Problems signing Powershell Scripts
Hi world,
I'm trying to sign a powershell script with a self issued code signing certificate. I created the certificate using following command lines:
"makecert.exe" -n "CN=Code Signing Certificate Root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv "%Temp%\MakeMyCert\MyCERT.pvk" "%Temp%\MakeMyCert\MyCERT.cer" -ss Root -sr localMachine
"makecert.exe" -pe -n "CN=My Certificate" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv "%Temp%\MakeMyCert\MyCERT.pvk" -ic "%Temp%\MakeMyCert\MyCERT.cer"
"pvk2pfx.exe" -pvk "%Temp%\MakeMyCert\MyCERT.pvk" -pi "%Password%" -spc "%Temp%\MakeMyCert\MyCERT.cer" -pfx "%Temp%\MakeMyCert\MyCERT.pfx" -po "%Password%"
After that I try to sign my script using the MyCert.pfx file. I made sure, that the PS1 powershell script file is saved in UTF-8. I use following powershell commands (I'm asked for a Password after Get-PfxCertificate):
$cert=Get-PfxCertificate .\MyCert.pfx
Set-AuthenticodeSignature .\MyScript.ps1 -Certificate $cert
The result I get is "UnknownError", though the signature block gets written into the MyScript.ps1 file. If I read the Authenticode signature using
Get-AuthenticodeSignature .\MyScript.ps1
it still gives me the Signer Certificate followed by "UnknownError". I really don't know where to search. As mentioned before, it is not the Encoding issue. I already played around saving the PS1 file in ASCII, UTF-8, UTF-8 w/o BOM. It doesn't
make any difference.
I think I found the problem. Do not use pvk2pfx.exe to create your pxf file. This works in Win 7 but no longer in Win 8.1 or 2012 R2. You manually need to export the certificate including the key using certmgr.msc and save it as PFX file. Then you can use
this file with the Get-PfxCertificate commandlet.
This way it also works in Win 8.1 and Server 2012 R2.
Similar Messages
-
Hello,
I have trouble with self signed Powershell scripts.
I've created a CodeSign Certificate from the internal CA in my Domain.
After that I've used this Certificate to sign PS scripts.
When I call these scripts in a running shell I get this message:
Do you want to run software from this untrusted publisher?
File z:\Applications\Scripts\HelloWorld.ps1 is published by CN=Administrator, CN=Users, DC=contoso, DC=com
and is not trusted on your system. Only run scripts from trusted publishers.
[V] Never run [D] Do not run [R] Run once [A] Always run [?] Help (default is "D")
I've imported this certificate to the Trusted Root Store of the Server and the current User Account.
So I can't explain why this is not working!
Has anyone a hint for me?
Thanks!Hi AbuNael,
After you trust the file, the script can be run. The first time you run the script, if it's digitally signed but the publisher isn't trusted, you will be prompted to add the publisher among the trusted publishers, and you can choose
the "Always run" option, the code signing certificate will be added to the "Trusted Publishers" in your certificate store, and you will no longer be prompted the next time you execute a script signed with that certificate.
Refer to:
How to Sign a PowerShell script
If there is anything else regarding this issue, please feel free to post back.
Best Regards,
Anna Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
Problems with PowerShell script
Hi guys.
Using this powershell scripts:
http://gallery.technet.microsoft.com/office/Lync-Environment-Report-cbc6fb1a
I have already a opened thread on MS TECHNET FORUM:
http://social.technet.microsoft.com/Forums/office/en-US/a23ffdf8-fb10-4386-b21b-9f06cda84bdd/lync-environment-report-draw-pictures-in-visio?forum=lyncdeploy
unable to solve the error for powershell script: New-LyncEnvDiagram.
Is there any of you Power$hell Mai$ter$ able to understand why the script ain't working?
with best regards,
bostjancHi Bostjanc,
Since we have no test enviroment, and this is difficult for us to debug the script.
Maybe you can try to leave a comment to ask the author chris for helps:
http://emptymessage.com/?p=149
If you have any feedback on our support, please click here.
Best Regards,
Anna Wang
TechNet Community Support -
Problem with powershell script
Hello All
I have the following Script that doesnt run, note that Im new at Ps and it is modified from another one seen in other post
$Parameters = Import-Csv C:\Parameters.csv
ForEach($Parameter in $Parameters)
{ $Server = ($Parameter.Server)
$Port = ($Parameter.Port)
If ( Test-Connection $Server -Count 1 -Quiet) {
try {
$null = New-Object System.Net.Sockets.TCPClient -ArgumentList $Server,$Port
$props = @{
Server = $server
PortOpen = 'Yes'
catch {
$props = @{
Server = $Server
PortOpen = 'No'
Else {
$props = @{
Server = $server
PortOpen = 'Server did not respond to ping'
New-Object PsObject -Property $props
However when I try to run it in the Powershell ISE I get the following error.
PS C:\Windows\system32> C:\PorVerification\PortVerification.Ps1
Test-Connection : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
At C:\PorVerification\PortVerification.Ps1:9 char:25
+ If ( Test-Connection <<<< $Server -Count 1 -Quiet) {
+ CategoryInfo : InvalidData: (:) [Test-Connection], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.TestConnectionCommand
New-Object : Cannot validate argument on parameter 'Property'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
At C:\PorVerification\PortVerification.Ps1:35 char:34
+ New-Object PsObject -Property <<<< $props
+ CategoryInfo : InvalidData: (:) [New-Object], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.NewObjectCommand
Any Clue on what could it be? Im running this in Windows 7. Any help will be highly apretiated.This is because you're not getting any data for the $Server variable.
