AOU - Issue when updating multiple properties

[NathTheDude-zz]

Whilst test updating accounts using the AOU script the values for some FC's are not getting updated as expected.

For testing purposes these headers were used in the csv and the values for the three 'ExtraPassXSafe' values were changed:

name,safe,ExtraPass1Safe,ExtraPass2Safe,ExtraPass3Safe

When running the script for the first time only the value for the 'ExtraPass3Safe' was updated, running the script for the second time only updated the value for the 'ExtraPass2Safe' and running it for the 3rd time then updates the value for the 'ExtraPass1Safe'. Using -verbose and -debug for each time the script was ran here is the output:

1st time running:

VERBOSE: Updating Account Property @{ExtraPass1Folder=root; ExtraPass1Name=Operating System-_LogonAccounts-10.10.10.222-Logon001; ExtraPass1Safe=002; ExtraPass2Folder=root; ExtraPass2Name=Operating System-_EnableAccounts-10.10.10.222-enable001; ExtraPass2Safe=002; ExtraPass3Folder=root; ExtraPass3Name=Operating System-_ReconcileAccounts-10.10.10.222-reconcile005; ExtraPass3Safe=002} value from: '002' to: '001' VERBOSE: Inspecting Account Property ExtraPass2Folder VERBOSE: Inspecting Account Property ExtraPass2Name VERBOSE: Inspecting Account Property ExtraPass2Safe VERBOSE: Updating Account Property @{ExtraPass1Folder=root; ExtraPass1Name=Operating System-_LogonAccounts-10.10.10.222-Logon001; ExtraPass1Safe=002; ExtraPass2Folder=root; ExtraPass2Name=Operating System-_EnableAccounts-10.10.10.222-enable001; ExtraPass2Safe=002; ExtraPass3Folder=root; ExtraPass3Name=Operating System-_ReconcileAccounts-10.10.10.222-reconcile005; ExtraPass3Safe=002} value from: '002' to: '001' VERBOSE: Inspecting Account Property ExtraPass3Folder VERBOSE: Inspecting Account Property ExtraPass3Name VERBOSE: Inspecting Account Property ExtraPass3Safe VERBOSE: Updating Account Property @{ExtraPass1Folder=root; ExtraPass1Name=Operating System-_LogonAccounts-10.10.10.222-Logon001; ExtraPass1Safe=002; ExtraPass2Folder=root; ExtraPass2Name=Operating System-_EnableAccounts-10.10.10.222-enable001; ExtraPass2Safe=002; ExtraPass3Folder=root; ExtraPass3Name=Operating System-_ReconcileAccounts-10.10.10.222-reconcile005; ExtraPass3Safe=002} value from: '002' to: '001'

2nd time running:

VERBOSE: Updating Account Property @{ExtraPass1Folder=root; ExtraPass1Name=Operating System-_LogonAccounts-10.10.10.222-Logon001; ExtraPass1Safe=002; ExtraPass2Folder=root; ExtraPass2Name=Operating System-_EnableAccounts-10.10.10.222-enable001; ExtraPass2Safe=002; ExtraPass3Folder=root; ExtraPass3Name=Operating System-_ReconcileAccounts-10.10.10.222-reconcile005; ExtraPass3Safe=001} value from: '002' to: '001' VERBOSE: Inspecting Account Property ExtraPass2Folder VERBOSE: Inspecting Account Property ExtraPass2Name VERBOSE: Inspecting Account Property ExtraPass2Safe VERBOSE: Updating Account Property @{ExtraPass1Folder=root; ExtraPass1Name=Operating System-_LogonAccounts-10.10.10.222-Logon001; ExtraPass1Safe=002; ExtraPass2Folder=root; ExtraPass2Name=Operating System-_EnableAccounts-10.10.10.222-enable001; ExtraPass2Safe=002; ExtraPass3Folder=root; ExtraPass3Name=Operating System-_ReconcileAccounts-10.10.10.222-reconcile005; ExtraPass3Safe=001} value from: '002' to: '001'

