403 error after creating connection

[deanhinson]

Hello Pete,

Thank you for all the help on the previous issues I was having. I got everything figured out with my PVWA and upgraded my PowerShell to 5.1. I can confirm that the module does not work with PowerShell 4. I am not getting a different error that doesn't make much sense to me.

CyberArk Version: 9.9.5 Poweshell Version 5.1 Server: Windows 2012 R2

I can now create a session and receive a token.

Attached are two ways to confirm that I am getting a response and a token from the API. As you can see in the 1st screenshot I received a 403 error. It is weird though because as you can see the "Find-PASSafe" command works. I tried the "Get-PASLoggedOnUser" and got this 403 error saying their is an error with the token. This is just on example command and it is happening with other commands as well.

[pspete]

What version of the module? What happens if you run Get-PASSession?

[deanhinson]

I am sorry for not including it. I have version 3.1.13. When I do the command you asked it comes up with the same 403 error. The credentials I am using are admin credentials and work when logging into the web interface.

[pspete]

Try the latest version (3.2)

[deanhinson]

Just upgraded to the current version 3.2.32 and still get the same 403 token error.

[pspete]

The EPVWS009E The Web component was not initialized properly error being returned suggests there is still an issue with the server configuration.

• Authentication is successful
• Find-PASSafe returns result (session token is ok)

Check your logs after the error manifests to gain more insight - I am unable to reproduce this issue.

[deanhinson]

After more testing it I can confirm there is more wrong with my configuration. Attached is another error confirming that my environment is the problem again. Thank you for all the patience.

[pspete]

Reconcile is not supported by the API in 9.95 (at least 9.10 is required). With a properly configured PVWA, psPAS should pickup the PAS version and give a meaningful error message detailing that the command is not supported for your version.

[deanhinson]

In the documentation for the module it says that Verify,Change, and Reconcile are all compatible with 9.7. Is that incorrect?

[pspete]

The documentation says 9.7 is the minimum version required for the Invoke-PASCPMOperation function, but the Classic API only supports Change & Verify. Invoke-PASCPMOperation rolls all available CPM related API methods into a single function. 9.10 is the version when support for the updated Verify, Change & Reconcile API methods were introduced. 10.1 introduced ability to specify next password value on change & change password only in the vault capability. I'll put additional clarification into the function help text.

[deanhinson]

Thank you for all the help Pete it is much appreciated. This ticket will be closed now as the error I am getting is not related to PSPAS again. I appreciate your patience and understanding. It would be helpful is you also made the documentation more clear on the CPM operation cmdlet.