Closed mwjcomputing closed 6 years ago
Hi @mwjcomputing - I have not seen this come up (until now). The commands look good, which makes me think an error object is perhaps causing an issue in the function that calls the web service - just a guess at this point. I run PowerShell version 5.1, so cannot test in 3.0 (but I am not aware of any script features which are not supported in v3).
Can you run:
$VerbosePreference = "Continue"; $DebugPreference="Continue"
Then run your commands again - if you can share the verbose/debug output, it may shed some more light on what is happening.
Also - the version of CyberArk will inform which commands from the module can be run - Get-PASSafe
is only available from 9.7 onwards
Here is the information with information specific to my environment changed as I am posting on the internet.
PS C:\Users\user> $session = New-PASSession -Credential $(Get-Credential) -BaseURI 'https://cyberarkurl'
cmdlet Get-Credential at command pipeline position 1 Supply values for the following parameters: Credential DEBUG: Function: Get-PASParameter DEBUG: Removing Parameter: Debug DEBUG: Removing Parameter: ErrorAction DEBUG: Removing Parameter: ErrorVariable DEBUG: Removing Parameter: OutVariable DEBUG: Removing Parameter: OutBuffer DEBUG: Removing Parameter: PipelineVariable DEBUG: Removing Parameter: Verbose DEBUG: Removing Parameter: WarningAction DEBUG: Removing Parameter: WarningVariable DEBUG: Removing Parameter: WhatIf DEBUG: Removing Parameter: Confirm DEBUG: Removing Parameter: sessionToken DEBUG: Removing Parameter: BaseURI DEBUG: Removing Parameter: AccountID DEBUG: Removing Parameter: SessionVariable DEBUG: Removing Parameter: WebSession DEBUG: Removing Parameter: PVWAAppName DEBUG: Removing Parameter: Credential DEBUG: Function: Invoke-PASRestMethod DEBUG: Security Protocol: Tls12 DEBUG: [URI, https://cyberarkurl/PasswordVault/WebServices/auth/Cyberark/CyberArkAuthenticationService.svc/Logon] [Method, POST] [Body, { "username": "username", "password": "password" }] [SessionVariable, PASSession] [ContentType, application/json] VERBOSE: POST https://cyberarkurl/PasswordVault/WebServices/auth/Cyberark/CyberArkAuthenticationService.svc/Logon with 73-byte payload VERBOSE: received 503-byte response of content type application/json; charset=utf-8 DEBUG: Status code: 200 VERBOSE: SessionVariable Passed; Processing WebSession PS C:\Users\user> $session | Get-PASSafe DEBUG: Function: Invoke-PASRestMethod DEBUG: Security Protocol: Tls12 DEBUG: [URI, https://cyberarkurl/PasswordVault/WebServices/PIMServices.svc/Safes] [Method, GET] [Headers, System.Collections.Hashtable] [WebSession, Microsoft.PowerShell.Commands.WebRequestSession] [ContentType, application/json] DEBUG: Unable to cast object of type 'System.Management.Automation.PSObject' to type 'System.String'. DEBUG: Status code: Invoke-PASRestMethod : Unable to cast object of type 'System.Management.Automation.PSObject' to type 'System.String'. At C:\Users\user\Documents\WindowsPowerShell\Modules\pspas\Functions\Safes\Get-PASSafe.ps1:148 char:13
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-PASRestMetho
Thanks for that @mwjcomputing
I can see the 'New-PASSession' call gets a status code of 200 from the CyberArk Web Service, but whatever response is coming back from the 'Get-PASSafe' call is causing an exception that lands the script in a catch block.....
I am trying to somehow replicate the behavior here (no luck yet). I may be able to provide an edited 'Invoke-PASRestMethod' function that may get further towards understanding the failure.
this may help....
Using your exisiting $session
variable, the actual command being run when Get-PASSafe
is executed is:
Invoke-WebRequest -uri https://cyberarkurl/PasswordVault/WebServices/PIMServices.svc/Safes `
-method GET -headers $($session.sessionToken) -websession $($session.WebSession) -ErrorAction Stop
can you run that and see if it suceeds?
I get the following:
StatusCode : 200
StatusDescription : OK
Content : {"GetSafesResult":[{"ManagingCPM":"PasswordManager","NumberOfDaysRetention":null,"NumberOfVersionsRetention":25,"OLACEnabled":false,"SafeName":"AccountsFeedADAccounts"}...
RawContent : HTTP/1.1 200 OK
Pragma: no-cache
Content-Length: 3168
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: application/json; charset=utf-8
Expires: -1
Set-Cookie: CA22222=; path=/Pas...
Forms : {}
Headers : {[Pragma, no-cache], [Content-Length, 3168], [Cache-Control, no-cache, no-store, must-revalidate], [Content-Type, application/json; charset=utf-8]...}
Images : {}
InputFields : {}
Links : {}
ParsedHtml : mshtml.HTMLDocumentClass
RawContentLength : 3168
I get the following.
Invoke-WebRequest : Unable to cast object of type 'System.Management.Automation.PSObject' to type 'System.String'. At line:1 char:1
+ CategoryInfo : NotSpecified: (:) [Invoke-WebRequest], InvalidCastException
+ FullyQualifiedErrorId : System.InvalidCastException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
I am trying to get a system with WMF 5.1 installed to see if it is a 3.0 issue while you look at this.
Running on WMF 5.1 seems to have resolved the issues. Can't get it to work on any WMF3 systems.
I am almost certain there is nothing in the module not supported on WMF3.
Thanks for the report regardless, I'll see if the minimum version requirements for the module need to be changed. Glad you have it working .
Yeah. I was looking through your code and completely agree. It might be internal systems.
@pspete @mwjcomputing I remember that there were some changes to the webrequest cmdlets from v3.0 to v4.0, but these things are hard to track down. I'm inclined to believe this might be a problem with the way the SessionToken hashtable is constructed. Maybe try using an explicit string for the Authorization value instead of Select -expandproperty
Will give this a go @mattmcnabb - thanks for the suggestion.
@mwjcomputing - if you are able, can you see if New-PASSession.ps1 from the issue-43 branch causes the same error on WMF3?
@pspete That works on WMF3. Just was able to pull a list of safes.
Thanks for testing & confirming @mwjcomputing. Kudos @mattmcnabb - spot on with the resolution.
Will get this merged to Master
I am trying to use psPAS and am having a hard time getting it to function. For example, if I ran the following command I get the error below.
Error: Invoke-PASRestMethod : Unable to cast object of type 'System.Management.Automation.PSObject' to type 'System.String'.
This happens when trying to run any command. Below is my $PSVersionTable.
Name Value PSVersion 3.0 WSManStackVersion 3.0 SerializationVersion 1.1.0.1 CLRVersion 4.0.30319.42000 BuildVersion 6.2.9200.22198 PSCompatibleVersions {1.0, 2.0, 3.0} PSRemotingProtocolVersion 2.2
Thoughts?