This may be due to bad data in the CSV file, or misspelled header name (first row)
You can add an if statement like:
$Parameters = Import-Csv C:\Parameters.csv
ForEach($Parameter in $Parameters)
{ $Server = ($Parameter.Server)
$Port = ($Parameter.Port)
if ($Server)
If ( Test-Connection $Server -Count 1 -Quiet) {
try {
$null = New-Object System.Net.Sockets.TCPClient -ArgumentList $Server,$Port
$props = @{
Server = $server
PortOpen = 'Yes'
catch {
$props = @{
Server = $Server
PortOpen = 'No'
Else {
$props = @{
Server = $server
PortOpen = 'Server did not respond to ping'
New-Object PsObject -Property $props
else {
"No data received for '$Server'"
So, the "if ($server)" line and its corresponding "else" will point out when you're not getting a value for $server.
I would also add some error checking for the presence of the CSV file..
Sam Boutros, Senior Consultant, Software Logic, KOP, PA http://superwidgets.wordpress.com (Please take a moment to Vote as Helpful and/or Mark as Answer, where applicable) _________________________________________________________________________________
Powershell: Learn it before it's an emergency http://technet.microsoft.com/en-us/scriptcenter/powershell.aspx http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx -
I failed to use any Powershell script in Global Conditions with error 87D00327. The script is signed and tested without problem. Setting execution policy doesn't change the result at all.
Error message as below:
In-line script returned error output: File C:\Windows\CCM\SystemTemp\e7001c04-3966-46a7-9622-26c36d9c45de.ps1 cannot
be loaded. The file C:\Windows\CCM\SystemTemp\e7001c04-3966-46a7-9622-26c36d9c4
5de.ps1 is not digitally signed. The script will not execute on the system. Ple
ase see "get-help about_signing" for more details..
At line:1 char:2
+ & <<<< 'C:\Windows\CCM\SystemTemp\e7001c04-3966-46a7-9622-26c36d9c45de.ps1'
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : RuntimeException
ScriptProvider 6/23/2014 1:45:06 PM 2516 (0x09D4)
ScriptProvider::CreateInstanceEnumAsync - Script Execution Returned :1, Error Message:File C:\Windows\CCM\SystemTemp\e7001c04-3966-46a7-9622-26c36d9c45de.ps1 cannot
be loaded. The file C:\Windows\CCM\SystemTemp\e7001c04-3966-46a7-9622-26c36d9c4
5de.ps1 is not digitally signed. The script will not execute on the system. Ple
ase see "get-help about_signing" for more details..
At line:1 char:2
+ & <<<< 'C:\Windows\CCM\SystemTemp\e7001c04-3966-46a7-9622-26c36d9c45de.ps1'
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : RuntimeException
ScriptProvider 6/23/2014 1:45:06 PM 2516 (0x09D4)
Failed in discovering instance.
Script is not signed (Error: 87D00327; Source: CCM) ScriptProvider 6/23/2014 1:45:06 PM 2516 (0x09D4)
Failed to do HandleExecQueryAsync().
Script is not signed (Error: 87D00327; Source: CCM) ScriptProvider 6/23/2014 1:45:06 PM 2516 (0x09D4)
Failed to process CScriptProvider::GExecQueryAsync.
Script is not signed (Error: 87D00327; Source: CCM) ScriptProvider 6/23/2014 1:45:06 PM 2516 (0x09D4)
I can't figure out a way to capture the temp script file mentioned in the error message so I can't verify the script locally.
Any help will be appreciated.
Sean
Regards, SeanHi, Sean.
There was a product issue with signed PowerShell detection method scripts that has been fixed in R2 CU2. I just noticed it's not mentioned in the KB article for CU2. I'm not sure what happened here but I'll have somebody look into this.
Anyway, there's a couple of caveats to consider regarding this fix in your scenario. Firstly if you're creating a PowerShell script detection method you must not copy/paste the script text -- you need to "Open" it. Secondly, if you have any previously created
PowerShell script detection methods with signed scripts, you will need to re-add the detection script (again using "Open"). Finally, you must use an administrator console that's been updated to CU2 and a client that's been updated to CU2 for this fix to be
effective.
I hope this helps resolve the issue for you.
Check out my Configuration Manager blog at http://aka.ms/ameltzer -
Problem with a package that calls powershell script
The long story short: I'm trying to schedule a SSIS package, with SQL Server Agent, that runs a powershell script/command via a proxy account. The problem seems to be that proxy account didn't have the required permissions to run a .ps1 script, so I've
changed the execution policy to "Unrestricted" of everything that could be changed (from ps command prompt):
Scope ExecutionPolicy
MachinePolicy Unrestricted
UserPolicy Unrestricted
Process Undefined
CurrentUser Unrestricted
LocalMachine Unrestricted
So far, so good! But when I try to execute the SSIS package that calls the powershell script like this:
powershell.exe -file D:\script.ps1 -FileName testme
I get the error:
AuthorizationManager check failed.