Last time running

VERBOSE: Updating Account Property @{ExtraPass1Folder=root; ExtraPass1Name=Operating System-_LogonAccounts-10.10.10.222-Logon001; ExtraPass1Safe=002; ExtraPass2Folder=root; ExtraPass2Name=Operating System-_EnableAccounts-10.10.10.222-enable001; ExtraPass2Safe=001; ExtraPass3Folder=root; ExtraPass3Name=Operating System-_ReconcileAccounts-10.10.10.222-reconcile005; ExtraPass3Safe=001} value from: '002' to: '001'

A similar experience is seen when running the script against a csv that has all nine ExtraPass properties, the script has to be run several times in order to make all the required changes.

No errors are seen when running the script, perhaps an optional validation could be added at the end of the script to confirm if all the properties have been changed as per the csv?

Thanks

[AssafMiron]

Hey,

I did a recent change related to update switch and still not merged to main Can you maybe test the script in the DebugWIP branch to see if it solves this issue as well?

Thanks, Assaf

On Sat, Oct 3, 2020, 02:34 NathTheDude notifications@github.com wrote:

Whilst test updating accounts using the AOU script the values for some FC's are not getting updated as expected. For testing purposes these headers were used in the csv and the values for the three 'ExtraPassXSafe' values were changed: name,safe,ExtraPass1Safe,ExtraPass2Safe,ExtraPass3Safe

When running the script for the first time only the value for the 'ExtraPass3Safe' was updated, running the script for the second time only updated the value for the 'ExtraPass2Safe' and running it for the 3rd time then updates the value for the 'ExtraPass1Safe'. Using -verbose and -debug for each time the script was ran here is the output:

1st time running:

VERBOSE: Updating Account Property @{ExtraPass1Folder=root; ExtraPass1Name=Operating System-_LogonAccounts-10.10.10.222-Logon001; ExtraPass1Safe=002; ExtraPass2Folder=root; ExtraPass2Name=Operating System-_EnableAccounts-10.10.10.222-enable001; ExtraPass2Safe=002; ExtraPass3Folder=root; ExtraPass3Name=Operating System-_ReconcileAccounts-10.10.10.222-reconcile005; ExtraPass3Safe=002} value from: '002' to: '001' VERBOSE: Inspecting Account Property ExtraPass2Folder VERBOSE: Inspecting Account Property ExtraPass2Name VERBOSE: Inspecting Account Property ExtraPass2Safe VERBOSE: Updating Account Property @{ExtraPass1Folder=root; ExtraPass1Name=Operating System-_LogonAccounts-10.10.10.222-Logon001; ExtraPass1Safe=002; ExtraPass2Folder=root; ExtraPass2Name=Operating System-_EnableAccounts-10.10.10.222-enable001; ExtraPass2Safe=002; ExtraPass3Folder=root; ExtraPass3Name=Operating System-_ReconcileAccounts-10.10.10.222-reconcile005; ExtraPass3Safe=002} value from: '002' to: '001' VERBOSE: Inspecting Account Property ExtraPass3Folder VERBOSE: Inspecting Account Property ExtraPass3Name VERBOSE: Inspecting Account Property ExtraPass3Safe VERBOSE: Updating Account Property @{ExtraPass1Folder=root; ExtraPass1Name=Operating System-_LogonAccounts-10.10.10.222-Logon001; ExtraPass1Safe=002; ExtraPass2Folder=root; ExtraPass2Name=Operating System-_EnableAccounts-10.10.10.222-enable001; ExtraPass2Safe=002; ExtraPass3Folder=root; ExtraPass3Name=Operating System-_ReconcileAccounts-10.10.10.222-reconcile005; ExtraPass3Safe=002} value from: '002' to: '001'

2nd time running:

