search

dnewsholme / PasswordState-Management

Powershell Module For Management of Passwordstate. (Powershell Core Compatible)
GNU General Public License v3.0
39 stars 14 forks source link

Set-PasswordStatePassword gives a SecurityProtocol error #152

Closed TurnItOff-OnAgain closed 2 years ago

TurnItOff-OnAgain commented 2 years ago

Running PasswordState on Server 2022. Freshly set up server, migrated PasswordsState Environment, using the API key for the password list containing the passwords I am updating, running the script right on the Passwordstate server. I've never used this module before, used to use a different one that is no longer in development.

Running this loop to update the local admin passwords saved from LAPS in AD to pstate

Foreach ($c in $comps){

    $reset = [DateTime]::FromFileTime($c.'ms-Mcs-AdmPwdExpirationTime').ToString('g')

    $p = $c.'ms-Mcs-AdmPwd'

    $found = $list | Where-Object {$_.title -eq $c.name}
        if ($found.title -eq $null){
        New-PasswordStatePassword -PasswordListId $ListID -Title "$($c.name)" -Username "Administrator" -Description "$reset" -Password $pass
    }
    if ($found.description -ne "$reset" -and $found.description -ne $null){
        Set-PasswordStatePassword -PasswordId $found.passwordid -Password $p
    }
}

Gives this error when it gets to an entry that hits the second if comand to run the Set-PasswordStatePassword command.

PS C:\Windows\system32> $error[0] | select *

PSMessageDetails      : 
Exception             : System.Management.Automation.RuntimeException: Exception setting "SecurityProtocol": "Cannot convert null to type "System.Net.SecurityProtocolType" due to enumeration values that are not valid. Specify one of the following 
                        enumeration values and try again. The possible enumeration values are "SystemDefault,Ssl3,Tls,Tls11,Tls12,Tls13"."
TargetObject          : Exception setting "SecurityProtocol": "Cannot convert null to type "System.Net.SecurityProtocolType" due to enumeration values that are not valid. Specify one of the following enumeration values and try again. The possible 
                        enumeration values are "SystemDefault,Ssl3,Tls,Tls11,Tls12,Tls13"."
CategoryInfo          : OperationStopped: (Exception setti...,Tls12,Tls13".":String) [], RuntimeException
FullyQualifiedErrorId : Exception setting "SecurityProtocol": "Cannot convert null to type "System.Net.SecurityProtocolType" due to enumeration values that are not valid. Specify one of the following enumeration values and try again. The possible 
                        enumeration values are "SystemDefault,Ssl3,Tls,Tls11,Tls12,Tls13"."
ErrorDetails          : 
InvocationInfo        : System.Management.Automation.InvocationInfo
ScriptStackTrace      : at Set-PasswordStatePassword<Process>, <No file>: line 208
                        at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo : {}

The password entry does actually update though. It also completely stops the loop on the first instance of updating a password.

Running that error through google had me checking security protocols

PS C:\Windows\system32> [System.Net.ServicePointManager]::SecurityProtocol Tls, Tls11, Tls12

PS C:\Windows\system32> [enum]::GetNames([Net.SecurityProtocolType]) SystemDefault Ssl3 Tls Tls11 Tls12 Tls13

This really isn't in my wheelhouse though, so I'm kinda lost from here.

dnewsholme commented 2 years ago

Hi @TurnItOff-OnAgain, this is a bug. It's leftover code which needs removing.

Thanks for bringing to my attention. A new build of 4.4.43 should be on the PSgallery in a few minutes which will resolve the issue.