+ CategoryInfo : SecurityError: (:) [], ParentContainsErrorRecord
Exception
+ FullyQualifiedErrorId : UnauthorizedAccess
And when I try something more simple like:
powershell.exe -Command &{Get-ExecutionPolicy}
I get this:
Get-ExecutionPolicy : Access denied At line:1 char:3
+ &{Get-ExecutionPolicy}
+ ~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-ExecutionPolicy], Managem
entException
+ FullyQualifiedErrorId : System.Management.ManagementException,Microsoft.
PowerShell.Commands.GetExecutionPolicyCommand
It's worth mentioning that I can call the regular cmdlets: dir; get-content, whoami, so powershell.exe is working fine! Anyone with an idea what's going on here?Check to make sure Windows Management Instrumentation service (WMI) is Enabled and running. If it’s disabled, try enabling it and starting it to see if that clears the error.
If all else fails, go to the path noted in the error and delete the PowerShell profile file.
Arthur
MyBlog
Twitter -
How to sign a powershell script to be used for distribution
Hi,
I am new to powershell so if I'm missing out on any detail, please let me know.
We have some powershell scripts we send over to the clients to execute. Their powershell enviroment has execution policy set to 'remote signed'
Now I have read multiple blogs for how to sign the powershell script to be used at different execution levels, but my understanding is signing is for my environment only.
http://www.hanselman.com/blog/SigningPowerShellScripts.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/17/hey-scripting-guy-how-can-i-sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-2-of-2.aspx
I'm probably missing out on something obvious and I'll appreciate if someone can explain me how to sign my script so that client can use it in their environment with any execution level set.
Thanks in advance!Here's a bit more information on the subject:
http://technet.microsoft.com/en-us/library/hh847874.aspx
http://msdn.microsoft.com/en-us/library/ms537361.aspx
You can get code signing certificates from the major vendors.
Don't retire TechNet! -
(Don't give up yet - 13,085+ strong and growing) -
Hello,
I am new to powershell so please be kind :) I have a .ps1 that I want to run on a Windows 2008 web server. It runs fine when I set execution policy to Unrestricted but I do not want to do that. I guess what I want to do is sign the .ps1 script with a cert.
I have created a self signed cert that is used with a CDN. Can I use that cert? If so how do I sign the .ps1 script with that cert (is that the correct terminology)? I saw many a pages that describe using the makecert command but that is not found on my server.
Isn't there any easier way to do this?
Any help is appreciated. Thanks
JoeI was hoping to not have to install a large package on my production web server just to get the commands to create the cert and sign the script. Thanks for the link, however we have a Windows 2008 server and that page is for 2012 server. I am able to create
a self-signed cert in IIS but I am not sure how to sign a script with it.
Thanks.
Joe -
Problem with signed tcl scripts
Hi All,
Im having some difficulties getting signed scripts to work on a router.
Ive got openssl 0.9.8h installed on a FreeBSD 6.2 box, and following the documentation located below, word for word, I cant seem to get any scripts to run properly. The router just seems to continually fail to verify the digital signature.
http://www.cisco.com/en/US/docs/ios/12_4t/netmgmt/configuration/guide/sign_tcl.html#wp1079441
When trying to run a script I usually end up with the following error messages:
Invalid Signature
May 10 04:54:30.845: ../cert-c/source/p7spprt.c(614) : E_VERIFY_ASN_SIGNATURE : error verifying digital signature
May 10 04:54:30.849: CRYPTO_PKI: status = 0x725(E_VERIFY_ASN_SIGNATURE : error verifying digital signature): pkcs7 verify data returned status
May 10 04:54:30.849: CRYPTO_PKI: status = 0x725(E_VERIFY_ASN_SIGNATURE : error verifying digital signature): failed to verify
May 10 04:54:30.849: CRYPTO_PKI: unlocked trustpoint scriptsigning, refcount is 0
May 10 04:54:30.849: %SYS-6-SCRIPTING_TCL_INVALID_OR_MISSING_SIGNATURE: tcl signing validation failed on script signed with trustpoint name scriptsigning, cannot run the signed TCL script.
But when I try signing the example script in the document mentioned above it seems to work fine:
#tclsh flash:hello.tcl
hello
argc = 0
argv =
argv0 = flash:hello.tcl
tcl_interactive = 0
May 10 03:58:00.408: CRYPTO_PKI: self-signed cert within the pkcs7.
May 10 03:58:00.408: CRYPTO_PKI: Added x509 peer certificate - (1073) bytes
May 10 03:58:00.408: CRYPTO_PKI: chain received from the peer has been reduced to one already trusted cert
May 10 03:58:00.408: CRYPTO_PKI: validation path has 0 certs
May 10 03:58:00.408: CRYPTO_PKI: unable to get cert attributesfor AAA list authorization.
May 10 03:58:00.408: CRYPTO_PKI: chain cert was anchored to trustpoint scriptsigning, and chain validation result was: CRYPTO_VALID_CERT
May 10 03:58:00.412: CRYPTO_PKI: Success on PKCS7 verify!
May 10 03:58:00.412: CRYPTO_PKI: unlocked trustpoint scriptsigning, refcount is 0
In both cases I used the exact same private key and CA certificate to sign both scripts.
Does anyone have any clues, tips, or pointers for doing this successfully?