VERBOSE: Updating Account Property @{ExtraPass1Folder=root; ExtraPass1Name=Operating System-_LogonAccounts-10.10.10.222-Logon001; ExtraPass1Safe=002; ExtraPass2Folder=root; ExtraPass2Name=Operating System-_EnableAccounts-10.10.10.222-enable001; ExtraPass2Safe=002; ExtraPass3Folder=root; ExtraPass3Name=Operating System-_ReconcileAccounts-10.10.10.222-reconcile005; ExtraPass3Safe=001} value from: '002' to: '001' VERBOSE: Inspecting Account Property ExtraPass2Folder VERBOSE: Inspecting Account Property ExtraPass2Name VERBOSE: Inspecting Account Property ExtraPass2Safe VERBOSE: Updating Account Property @{ExtraPass1Folder=root; ExtraPass1Name=Operating System-_LogonAccounts-10.10.10.222-Logon001; ExtraPass1Safe=002; ExtraPass2Folder=root; ExtraPass2Name=Operating System-_EnableAccounts-10.10.10.222-enable001; ExtraPass2Safe=002; ExtraPass3Folder=root; ExtraPass3Name=Operating System-_ReconcileAccounts-10.10.10.222-reconcile005; ExtraPass3Safe=001} value from: '002' to: '001'

Last time running

VERBOSE: Updating Account Property @{ExtraPass1Folder=root; ExtraPass1Name=Operating System-_LogonAccounts-10.10.10.222-Logon001; ExtraPass1Safe=002; ExtraPass2Folder=root; ExtraPass2Name=Operating System-_EnableAccounts-10.10.10.222-enable001; ExtraPass2Safe=001; ExtraPass3Folder=root; ExtraPass3Name=Operating System-_ReconcileAccounts-10.10.10.222-reconcile005; ExtraPass3Safe=001} value from: '002' to: '001'

A similar experience is seen when running the script against a csv that has all nine ExtraPass properties, the script has to be run several times in order to make all the required changes.

No errors are seen when running the script, perhaps an optional validation could be added at the end of the script to confirm if all the properties have been changed as per the csv?

Thanks

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/cyberark/epv-api-scripts/issues/138, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC3PN3L3T2AF2STZX5A5QM3SIZPQFANCNFSM4SCIFEHA .

[NathTheDude-zz]

Hey Assaf,

I re-downloaded the latest AOU from the master and the WIP just to make sure I was not mixing any scripts up whilst testing.

Using the AOU from master I get the issue as described previously, when using the WIP version it is expecting there to be more headers from the csv and seems to be expecting the 'remotemachines'.

Error Message: {"ErrorCode":"CAWS00001E","ErrorMessage":"PASWS166E Parameter [remoteMachines] must be specified with par ameter [accessRestrictedToRemoteMachines]."} Exception Message: The remote server returned an error: (400) Bad Request. Status Code: 400 Status Description: Bad Request

Cheers

Nathan

[AssafMiron]

Hey @NathTheDude ,

What "more headers from the csv" is the DebugWIP version expecting? I updated the DebugWIP branch with another fix for the remoteMachines error that I think would solve this issue in order to close this off and merge to main, I would like to better understand if I'm missing anything on the headers side taht you described

Thanks, Assaf

[NathTheDude-zz]

Thanks,

just tested again with the latest version from the WIP branch, I get the same error:

Starting to Onboard 1 accounts Safe 001 exists Account @ exist Error Message: {"ErrorCode":"CAWS00001E","ErrorMessage":"PASWS166E Parameter [remoteMachines] must be specified with par ameter [accessRestrictedToRemoteMachines]."} Exception Message: The remote server returned an error: (400) Bad Request. Status Code: 400

[NathTheDude-zz]

When I mentioned the headers, I was just referring to the two mentioned in the error.

[AssafMiron]

Hey,

Can you maybe share the debug logs for this It looks like from the message that the cdc was not read properly (there is no user name or address in the message) Are you using Create or Update switch?

