Closed dokki767 closed 5 years ago
pspete
commented
5 years ago Hi @dokki767 - unfortunately I cannot reproduce:
I even created a "Details" file category so that I could use your exact command - I see the account getting added successfully.
dokki767
commented
5 years ago @pspete Thanks for the screenshot, that helped me pin down the issue i think. Even though platformAccountProperties is successfully getting populated on the account, that API response is not getting properly interrogated by the cmdlet for that property. I'm missing that field in my return output. See SS.
pspete
commented
5 years ago There is an ItemSelctionCondition in the psPAS.CyberArk.Vault.Account.Formats.ps1xml file; if the property is not returned from the API, it is not included in the output object.... It appears platformAccountProperties is not coming back from the API in your case - can be confirmed by checking with this:
Add-PASAccount -your -command -here | Select-Object *
dokki767
commented
5 years ago That property does not appear to be coming back.
pspete
commented
5 years ago As it looks to be an issue server side - If you do get the property back when using Invoke-RestMethod or Invoke-WebRequest outside of the module let me know and I can look into what the issue might be.
dokki767
commented
5 years ago I'd like to re-open this issue if possible. I've further isolated this issue to the get-PASserver command within the version check of the logon process. The errors are not coming from the Add-PASAccount command.
PS Microsoft.PowerShell.Core\FileSystem::\\contoso.com\Users\User1\Documents\Utilities> $token = new-passession -Credential $creds -baseuri https://pwa.contoso.com -verbose -type ldap
VERBOSE: Performing the operation "Logon with User 'User1'" on target "https://pwa.contoso.com/PasswordVault".
VERBOSE: POST https://pwa.contoso.com/PasswordVault/api/Auth/ldap/Logon with -1-byte payload
VERBOSE: received 182-byte response of content type application/json; charset=utf-8
VERBOSE: Assigning token to CyberArkLogonResult
VERBOSE: SessionVariable Passed; Processing WebSession
VERBOSE: GET https://pwa.contoso.com/PasswordVault/WebServices/PIMServices.svc/Server with 0-byte payload
WARNING: Could Not Determine CyberArk Version
PS Microsoft.PowerShell.Core\FileSystem::\\contoso.com\Users\User1\Documents\Utilities> $error
Invoke-PASRestMethod : The remote server returned an error: (500) Internal Server Error.
At line:78 char:13
+ ... $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $sess ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : 500,Invoke-PASRestMethod
ConvertFrom-Json : Invalid JSON primitive: The.
At line:168 char:30
+ $response = $response | ConvertFrom-Json
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [ConvertFrom-Json], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.ConvertFromJsonCommand
Invoke-WebRequest : The remote server returned an error: (500) Internal Server Error.
At line:132 char:19
+ ... $webResponse = Invoke-WebRequest @PSBoundParameters -ErrorAction Stop
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
PS Microsoft.PowerShell.Core\FileSystem::\\contoso.com\Users\User1\Documents\Utilities> $token | get-passerver -verbose
VERBOSE: GET https://pwa.contoso.com/PasswordVault/WebServices/PIMServices.svc/Server with 0-byte payload
Invoke-PASRestMethod : The remote server returned an error: (500) Internal Server Error.
At line:78 char:13
+ ... $result = Invoke-PASRestMethod -Uri $URI -Method GET -Headers $sess ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : 500,Invoke-PASRestMethodThe simplest way to confirm:
$token = new-passession -Credential $creds -baseuri https://pwa.contoso.com -verbose -type ldap -SkipVersionCheckSpecifying the SkipVersionCheck switch parameter on New-PASSession will mean Get-PASServer is not invoked just after authentication.
dokki767
commented
5 years ago Using -SkipVersionCheck does result in these errors not being thrown, get-passerver would be our culprit here.
pspete
commented
5 years ago You only see the error when interrogating the $error variable right? as in, it is actually getting caught inside New-PASSession (hence the warning message).
I cannot say why Get-PASServer is not working for you, but utilizing -SkipVersionCheck will avoid the related errors being raised - module functionality should not be affected at all - it is only used to calculate the value of the version property (which in any case defaults to 0.0 if there is an issue).
dokki767
commented
5 years ago Correct, i only see the issue when i call $error, which is part of our standard logging output in processes during script shutdown. I'm fine using -SkipVersionCheck as a workaround since functionality seems to be unaffected. I'll keep playing around to see if I can further determine the cause but would be nice to determine a RC for this and a fix.
Your Environment
Expected Behaviour
During Add-PASAccount, the cmdlet throws 2 non-terminating errors. The errors appear to be informational only, no functionality seems to be affected. Expected behavior is no errors for a successful upload.
Current Behaviour
2 non-terminating, non-process impacting errors are being thrown. The entirety of the REST call appears to be successful, so I'm not sure what's going on. A new account is being created in the correct safe with all the correct parameters and values being set. The errors appear to be cosmetic only so I'm currently working on doing additional error checking as a safeguard but I most likely will be ignoring these until I can identify the underlying issue.
Possible Solution
Unsure
Steps to Reproduce (for bug reports)
$DetailsHashtable = @{} $DetailsHashtable.Add("Details","My test account description") $VaultAuthToken = New-PASSession -credential $VaultCreds -baseURI 'https://pwa.contoso.com' -Verbose -type LDAP $UploadDetails = $VaultAuthToken | Add-PASAccount -safeName "MySafe" -platformID 'UnmanagedApp' -Name "TestUpload1" -userName "TestUpload1" ` -address "contoso.com" -automaticManagementEnabled $FALSE -manualManagementReason "Passwords can't expire for availabilty" -secretType Password -secret $NewSecurePassword -PlatformAccountProperties $DetailsHashtable
Sample Output
PS C:\Temp\Utilities> $error[3] Invoke-PASRestMethod : The remote server returned an error: (500) Internal Server Error. At line:78 char:13
PS C:\Temp\Utilities> $error[4] ConvertFrom-Json : Invalid JSON primitive: The. At line:168 char:30
PS C:\Temp\Utilities> $error[4].exception.stacktrace at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializePrimitiveObject() at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeInternal(Int32 depth) at System.Web.Script.Serialization.JavaScriptObjectDeserializer.BasicDeserialize(String input, Int32 depthLimit, JavaScriptSerializ er serializer) at System.Web.Script.Serialization.JavaScriptSerializer.Deserialize(JavaScriptSerializer serializer, String input, Type type, Int32 depthLimit) at Microsoft.PowerShell.Commands.JsonObject.ConvertFromJson(String input, ErrorRecord& error) at Microsoft.PowerShell.Commands.ConvertFromJsonCommand.ConvertFromJsonHelper(String input) at System.Management.Automation.CommandProcessorBase.Complete()
Context