Cheers,
TomI found your problem. The ORIGINAL script ended in a blank line. Therefore, you need TWO lines before the signature. I took the pkcs7 file you sent, your latest cert, and then added the signature to a clean btest.tcl with a trailing newline. The result worked perfectly.
I'm attaching the signed btest.tcl along with the exact same cert and pkcs7 file you sent (I'm not attaching the private key for obvious reasons, but it is the same).
All I did was take your pkcs7 file and:
xxd -ps btest_sig.tcl.pk7 > btest.hex
(I added a newline to the top of btest.hex, added the signature header, and commented each subsequent line)
cat btest.tcl btest.hex > btest_sig.tcl
I loaded your cert into my router, then loaded the signed script:
Loading btest_sig.tcl from 14.32.100.33 (via FastEthernet0/0): !
[OK - 5618 bytes]
Bandwidth is 8434. -
SCOM 2012 Maintenance Mode PowerShell Script Problems
I've seen other questions about this topic before, but none of them seem to address my specific problem, so I am starting a new thread.
I am writing a script to put a single server (not a group) into maintenance mode. Here is the command that it ultimately tries to call:
Start-SCOMMaintenanceMode-Instance$Instance-EndTime$EndTime-Reason$Reason-Comment$Comment
So an exmaple would look like this:
Start-SCOMMaintenanceMode -Instance "$Instance -EndTime "02/03/2014 15:26:00" -Reason "PlannedOther" -Comment "Testing Maintenance Mode"
When my script tries to run this command, this is the error message that I get:
Start-SCOMMaintenanceMode : Start time must be before end time for maintenance mode.
Parameter name: startTime
At C:\users\x036036\Desktop\Start-SCOMMaintenanceModeForServer.ps1:143 char:21
+ Start-SCOMMaintenanceMode -Instance $Instance -EndTime $EndT ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Microsoft.Syste...anceModeCommand:StartSCMaintenanceModeCommand) [Start-SCOMMaintenance
Mode], ArgumentOutOfRangeException
+ FullyQualifiedErrorId : ExecutionError,Microsoft.SystemCenter.OperationsManagerV10.Commands.StartSCMaintenanceModeCommand
I've tried to look at Start-SCOMMaintenanceMode help online, but I don't see that "startTime" is a parameter. So what is this error message talking about? What am I missing?Thanks for your help. I didn't see your response until just now, but I have been playing around with this all since my last response. I got it to work. I wish I could pinpoint what exactly I changed to get it to work, but I
feel like I've been changing so much stuff that I'm not sure any more.
Just in case anyone finds it useful, here is the code.
[CmdletBinding(SupportsShouldProcess=$true)]
param
[Parameter(Mandatory=$True,
ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True,
HelpMessage='What is the server you want to put in Maintenance Mode?')]
[Alias("Server")]
[string[]]$ServerName,
[Parameter(Mandatory=$True,
ValueFromPipeline=$false,
ValueFromPipelineByPropertyName=$True,
HelpMessage='Specifies the time the maintenance will end. The minimum amount of time a resource can be in maintenance mode is 5 minutes. This is a required parameter. Format is 1/29/2014 8:59:26 AM')]
[Datetime]$end,
[Parameter(Mandatory=$False,
ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True,
HelpMessage='PlannedOther, UnplannedOther, PlannedHardwareMaintenance, UnplannedHardwareMaintenance, PlannedHardwareInstallation, UnplannedHardwareInstallation, PlannedOperatingSystemReconfiguration, UnplannedOperatingSystemReconfiguration, PlannedApplicationMaintenance, ApplicationInstallation, ApplicationUnresponsive, ApplicationUnstable, SecurityIssue, LossOfNetworkConnectivity')]
[string]$Reason,
[Parameter(Mandatory=$False,
ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True,
HelpMessage='Allows you to type a comment about the maintenance activity.')]
[string]$Comment,
[switch]$EventLog
set-strictmode -version latest
#$start=Get-Date
#$currentlog = $start.ToString()
Write-Verbose "Starting $($myinvocation.mycommand)"
Write-Verbose "Ready to put ServerName $ServerName in Maintenance Mode"
Function Start-SCOMMaintenanceModeForServer
[CmdletBinding(SupportsShouldProcess=$true)]
param
[Parameter(Mandatory=$True,
ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True,
HelpMessage='What is the server you want to put in Maintenance Mode?')]
[Alias("Server")]
[string[]]$ServerName,
[Parameter(Mandatory=$True,
ValueFromPipeline=$false,
ValueFromPipelineByPropertyName=$True,
HelpMessage='Specifies the time the maintenance will end. The minimum amount of time a resource can be in maintenance mode is 5 minutes. This is a required parameter. Format is 1/29/2014 8:59:26 AM')]
[Datetime]$end,
[Parameter(Mandatory=$False,
ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True,
HelpMessage='PlannedOther, UnplannedOther, PlannedHardwareMaintenance, UnplannedHardwareMaintenance, PlannedHardwareInstallation, UnplannedHardwareInstallation, PlannedOperatingSystemReconfiguration, UnplannedOperatingSystemReconfiguration, PlannedApplicationMaintenance, ApplicationInstallation, ApplicationUnresponsive, ApplicationUnstable, SecurityIssue, LossOfNetworkConnectivity')]
[string]$Reason,
[Parameter(Mandatory=$False,
ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True,
HelpMessage='Allows you to type a comment about the maintenance activity.')]