Thanks, Assaf

On Mon, Oct 5, 2020, 19:40 NathTheDude notifications@github.com wrote:

When I mentioned the headers, I was just referring to the two mentioned in the error.

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/cyberark/epv-api-scripts/issues/138#issuecomment-703749455, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC3PN3PZGXZCXAXB3LMP2ZDSJHZHVANCNFSM4SCIFEHA .

[NathTheDude-zz]

Hey,

I just did a couple of tests again on this:

• No errors but was seeing using the AOU from master on the 3rd Oct, except the original issue I mentioned where only one FC is being updated on each rest call.

• What look's like the same issue is seen in: -- AOU from WIP on the 3rd Oct -- AOU from WIP on the 5th of Oct -- AOU from Master on the 5th Oct

this is the debug from running the AOU from the master on the 5th:

[2020-10-06 09:38:12] [INFO] Starting to Onboard 1 accounts [2020-10-06 09:38:12] [DEBUG] Returning URL Encode of 001 [2020-10-06 09:38:13] [VERBOSE] Invoke-RestMethod -Uri https://116-comp001.south.local/passwordvault//WebServices/PIMServices.svc/Safes/001 -Method Get -Header System.Collections.Generic.Dictionary2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000 [2020-10-06 09:38:13] [VERBOSE] Invoke-REST Response: @{GetSafeResult=} [2020-10-06 09:38:13] [INFO] Safe 001 exists [2020-10-06 09:38:13] [DEBUG] Returning URL Encode of 001 [2020-10-06 09:38:14] [VERBOSE] Invoke-RestMethod -Uri https://116-comp001.south.local/passwordvault//api/Accounts?filter=safename eq 001&search= -Method Get -Header System.Collections.Generic.Dictionary2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000 [2020-10-06 09:38:14] [VERBOSE] Invoke-REST Response: @{value=System.Object[]; count=1} [2020-10-06 09:38:14] [DEBUG] Found 1 accounts, filtering based on account properties... [2020-10-06 09:38:15] [INFO] Account @ exist [2020-10-06 09:38:15] [DEBUG] Returning URL Encode of 001 [2020-10-06 09:38:15] [VERBOSE] Invoke-RestMethod -Uri https://116-comp001.south.local/passwordvault//api/Accounts?filter=safename eq 001&search= -Method Get -Header System.Collections.Generic.Dictionary2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000 [2020-10-06 09:38:15] [VERBOSE] Invoke-REST Response: @{value=System.Object[]; count=1} [2020-10-06 09:38:15] [DEBUG] Found 1 accounts, filtering based on account properties... [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property categoryModificationTime [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property id [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property name [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property address [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property userName [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property platformId [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property safeName [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property secretType [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property platformAccountProperties [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property ExtraPass1Folder [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property ExtraPass1Name [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property ExtraPass1Safe [2020-10-06 09:38:16] [VERBOSE] Updating Account Property @{ExtraPass1Folder=root; ExtraPass1Name=Operating System-_LogonAccounts-10.10.10.222-Logon001; ExtraPass1Safe=002; ExtraPass2Folder=root; ExtraPass2Name=Operating