe","platformID","Password" "AutoDetectTest","qxi0221.mod.nl","TempAutoDetective","!@#$567*("

it came back with the safe error for both -Delete & -Create

Cheers, Chris

[AssafMiron]

Hey @icepackbv ,

It seems that the user running the script might not have permissions to the safe you are requesting to delete an account from - the reason I say that is that when running the script I can see in the log that the safe does not exist Please verify that when logging in with the user running the script you can see the safe and the account that you want to delete I updated the script so it would not try to create the safe in the case of using Delete

I would appreciate if you can update me after you verify

Thanks, Assaf

[icepackbv]

Hi Asaf,

I hate to bring bad news but alas. I used this command: .\Accounts_Onboarding.ps1 -PVWAUrl "https://qaj00322.mod.nl/Passwordvault/" -Delete -CsvPath .\Accounts_Test.csv -CsvDelimiter Comma the results are in the attached zip fila as well as a screenshot of the authorizations on the safe for user pamdev. this is an internal cyberark user. kind regards, Chris pamdev_auth.zip

[AssafMiron]

Hi @icepackbv

Please have a look at this article, maybe the issue is not in the script https://cyberark-customers.force.com/s/article/RESTAPI-URLs-to-retrieve-safes-getting-500-error

Let me know how it goes

Thanks, Assaf

[icepackbv]

will do!

Get Outlook for Androidhttps://aka.ms/ghei36

---

From: Assaf Miron notifications@github.com Sent: Thursday, August 6, 2020 4:39:55 PM To: cyberark/epv-api-scripts epv-api-scripts@noreply.github.com Cc: icepackbv chris.morris@icepackbv.nl; Mention mention@noreply.github.com Subject: Re: [cyberark/epv-api-scripts] Delete no longer working (#104)

Hi @icepackbvhttps://github.com/icepackbv

Please have a look at this article, maybe the issue is not in the script https://cyberark-customers.force.com/s/article/RESTAPI-URLs-to-retrieve-safes-getting-500-error

Let me know how it goes

Thanks, Assaf

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/cyberark/epv-api-scripts/issues/104#issuecomment-669969616, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AFSZMB3UUC3TL4V3OUI2Z3TR7K6DXANCNFSM4PVGKIEA.

[icepackbv]

Hi Asaf,

yes, that bit of coding is in the web.config file. I was wondering if the Get_Accounts.ps1 is responsible for actually retrieve the safe/account info? I'll try both on a line-by-line basis and see what comes back.

kind regards. Chris

Op 06-08-2020 16:39 schreef Assaf Miron <notifications@github.com>:

Hi @icepackbv https://github.com/icepackbv

Please have a look at this article, maybe the issue is not in the script
https://cyberark-customers.force.com/s/article/RESTAPI-URLs-to-retrieve-safes-getting-500-error

Let me know how it goes

Thanks,
Assaf

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/cyberark/epv-api-scripts/issues/104#issuecomment-669969616 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AFSZMB3UUC3TL4V3OUI2Z3TR7K6DXANCNFSM4PVGKIEA .

[AssafMiron]

Hello @icepackbv Any updates? Can we close this issue?

[icepackbv]

Hi Assaf,

yes, feel free to close. I've handed it over to another team to figure out why Delete does not work on our installation. If - and - when - we get a resolutuin, I'll re-open and update in case others encounter the same.

thanks for all your time.

Op 13-09-2020 16:09 schreef Assaf Miron <notifications@github.com>:

Hello @icepackbv https://github.com/icepackbv
Any updates?
Can we close this issue?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/cyberark/epv-api-scripts/issues/104#issuecomment-691676146 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AFSZMB5DLOGAA4PR6IVTPQTSFTG77ANCNFSM4PVGKIEA .