[string]$Comment,
[switch]$EventLog
Begin
Write-Verbose "Starting Function Start-SCOMMaintenanceModeForServer"
#Check for minumum Maintenance mode period of 5 mins.
$start = Get-Date
$5MinFromNowTime = $start.AddMinutes(5)
#$end = [datetime]$end
$end = $end.AddSeconds(5)
if($end -lt $5MinFromNowTime)
Write-Error "The time span for the maintenance mode should be at least 5 minutes." -ErrorAction Stop
Write-Verbose "Following server will be put in Maintenance Mode: $ServerName"
$MSs = Get-SCOMManagementServer
} #End Begin
Process
Write-Verbose "Checking if server $ServerName is a Management Server"
#Write-Verbose ($MSs | Select DisplayName)
if(($MSs | Select DisplayName) -eq $ServerName)
Write-Verbose "We don't want to put a Management Server in Maintenance Mode. Skipping"
else
Write-Verbose "Let's put server $ServerName in Maintenance Mode"
$Instance = Get-SCOMClassInstance -Name $ServerName
if ($PSCmdlet.ShouldProcess("Putting $ServerName in Maintenance Mode until $($end).") )
Write-Verbose ("Start-SCOMMaintenanceMode -Instance " + $Instance + " -EndTime " + $end + " -Reason " + $Reason + " -Comment " + $Comment)
Start-SCOMMaintenanceMode -Instance $Instance -end $end -Reason $Reason -Comment $Comment
}#End of whatif
}#End of else
if ($PSBoundParameters['EventLog'])
write-eventlog -LogName "Operations Manager" -Source "OpsMgr SDK Service" -EventID 999 -message "The following Objects are put into in Maintenance Mode until $($end) : $($ServerName)"
}#End if
} #End Process
End
Write-Verbose "Finished Function Start-SCOMMaintenanceModeForServer Function"
#Main
try
if ($PSBoundParameters['EventLog'])
write-eventlog -LogName "Operations Manager" -Source "OpsMgr SDK Service" -EventID 998 -message "The $($myinvocation.mycommand) is used to put Objects in Maintenance Mode"
Write-Verbose "Checking if OperationsManager Module is loaded"
#Check if OperationsManager Module is loaded.
if(!(Get-Module OperationsManager))
Write-Verbose "Importing OperationsManager Module"
Import-Module OperationsManager -ErrorAction Stop
Write-Verbose "Checking for OM2012 environment"
#Check if OM2012 is being used.
if(!(Get-Module OperationsManager).Description -eq "Operations Manager OperationsManagerV10 Module")
Write-Error "This script is only for OM2012"
#Call Function
if ($PSBoundParameters['EventLog'])
Start-SCOMMaintenanceModeForServer -ServerName $ServerName -end $end -Reason $Reason -Comment $Comment -EventLog
else
Start-SCOMMaintenanceModeForServer -ServerName $ServerName -end $end -Reason $Reason -Comment $Comment
} #End Try
catch [System.IO.FileNotFoundException]
"OperationsManager Module not found"
$_.Exception.Message
catch
Write-Warning "Oops something went wrong"
$_.Exception.Message
$end=Get-Date
Write-Debug ("Total processing time {0}" -f ($end-$start).ToString())
Write-Verbose "Ending $($myinvocation.mycommand)"
There is one remaining problem with this script. It does not correctly check to see if something is a management server. We have two management servers. These are the applicable lines, which I still haven't gotten to work yet. First, this retrieves
the list of my Management servers:
$MSs=Get-SCOMManagementServer
Next, these lines are supposed to check if the server I specified is a management server:
if(($MSs | Select DisplayName) -eq $ServerName)
Write-Verbose "We don't want to put a Management Server in Maintenance Mode. Skipping"
Thanks to the Intellisense pop-up deal, I can see that $MSs does get my two management servers. And I can clearly see that there is a DisplayName column. And I can also see that the $ServerName does match what I put in my command line. But it doesn't
seem to catch them if they are actually equal to each other. I don't know if it's because there's two Management Servers, and it doesn't know how to compare like that? Any idea? Is there some sort of loop I need to write so that it compares is to the DisplayName
for EACH Management Server it finds? Any help would be greatly appreciated. -
Using Echo Command in PowerShell Script for Configuration Item
Hello All,
Before you tell me to post my PowerShell question to the PowerShell Forum, please know that the PowerShell portion of my task works just fine. It is the SCCM portion of my task that keeps failing, so that is why I am here. To give some background...
There are two servers in our SCCM test environment. Both the SCCM server and SQL DB server are 2012, patched and updated.
Test servers in my Device Collection being used for running Baselines and Reports against are 2008R2 and 2012, patched and updated.
I have created a Configuration Item that checks to see if the FTP Server Role Feature has been installed on a 2008 or 2012 server. To do the check, I am using the following PowerShell script:
(get-windowsfeature -Name Web-Ftp-Server).Installed
When I log into my 2008R2 and 2012 test servers, and run this command directly on the server, it will return a "True" if the FTP Server Role Feature is installed on either server, and a "False" if it is not installed. Basically,
it works as advertised.
When I setup my Configuration Item and then deploy my Baseline, or run a report against my device collection of test servers, SCCM will return a correct response (True or False) for the 2012 test server, but throws the following error for the 2008R2
server:
0x87df00329 application requirement evaluation or detection failed
Google searches for this have not been very helpful.