System-_EnableAccounts-10.10.10.222-enable010; ExtraPass2Safe=002; ExtraPass3Folder=root; ExtraPass3Name=Operating System-_ReconcileAccounts-10.10.10.222-reconcile010; ExtraPass3Safe=001} value from: '002' to: '001' [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property ExtraPass2Folder [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property ExtraPass2Name [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property ExtraPass2Safe [2020-10-06 09:38:16] [VERBOSE] Updating Account Property @{ExtraPass1Folder=root; ExtraPass1Name=Operating System-_LogonAccounts-10.10.10.222-Logon001; ExtraPass1Safe=002; ExtraPass2Folder=root; ExtraPass2Name=Operating System-_EnableAccounts-10.10.10.222-enable010; ExtraPass2Safe=002; ExtraPass3Folder=root; ExtraPass3Name=Operating System-_ReconcileAccounts-10.10.10.222-reconcile010; ExtraPass3Safe=001} value from: '002' to: '001' [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property ExtraPass3Folder [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property ExtraPass3Name [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property ExtraPass3Safe [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property secretManagement [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property automaticManagementEnabled [2020-10-06 09:38:16] [VERBOSE] Updating Account Property @{automaticManagementEnabled=True; lastModifiedTime=1601680722} value from: 'True' to: 'False' [2020-10-06 09:38:16] [VERBOSE] Since Account Automatic management is off, adding the Manual management reason [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property lastModifiedTime [2020-10-06 09:38:16] [VERBOSE] Inspecting Account Property createdTime [2020-10-06 09:38:16] [VERBOSE] Updating Account Remote Machine Access Properties remoteMachines value to: '' [2020-10-06 09:38:16] [VERBOSE] Updating Account Remote Machine Access Properties accessRestrictedToRemoteMachines value to: '' [2020-10-06 09:38:16] [VERBOSE] Invoke-RestMethod -Uri https://116-comp001.south.local/passwordvault//api/Accounts/41_3 -Method PATCH -Header System.Collections.Generic.Dictionary2[System.String,System.String] -ContentType "application/json" -Body [{"op":"replace","path":"/platformAccountProperties/ExtraPass1Safe","value":"001"},{"op":"replace","path":"/platformAccountProperties/ExtraPass2Safe","value":"001"},{"op":"replace","path":"/secretManagement/automaticManagementEnabled","value":false},{"op":"add","path":"/secretManagement/manualManagementReason","value":"[No Reason]"},{"op":"remove","path":"/remoteMachinesAccess/remoteMachines","value":null},{"op":"remove","path":"/remoteMachinesAccess/accessRestrictedToRemoteMachines","value":null}] -TimeoutSec 36000 [2020-10-06 09:38:16] [ERROR] Error Message: {"ErrorCode":"CAWS00001E","ErrorMessage":"PASWS166E Parameter [remoteMachines] must be specified with parameter [accessRestrictedToRemoteMachines]."} [2020-10-06 09:38:16] [ERROR] Exception Message: The remote server returned an error: (400) Bad Request. [2020-10-06 09:38:16] [ERROR] Status Code: 400 [2020-10-06 09:38:16] [ERROR] Status Description: Bad Request [2020-10-06 09:38:16] [VERBOSE] Invoke-REST Response: [2020-10-06 09:38:16] [VERBOSE] Invoke-RestMethod -Uri https://116-comp001.south.local/passwordvault//api/auth/Logoff -Method Post -Header System.Collections.Generic.Dictionary2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000 [2020-10-06 09:38:16] [VERBOSE] Invoke-REST Response: @{LogoffUrl=} [2020-10-06 09:38:16] [INFO] Vaulted 0 out of 1 accounts successfully.`

