search

davehull / Kansa

A Powershell incident response framework
Apache License 2.0
1.56k stars 266 forks source link

Cannot validate argument on parameter 'Session' error #148

Closed robertstrom closed 8 years ago

robertstrom commented 8 years ago

Hello,

I have Kansa installed on a Windows 10 system and a Window 7 system and I am getting this error on both systems whether running the command against localhost or a remote system. I have tried it with several commands and gotten the same results with all

PS C:\Temp\PowerShell\Kansa-master> .\kansa.ps1 -Target localhost -ModulePath .\Modules\ -Verbose VERBOSE: Found .\Modules\Modules.conf. VERBOSE: Running modules: Get-PrefetchListing Get-WMIRecentApps Caught: Cannot validate argument on parameter 'Session'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. Script completed with warnings or errors. See C:\Temp\PowerShell\Kansa-master\Output_20160817162920\Error.Log for details. Kansa-master-logs.zip

PS C:\Temp\PowerShell\Kansa-master> .\kansa.ps1 -Target localhost -ModulePath .\Modules\ -Verbose VERBOSE: Found .\Modules\Modules.conf. VERBOSE: Running modules: Get-PrefetchListing Get-WMIRecentApps Caught: Cannot validate argument on parameter 'Session'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. Script completed with warnings or errors. See C:\Temp\PowerShell\Kansa-master\Output_20160817162627\Error.Log for details.

PS C:\Temp\PowerShell\Kansa-master> .\kansa.ps1 -ModulePath ".\Modules\Process\Get-PrefetchFiles.ps1" -Target RemoteMachineName

VERBOSE: Running module: Get-PrefetchFiles Caught: Cannot validate argument on parameter 'Session'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. Script completed with warnings or errors. See C:\Temp\PowerShell\Kansa-master\Output_20160817162801\Error.Log for details.

I have used Kansa successfully in the past but not on these two systems.

The Windows 10 system has

PS C:\Temp\PowerShell\Kansa-master> $PSVersionTable.PSVersion

Major Minor Build Revision

5 0 10586 494

The Windows 7 system has PS C:\Temp\PowerShell\Kansa-master> $PSVersionTable.PSVersion

Major Minor Build Revision

4 0 -1 -1

Hoping that you can help me solve the issue.

Thanks,

Robert Kansa-master-logs.zip

jt-msft commented 8 years ago

The underlying issue is with PowerShell, not Kansa. PowerShell will not open a remote session with "localhost" but if you use $env:COMPUTERNAME as your target instead, it will work.

C:\datadump\Source\git\Kansa [master ≡]> .\kansa.ps1 -Target $env:COMPUTERNAME -ModulePath .\Modules\Process\Get-ProcsWMI.ps1 -Verbose
VERBOSE: Running module:
Get-ProcsWMI
VERBOSE: Waiting for Get-ProcsWMI to complete.

Id     Name            PSJobTypeName   State         HasMoreData     Location             Command
--     ----            -------------   -----         -----------     --------             -------
2      Job2            RemoteJob       Completed     True            JTURNER-DEV         <#...
nrvguitarist commented 7 years ago

@z4ns4tsu The OP mentions getting the error for both localhost and remote systems. I am getting the same error also against localhost and remote sytems, on a Win7 and Win10 box, and I tried every -Target combination I could think of including your suggestion above, $env:COMPUTERNAME.

Caught: Cannot validate argument on parameter 'Session'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.

Win 7 PSversion 4\0-1-1 WIn 10 PSversion 5\1\14393\1480

Any Ideas?

slw07g commented 7 years ago

The issue is that the kansa script defaults to kerberos authentication.

So, you need to specify -Authentication Default when you want to run kansa locally.

tbalz2319 commented 6 years ago

I'm having this issue also:

I have tried -Authentication Default with no luck

I'm running on Windows 10 .\kansa.ps1 -Authentication Default -Target $env:COMPUTERNAME -ModulePath .\Modules -Verbose

and the error i get is:

Caught: Cannot validate argument on parameter 'Session'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. Script completed with warnings or errors.

inside the error log i get:

failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. Exit-Script function was passed an error, this may be a duplicate that wasn't previously cleared, or Kansa.ps1 has crashed. Cannot validate argument on parameter 'Session'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.

I'm just testing Kansa locally on one system

slw07g commented 6 years ago

Is the computer joined to a domain? If so, when specifying the username, use <hostname>\<username>. Or on the commandline specify -Credential <hostname>\<username> where <hostname> is the name of the computer Kansa is being run on.

Script-Nomad commented 6 years ago

Also running into this error. Even after trying @slw07g's suggestion and all above, it fails.

ghost commented 6 years ago

I had exactly same issues as above ( Win 10 - attempting to test the script on localhost ) after trying all the commands. What fixed it for me was running Enable-PSRemoting as i had never 'enabled' it in the first place.

xHascox commented 4 years ago

Got the same issue, this worked for me

.\kansa.ps1 -Authentication Basic -Credential (Get-Credential) -Target $env:COMPUTERNAME -ModulePath .\Modules -Verbose