Now, when I created the Configuration Item and referenced PowerShell, the configuration screen has the following note:
"Specify the script to find and return the value to be assessed for compliance on client devices. Use the echo command to return the script value to Configuration Manager."
Since I did not include an echo command in my PowerShell script above, I figured that was my problem, so I did the following:
Logging onto both of my test servers (2008R2 & 2012) I was able to successfully run the following PowerShell commands and get the expected responses of True or False:
(get-windowsfeature -Name Web-Ftp-Server).Installed | echo
(get-windowsfeature -Name Web-Ftp-Server).Installed | write-output (http://technet.microsoft.com/en-us/library/hh849921.aspx)
(get-windowsfeature -Name Web-Ftp-Server).Installed | write-host (http://technet.microsoft.com/en-us/library/ee177031.aspx)
However, when I use any of these PowerShell commands in my Configuration Item, NEITHER of my test servers returns a response to the SCCM server.
When I check the report, both servers show as "Unknown" and when I click on the number 2 (as in 2 servers unknown), the following report page (List of unknown assets for a configuration baseline) has absolutely no data/information at all.
So...I am at a loss.
SCCM tells me to use an echo command to return a script value to Configuration Manager. The PowerShell scripts above, with the various echo related commands, work just fine on the servers themselves, but they return no information when run via SCCM.
What am I missing?
Any help will be appreciated.
Thanks in advance for your time.Sorry for my ignorance, but I don't understand. (I forgot to mention that I am new at both PowerShell and SCCM.)
After I change the PowerShell script to add the echo/write-output/write-host cmdlet, I open the ConFig Item and "Clear" the PowerShell script and then re-add it. When I do that, it correctly shows the change in the ConFig Item.
Next I open the Baseline, then open the ConFig Item within the Baseline to make sure the change is reflected there as well, which it is.
I then deploy the Baseline to my Device Collection. After that, I run a report against the Baseline and Device Collection and it returns the "Unknown" result.
If I open the PowerShell script and remove the echo/write-output/write-host cmdlet, then go through the rest of the process of updating and reporting, the result it returns changes, showing one server in compliance and the other server out of compliance,
which leads me to think that all changes have taken correctly.
Does that sound right? If I manually deploy the Baseline, is that the same as the client retrieving policies from the management point?
Sorry to be so thick but I'm learning as I go.
Thanks again for your help. -
Trying to deploy a batch or powershell script unsuccessful
I've deployed a .cmd file out that contains a WMI script to uninstall all instances of an application called "VirtViewer". The script looks like this:
taskkill /F /IM remote-viewer.exe /T
wmic product where "name like 'VirtViewer%%'" call uninstall /nointeractive
exit /B %EXIT_CODE%
Previously, I had used MSI product codes for the uninstall, and got the same result. My original problem, is that there are currently 9 different versions of this app out there, so i am ripping them all out and replacing with 1 version. Installing over an
old version does not overwrite the older one, it instead installs a new instance.
Reading through the execmgr.log on the client, everything looks as it should.
The end result, is that nothing happens. I had originally set the program to run as hidden, but then changed it to normal but still do not see it run. The application is right where i left it, untouched. If i run the script locally it works fine, but not
when deployed. Am i missing something??
<![LOG[Service startup.]LOG]!><time="16:09:31.647+300" date="01-12-2015" component="execmgr" context="" type="1" thread="248" file="execmgr.cpp:135">
<![LOG[A user has logged on.]LOG]!><time="16:09:43.507+300" date="01-12-2015" component="execmgr" context="" type="1" thread="4256" file="execreqmgr.cpp:4911">
<![LOG[Requesting content from CAS for package VNT00018 version 21]LOG]!><time="16:11:13.649+300" date="01-12-2015" component="execmgr" context="" type="1" thread="124" file="contentaccesshelper.cpp:246">
<![LOG[Policy arrived for parent package VNT00018 program Uninstall Script]LOG]!><time="16:11:13.649+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2528" file="execreqmgr.cpp:6893">
<![LOG[Raising client SDK event for class CCM_Program, instance CCM_Program.PackageID="VNT00018",ProgramID="Uninstall Script", actionType 6l, value NULL, user NULL, session 4294967295l, level 0l, verbosity 30l]LOG]!><time="16:11:13.665+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2528" file="event.cpp:405">
<![LOG[Successfully created a content request handle {B2BA42EE-5988-47F4-BF44-ADAAC975994B} for the package VNT00018 version 21]LOG]!><time="16:11:13.665+300" date="01-12-2015" component="execmgr" context="" type="1" thread="124" file="contentaccesshelper.cpp:331">
<![LOG[Program Uninstall Script change to state STATE_ADVANCED_DOWNLOAD content available]LOG]!><time="16:11:13.665+300" date="01-12-2015" component="execmgr" context="" type="2" thread="124" file="executionrequest.cpp:3663">