[NathTheDude-zz]

I used '-update' on all of the tests

[AssafMiron]

Thanks for the update I gave it another try (and fixed an issue with one of the Verbose logs) Pushed an update to the Debug Branch Let me know if that works

Thanks, Assaf

On Tue, Oct 6, 2020 at 11:42 AM NathTheDude notifications@github.com wrote:

I used '-update' on all of the tests

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/cyberark/epv-api-scripts/issues/138#issuecomment-704123080, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC3PN3J4RW3GJM5V2F4OZ3LSJLKATANCNFSM4SCIFEHA .

[NathTheDude-zz]

Hey,

got a new error:

VERBOSE: Inspecting Account Property categoryModificationTime VERBOSE: Inspecting Account Property id VERBOSE: Inspecting Account Property name VERBOSE: Inspecting Account Property address VERBOSE: Inspecting Account Property userName VERBOSE: Inspecting Account Property platformId VERBOSE: Inspecting Account Property safeName VERBOSE: Inspecting Account Property secretType VERBOSE: Inspecting Account Property platformAccountProperties VERBOSE: Inspecting Account Property ExtraPass1Folder VERBOSE: Inspecting Account Property ExtraPass1Name VERBOSE: Inspecting Account Property ExtraPass1Safe VERBOSE: Updating Account Property 002 value from: '002' to: '001' VERBOSE: Inspecting Account Property ExtraPass2Folder VERBOSE: Inspecting Account Property ExtraPass2Name VERBOSE: Inspecting Account Property ExtraPass2Safe VERBOSE: Updating Account Property 002 value from: '002' to: '001' VERBOSE: Inspecting Account Property ExtraPass3Folder VERBOSE: Inspecting Account Property ExtraPass3Name VERBOSE: Inspecting Account Property ExtraPass3Safe VERBOSE: Inspecting Account Property secretManagement VERBOSE: Inspecting Account Property automaticManagementEnabled VERBOSE: Updating Account Property True value from: 'True' to: 'False' VERBOSE: Since Account Automatic management is off, adding the Manual management reason VERBOSE: Inspecting Account Property lastModifiedTime VERBOSE: Inspecting Account Property createdTime VERBOSE: Updating Account Remote Machine Access Properties remoteMachines value to: '' There was an error onboarding @ into the Password Vault. Error: Source:System.Management.Automation; Message: Method invocation failed because [Selected.System.String] does not contain a method named 'Remove'. Logoff Session... VERBOSE: Invoke-RestMethod -Uri https://116-comp001.south.local/passwordvault//api/auth/Logoff -Method Post -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000 VERBOSE: POST https://116-comp001.south.local/passwordvault//api/auth/Logoff with 0-byte payload VERBOSE: received 16-byte response of content type application/json; charset=utf-8 VERBOSE: Invoke-REST Response: @{LogoffUrl=}

[AssafMiron]

Gotcha! :) Pushed another update to try and fix it

On Wed, Oct 7, 2020 at 2:00 PM NathTheDude notifications@github.com wrote:

Hey,

got a new error:

VERBOSE: Inspecting Account Property categoryModificationTime VERBOSE: Inspecting Account Property id VERBOSE: Inspecting Account Property name VERBOSE: Inspecting Account Property address VERBOSE: Inspecting Account Property userName VERBOSE: Inspecting Account Property platformId VERBOSE: Inspecting Account Property safeName VERBOSE: Inspecting Account Property secretType VERBOSE: Inspecting Account Property platformAccountProperties VERBOSE: Inspecting Account Property ExtraPass1Folder VERBOSE: Inspecting Account Property ExtraPass1Name VERBOSE: Inspecting Account Property ExtraPass1Safe VERBOSE: Updating Account Property 002 value from: '002' to: '001' VERBOSE: Inspecting Account Property ExtraPass2Folder VERBOSE: Inspecting Account Property ExtraPass2Name VERBOSE: Inspecting Account Property ExtraPass2Safe VERBOSE: Updating Account Property 002 value from: '002' to: '001' VERBOSE: Inspecting Account Property ExtraPass3Folder VERBOSE: Inspecting Account Property ExtraPass3Name VERBOSE: Inspecting Account Property ExtraPass3Safe VERBOSE: Inspecting Account Property secretManagement VERBOSE: Inspecting Account Property automaticManagementEnabled VERBOSE: Updating Account Property True value from: 'True' to: 'False' VERBOSE: Since Account Automatic management is off, adding the Manual management reason VERBOSE: Inspecting Account Property lastModifiedTime VERBOSE: Inspecting Account Property createdTime VERBOSE: Updating Account Remote Machine Access Properties remoteMachines value to: '' There was an error onboarding @ into the Password Vault. Error: Source:System.Management.Automation; Message: Method invocation failed because [Selected.System.String] does not contain a method named 'Remove'. Logoff Session... VERBOSE: Invoke-RestMethod -Uri https://116-comp001.south.local/passwordvault//api/auth/Logoff -Method Post -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000 VERBOSE: POST https://116-comp001.south.local/passwordvault//api/auth/Logoff with 0-byte payload VERBOSE: received 16-byte response of content type application/json; charset=utf-8 VERBOSE: Invoke-REST Response: @{LogoffUrl=}

