Error when using Import-Module psPAS

[deanhinson]

Windows 2012 server

• PowerShell Version: 4
• psPAS Branch & Version:current branch 3.1.13
• CyberArk Version: 9.9.5.1

Steps to Reproduce (for bug reports)

I followed the steps on the github page to install and use the module.

Context

using Import-Module command. followed all steps for manual installation because I do not have PS 5 or above. I put the module in the modules file for powershell.

Error

VERBOSE:Loading module from path

'C:\Windows\system32\WindowsPowerShell\v1.0\Modules\psPAS\psPAS.psm1'.

Exception calling "Create" with "1" argument(s): "At line:224 char:3 [Flags()]enum Authorizations{

Unexpected attribute 'Flags'.
At line:224 char:12
+         [Flags()]enum Authorizations{
+                  ~~~~
Unexpected token 'enum' in expression or statement.
"
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\psPAS\psPAS.psm1:27 char:3
+         $ExecutionContext.InvokeCommand.InvokeScript(
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ParseException

Exception calling "Create" with "1" argument(s): "At line:230 char:3
+         [Flags()]enum Authorizations{
+         ~~~~~~~~~
Unexpected attribute 'Flags'.
At line:230 char:12
+         [Flags()]enum Authorizations{
+                  ~~~~
Unexpected token 'enum' in expression or statement.
"
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\psPAS\psPAS.psm1:27 char:3
+         $ExecutionContext.InvokeCommand.InvokeScript(
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : `ParseException

[pspete]

It appears I introduced some code requiring at least PowerShell v5 a while back, but did not update the modules minimum version requirement to support this.

Import-Module psPAS -ArgumentList $true might make a difference.

If I am unable to find a way to change the code in a way which is backward compatible, the minimum version requirement of the module will need to be corrected to PowerShell 5...

[deanhinson]

Just tested it out with the command you gave me and still got the same errors. Are these fatal to the module? or could I still get functionality out of it being on PowerShell 4

[deanhinson]

Is this a related error to the previous one I showed?

[pspete]

does the module import despite the errors? The psPAS commands which have version 5 specific commands in them would be New-PASDirectoryMapping & Set-PASDirectoryMapping (neither of which will you be able use anyway as they require a 10.4(ish) version of CyberArk and are not applicable to 9.9.5).

Server 500 errors are usually related to your IIS/PVWA configuration. You can search for previously logged issues around this topic - check your web.config file first: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Troubleshooting.htm#RESTAPIdoesnotwork

[deanhinson]

I looked at the config file and it has the line they wanted me to add already in it. I will look around for some previous issues on this topic. Thanks for all the help.

[deanhinson]

After looking through my Cyber Ark web logs I found something interesting. On those logs i am getting a 403 error. It is odd because the credentials I am using are Vault Administrator for the location I am trying to logon to.

[pspete]

A 403 could be generated by supplying an incorrect password for the user, or an incorrect username:

[deanhinson]

I am using the same credentials as when I log in through the web page ui.

[pspete]

I just noticed your New-PASSession command syntax. 9.9.5 of Cyberark uses the classic API - the module favors the v10 API by default. You can force use of the classic API by specifying the -UseClassicAPI switch:

New-PASSession -UseClassicAPI -Credential $cred -BaseURI https://abc.com

[deanhinson]

So this is now the error. This means I am not using an acceptable IP correct? I am confused cause looking through Cyber Ark documentation it says the API is set up automatically with the PVWA meaning that this should connect right?

[deanhinson]

So looking through the problem you stated about the web.config. I belive this may be the probelm as in https://github.com/pspete/psPAS/issues/62 you talk about how it shows itself as a 404 error. I am going to work to fix that web.config and get back to you.

[deanhinson]

I have the web.config set up properly but I still recevie the same 404 error. I am also sometimes receving this weird error:

I am not sure if this is connected at all. Also do you have any ideas why the 404 error would be happening.

[pspete]

Any chance of you upgrading to PS5 or 6 and seeing if these errors still persist? They are likely due to version specific constructs being used. You have not shared any information on a 404 error you are receiving.

Test authentication outside of the module and share results:

$url = "https://PVWA/PasswordVault/WebServices/auth/Cyberark/CyberArkAuthenticationService.svc/Logon"
$body = New-Object -Property @{"username" = "YourUser"; "password" = "SomePassword" } -TypeName psobject | ConvertTo-Json

Invoke-RestMethod -Uri $url -Method POST -ContentType "application/json" -Body $body

The Verbose & Debug output of New-PASSession may help too.

[deanhinson]

Attached are two screenshots of the 404 errors I am receiving.

[pspete]

As the authentication request in native PowerShell an error, investigation of a fix in the module is not applicable. The issue you are experiencing is external to psPAS and must be resolved first.

[deanhinson]

Yeah I was worried about that. I have opened a ticket with Cyber Ark support for the mean time. Do you have any ideas of why the 404 error is happening? Configuration of the PVWA probably right?

[pspete]

Sometimes IIS configuration. Until your configuration is fixed, I will close this issue. Feel free to comment if you feel it should be reopened.