<![LOG[Execution Request for advert VNT20014 package VNT00018 program Uninstall Script state change from NotExist to AdvancedDownload]LOG]!><time="16:11:13.665+300" date="01-12-2015" component="execmgr" context="" type="1" thread="124" file="executionrequest.cpp:501">
<![LOG[Raising client SDK event for class CCM_Program, instance CCM_Program.PackageID="VNT00018",ProgramID="Uninstall Script", actionType 1l, value , user NULL, session 4294967295l, level 0l, verbosity 30l]LOG]!><time="16:11:13.665+300" date="01-12-2015" component="execmgr" context="" type="1" thread="124" file="event.cpp:405">
<![LOG[Raising event:
[SMS_CodePage(437), SMS_LocaleID(1033)]
instance of SoftDistProgramOfferReceivedEvent
AdvertisementId = "VNT20014";
ClientID = "GUID:E306FF26-C884-4E36-9C03-C19523A17F40";
DateTime = "20150112211113.665000+000";
MachineName = "VM-WIN7-MIKE";
ProcessID = 1788;
SiteCode = "VNT";
ThreadID = 2528;
]LOG]!><time="16:11:13.665+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2528" file="event.cpp:715">
<![LOG[Mandatory execution requested for program Uninstall Script and advertisement VNT20014]LOG]!><time="16:11:13.680+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2564" file="execreqmgr.cpp:3527">
<![LOG[Creating mandatory request for advert VNT20014, program Uninstall Script, package VNT00018]LOG]!><time="16:11:13.680+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2564" file="execreqmgr.cpp:3653">
<![LOG[An existing MTC token was not supplied, using ExecutionRequest's Id as MTC token and this execution request is the owner of resultant MTC task.]LOG]!><time="16:11:13.696+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2564" file="executionrequest.cpp:8942">
<![LOG[Request a MTC task for execution request of package VNT00018, program Uninstall Script with request id: {D52026A7-5735-402B-868C-EF9791656512}]LOG]!><time="16:11:13.696+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2564" file="executionrequest.cpp:8966">
<![LOG[Execution Request for advert VNT20014 package VNT00018 program Uninstall Script state change from WaitingDependency to Ready]LOG]!><time="16:11:13.712+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2564" file="executionrequest.cpp:501">
<![LOG[MTC task with id {D52026A7-5735-402B-868C-EF9791656512}, changed state from 0 to 4]LOG]!><time="16:11:13.712+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="execreqmgr.cpp:6288">
<![LOG[Raising client SDK event for class CCM_Program, instance CCM_Program.PackageID="VNT00018",ProgramID="Uninstall Script", actionType 1l, value , user NULL, session 4294967295l, level 0l, verbosity 30l]LOG]!><time="16:11:13.712+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2564" file="event.cpp:405">
<![LOG[MTC signaled SWD execution request with program id: Uninstall Script, package id: VNT00018 for execution.]LOG]!><time="16:11:13.743+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="execreqmgr.cpp:6406">
<![LOG[Sending ack to MTC for task with id: {D52026A7-5735-402B-868C-EF9791656512}]LOG]!><time="16:11:13.743+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="executionrequest.cpp:9005">
<![LOG[Executing program VirtViewerUninstall.cmd in Admin context]LOG]!><time="16:11:13.743+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="executionrequest.cpp:3239">
<![LOG[Execution Request for advert VNT20014 package VNT00018 program Uninstall Script state change from Ready to NotifyExecution]LOG]!><time="16:11:13.743+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="executionrequest.cpp:501">
<![LOG[Raising client SDK event for class CCM_Program, instance CCM_Program.PackageID="VNT00018",ProgramID="Uninstall Script", actionType 1l, value , user NULL, session 4294967295l, level 0l, verbosity 30l]LOG]!><time="16:11:13.759+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="event.cpp:405">
<![LOG[Checking content location C:\Windows\ccmcache\1c for use]LOG]!><time="16:11:13.774+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="executioncontext.cpp:1663">
<![LOG[Successfully selected content location C:\Windows\ccmcache\1c]LOG]!><time="16:11:13.774+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="executioncontext.cpp:1719">
<![LOG[Executing program as a script]LOG]!><time="16:11:13.774+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="executionengine.cpp:82">
<![LOG[Successfully prepared command line "C:\Windows\ccmcache\1c\VirtViewerUninstall.cmd"]LOG]!><time="16:11:13.774+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="scriptexecution.cpp:650">
<![LOG[Command line = "C:\Windows\ccmcache\1c\VirtViewerUninstall.cmd", Working Directory = C:\Windows\ccmcache\1c\]LOG]!><time="16:11:13.774+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="scriptexecution.cpp:352">
<![LOG[Running "C:\Windows\ccmcache\1c\VirtViewerUninstall.cmd" with 32bitLauncher]LOG]!><time="16:11:13.774+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="scriptexecution.cpp:370">
<![LOG[Created Process for the passed command line]LOG]!><time="16:11:13.852+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="scriptexecution.cpp:513">
<![LOG[Raising event:
[SMS_CodePage(437), SMS_LocaleID(1033)]
instance of SoftDistProgramStartedEvent
AdvertisementId = "VNT20014";
ClientID = "GUID:E306FF26-C884-4E36-9C03-C19523A17F40";
CommandLine = "\"C:\\Windows\\ccmcache\\1c\\VirtViewerUninstall.cmd\"";
DateTime = "20150112211113.852000+000";
MachineName = "VM-WIN7-MIKE";
PackageName = "VNT00018";