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/cyberark/epv-api-scripts/issues/138#issuecomment-704859935, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC3PN3OADMLDFWAF5I4PBBDSJRC6JANCNFSM4SCIFEHA .

[AssafMiron]

Hey @NathTheDude Any updates?

[NathTheDude-zz]

Hey @AssafMiron, Looks like the WIP and Master are the same for the AOU, I get the following error still:

[2020-10-22 04:11:36] [VERBOSE] Invoke-RestMethod -Uri https://116-comp001.south.local/passwordvault//api/Accounts/41_3 -Method PATCH -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -Body [{"op":"replace","path":"/platformAccountProperties/ExtraPass1Safe","value":"001"},{"op":"replace","path":"/platformAccountProperties/ExtraPass2Safe","value":"001"},{"op":"replace","path":"/secretManagement/automaticManagementEnabled","value":false},{"op":"add","path":"/secretManagement/manualManagementReason","value":"[No Reason]"},{"op":"remove","path":"/remoteMachinesAccess/remoteMachines"},{"op":"remove","path":"/remoteMachinesAccess/accessRestrictedToRemoteMachines"}] -TimeoutSec 36000 [2020-10-22 04:11:36] [ERROR] Error Message: {"ErrorCode":"CAWS00001E","ErrorMessage":"PASWS166E Parameter [remoteMachines] must be specified with parameter [accessRestrictedToRemoteMachines]."} [2020-10-22 04:11:36] [ERROR] Exception Message: The remote server returned an error: (400) Bad Request. [2020-10-22 04:11:36] [ERROR] Status Code: 400 [2020-10-22 04:11:36] [ERROR] Status Description: Bad Request

[AssafMiron]

Thanks @NathTheDude Just so I can better understand the use cases here How did the account look like before the update? (specifically the Remote Machines Access part) What is the platform (does the platform has remote machines?)? Did the account already had a list of remote machines? was the access restricted to remote machines selected?

Thanks, Assaf

[NathTheDude-zz]

Sure, so it is a linux account so there is not a need for the remote machines FC as it will only be connecting to the one target that is specified in the address. The additional parameters (in my usecase) are the extrapass FC's.

[AssafMiron]

OK - thanks! I would now try to limit this removal only for Windows Platforms so you can check to see if that works, in parallel I would think what would be a better way to control it Push WIP to come in a few minutes :)

[NathTheDude-zz]

Thanks, will have a look at this again tomorrow.

[NathTheDude-zz]

Looks like it is now expecting the platfromid to be included:

[2020-10-23 10:58:22] [VERBOSE] Since Account Automatic management is off, adding the Manual management reason [2020-10-23 10:58:22] [VERBOSE] Inspecting Account Property lastModifiedTime [2020-10-23 10:58:22] [VERBOSE] Inspecting Account Property createdTime

[2020-10-23 10:58:22] [ERROR] There was an error onboarding @ into the Password Vault. Error: Source:System.Management.Automation; Message: Cannot validate argument on parameter 'platformId'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. ->Source:System.Management.Automation; Message: The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.

[2020-10-23 10:58:22] [VERBOSE] Invoke-RestMethod -Uri https://116-comp001.south.local/passwordvault/api/auth/Logoff -Method Post -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000 [2020-10-23 10:58:22] [VERBOSE] Invoke-REST Response: @{LogoffUrl=} [2020-10-23 10:58:22] [INFO] Vaulted 0 out of 1 accounts successfully.

