search

pspete / psPAS

PowerShell module for CyberArk Privileged Access Security REST API
https://pspas.pspete.dev
MIT License
293 stars 91 forks source link

Get-PASSafe returns a (500) Internal Server Error #267

Closed DougGalan closed 4 years ago

DougGalan commented 4 years ago

We have two PVWA that are load balanced. We are on CyberArk v11.3 version. We are using a "CyberArk" authentication method through the psPAS module. We are able to authenticate with no issues, we are also able to run the "Find-PASSafe" command with no issues, and some other commands. However, when I try to use "Get-PASSafe" I get an error saying "Inovke-WebRequest : The remote server returned an error: (500) Internal Error. At line: 209 char: 19 and I get the same error when I try to run the "Get-PASSafeMember"

The current PowerShell version is 5.1.17763.1007

pspete commented 4 years ago

@DougGalan - you have not mentioned which psPAS version you are using. The behaviour you describe is not reproducible. Testing invocations of Get-PASSafe from psPAS version 3.5.8 exhibits: Get-PASSafe returns the expected list of all safes the authenticated user has access to. Get-PASSafe -SafeName Some_Safe returns the expected details of the safe with name Some_Safe. Get-PASSafe -query QueryPattern returns all safes matching the query.

What version of psPAS is being used? What steps should someone execute to attempt to reproduce the issue? Does the issue occur for all 3 parameter sets of the Get-PASSafe function?

DougGalan commented 4 years ago

Hello @pspete, thank you so much for your prompt response. The psPAS version being used is 3.5.8 and all of the commands you mentioned above, return the same error that I described on my original comment. It is hard to try to replicate the error, because if I run the same exact commands on my lab environment, I get the results wanted, but on the production environment I get the error mentioned. So, I am trying to figure out what is different on the prod environment.

Also, I noticed this on the CyberArk.WebApplication.log

[28/05/2020 | 16:04:40.316343] | {pid=10504} | {tid= 14668} | :: | EPVDL005E Application Error! Page=[https://pvwasloadbalanceraddress/PasswordVault/WebServices/PIMServices.svc/Server] Error=[There was no channel actively listening at 'https://oneofthepvwaserversaddress/PasswordVault/WebServices/PIMServices.svc/Server'. This is often caused by an incorrect address URI. Ensure that the address to which the message is sent matches an address on which a service is listening.] Stack Trace=[ at System.ServiceModel.Activation.HostedHttpTransportManager.HttpContextReceived(HostedHttpRequestAsyncResult result)

Thank you in advance

pspete commented 4 years ago

There is no fix to apply to any code in the module to solve this, hence closing. Suggest working via your usual support channels for resolution.

DougGalan commented 4 years ago

Got it! Thank you @pspete

mbrownnycnyc commented 3 years ago

@DougGalan were you able to resolve this? It looks like this may be the fix: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/Implementing%20Privileged%20Account%20Security%20Web%20Services%20.htm#rest%C2%A0api-does-not-work