[AssafMiron]

Gotcha, added another push to fix it - I changed the source object from where I test the Platform ID, no need to change your test

On Fri, Oct 23, 2020 at 1:01 PM NathTheDude notifications@github.com wrote:

Looks like it is now expecting the platfromid to be included:

[2020-10-23 10:58:22] [VERBOSE] Since Account Automatic management is off, adding the Manual management reason [2020-10-23 10:58:22] [VERBOSE] Inspecting Account Property lastModifiedTime [2020-10-23 10:58:22] [VERBOSE] Inspecting Account Property createdTime

[2020-10-23 10:58:22] [ERROR] There was an error onboarding @ into the Password Vault. Error: Source:System.Management.Automation; Message: Cannot validate argument on parameter 'platformId'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. ->Source:System.Management.Automation; Message: The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.

[2020-10-23 10:58:22] [VERBOSE] Invoke-RestMethod -Uri https://116-comp001.south.local/passwordvault/api/auth/Logoff -Method Post -Header System.Collections.Generic.Dictionary`2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000 [2020-10-23 10:58:22] [VERBOSE] Invoke-REST Response: @{LogoffUrl=} [2020-10-23 10:58:22] [INFO] Vaulted 0 out of 1 accounts successfully.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cyberark/epv-api-scripts/issues/138#issuecomment-715239891, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC3PN3JWUMPYMXGCXQHU2XTSMFIBLANCNFSM4SCIFEHA .

[NathTheDude-zz]

looks like it is now retrieve the platform information but after that it is failing:

[2020-10-26 08:36:54] [VERBOSE] Invoke-RestMethod -Uri https://116-comp001.south.local/passwordvault//api/Platforms/_Test001 -Method Get -Header System.Collections.Generic.Dictionary2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000 [2020-10-26 08:36:54] [VERBOSE] Invoke-REST Response: @{PlatformID=_Test001; Details=; Active=True} [2020-10-26 08:36:54] [ERROR] There was an error onboarding @ into the Password Vault. Error: Source:System.Management.Automation; Message: Unable to find type [System.WebException]. [2020-10-26 08:36:54] [VERBOSE] Invoke-RestMethod -Uri https://116-comp001.south.local/passwordvault//api/auth/Logoff -Method Post -Header System.Collections.Generic.Dictionary2[System.String,System.String] -ContentType "application/json" -TimeoutSec 36000

[AssafMiron]

Thanks for the update @NathTheDude I pushed another update to the Debug branch If you don't mind me asking, what is the Powershell version you are running? the error of not finding the System.WebExpection is strange to me as I know it worked for Powershell v3 and might have changed in Powershell version 5 and 6

Regards, Assaf

[NathTheDude-zz]

Server 2016 - PowerShell v5 (5.1.14393.2879)

[AssafMiron]

Is it possible that you share a debug log of your test?

On Mon, Oct 26, 2020 at 1:07 PM NathTheDude notifications@github.com wrote:

Just tested with the latest WIP version, seems to be doing something similar to what it did a while back.

It will only change one FC at a time. If there are thre FC's that have been updated (my example, ExtraPass1Safe, ExtraPass2Safe, ExtraPass3Safe), then I have to run the script three times

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cyberark/epv-api-scripts/issues/138#issuecomment-716477376, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC3PN3OGA5PTYCHCLAEBUP3SMVJ65ANCNFSM4SCIFEHA .

[NathTheDude-zz]

Account_Onboarding_Utility.log

[AssafMiron]

Thanks for the info @NathTheDude Digging up a bit with you and CyberArk I think the issue is related to the fact that the safe was not managed by CPM It would be good if you can confirm that when trying to update multiple properties on an account in a safe that is managed the script works as expected. by the way, I merged the changes and a few other minor fixes to main so you could take the latest from there

Regards, Assaf

[bab29]

@NathTheDude-zz

Can you confirm this has been resolved and we can close this?