ProcessID = 1788;
ProgramName = "Uninstall Script";
SiteCode = "VNT";
ThreadID = 2164;
UserContext = "NT AUTHORITY\\SYSTEM";
WorkingDirectory = "C:\\Windows\\ccmcache\\1c\\";
]LOG]!><time="16:11:13.852+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="event.cpp:715">
<![LOG[Raised Program Started Event for Ad:VNT20014, Package:VNT00018, Program: Uninstall Script]LOG]!><time="16:11:13.852+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="executioncontext.cpp:459">
<![LOG[Raising client SDK event for class CCM_Program, instance CCM_Program.PackageID="VNT00018",ProgramID="Uninstall Script", actionType 1l, value NULL, user NULL, session 4294967295l, level 0l, verbosity 30l]LOG]!><time="16:11:13.852+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="event.cpp:405">
<![LOG[Raising client SDK event for class CCM_Program, instance CCM_Program.PackageID="VNT00018",ProgramID="Uninstall Script", actionType 1l, value , user NULL, session 4294967295l, level 0l, verbosity 30l]LOG]!><time="16:11:13.868+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="event.cpp:405">
<![LOG[MTC task with id {D52026A7-5735-402B-868C-EF9791656512}, changed state from 4 to 5]LOG]!><time="16:11:13.884+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2164" file="execreqmgr.cpp:6288">
<![LOG[Program exit code 0]LOG]!><time="16:11:17.571+300" date="01-12-2015" component="execmgr" context="" type="1" thread="4128" file="scriptexecution.cpp:676">
<![LOG[Looking for MIF file to get program status]LOG]!><time="16:11:17.571+300" date="01-12-2015" component="execmgr" context="" type="1" thread="4128" file="executionstatus.cpp:282">
<![LOG[Script for Package:VNT00018, Program: Uninstall Script succeeded with exit code 0]LOG]!><time="16:11:17.571+300" date="01-12-2015" component="execmgr" context="" type="1" thread="4128" file="executionstatus.cpp:262">
<![LOG[Raising event:
[SMS_CodePage(437), SMS_LocaleID(1033)]
instance of SoftDistProgramCompletedSuccessfullyEvent
AdvertisementId = "VNT20014";
ClientID = "GUID:E306FF26-C884-4E36-9C03-C19523A17F40";
DateTime = "20150112211117.571000+000";
MachineName = "VM-WIN7-MIKE";
PackageName = "VNT00018";
ProcessID = 1788;
ProgramName = "Uninstall Script";
SiteCode = "VNT";
ThreadID = 4128;
UserContext = "NT AUTHORITY\\SYSTEM";
]LOG]!><time="16:11:17.587+300" date="01-12-2015" component="execmgr" context="" type="1" thread="4128" file="event.cpp:715">
<![LOG[Raised Program Success Event for Ad:VNT20014, Package:VNT00018, Program: Uninstall Script]LOG]!><time="16:11:17.587+300" date="01-12-2015" component="execmgr" context="" type="1" thread="4128" file="executioncontext.cpp:483">
<![LOG[Execution is complete for program Uninstall Script. The exit code is 0, the execution status is Success]LOG]!><time="16:11:17.587+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2564" file="execreqmgr.cpp:4165">
<![LOG[Raising client SDK event for class CCM_Program, instance CCM_Program.PackageID="VNT00018",ProgramID="Uninstall Script", actionType 10l, value Result:TRUE ,SDKCallerId:, user NULL, session 4294967295l, level 0l, verbosity 30l]LOG]!><time="16:11:17.602+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2564" file="event.cpp:405">
<![LOG[Requesting MTC to delete task with id: {D52026A7-5735-402B-868C-EF9791656512}]LOG]!><time="16:11:17.618+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2564" file="executionrequest.cpp:9036">
<![LOG[MTC task with id: {D52026A7-5735-402B-868C-EF9791656512} deleted successfully.]LOG]!><time="16:11:17.618+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2564" file="executionrequest.cpp:9065">
<![LOG[Raising client SDK event for class CCM_Program, instance CCM_Program.PackageID="VNT00018",ProgramID="Uninstall Script", actionType 1l, value , user NULL, session 4294967295l, level 0l, verbosity 30l]LOG]!><time="16:11:17.618+300" date="01-12-2015" component="execmgr" context="" type="1" thread="2564" file="event.cpp:405">I just tried using powershell to accomplish the same task, and got the same result. Script ran fine, but nothing resulted. 0 errors in the execmgr.log on the client.
Program options:
Command Line: Powershell.exe -executionpolicy Bypass -file .\VirtUninstall.ps1
the powershell script looks like this:
$app = Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -match "VirtViewer*"}
$app.Uninstall()
exit /B
Again, the script runs great when launched locally, but not wehen deployed -
An unknown error occurred while executing the PowerShell script:
Hello all,
Not the most descriptive title, granted. I'm hoping this may prompt the next version toprovide additional valuable content.
Kindly requesting any help on this problem. I'm running VMM 2012 R2 version 3.2.7668
When I try to look at properties of an existing Private Cloud, I get this error, only if I "look" at certain attributes. If I stay away from the specific attributes, everything is hunky dory. For reasons unknown, after I get this error, I have
to exit and go back into VMM in order to get anything else to run.
The text in the error dialogue box is not entirely applicable because I was connected to the VMM server and will connect again, when I exit/relaunch.
An unknown error occurred while executing the PowerShell script:
The connection to the VMM management server scvmm2.mmmmmm.com was lost.
Ensure that scvmm2.mmmmmm.com is online and that you can access the server remotely from your computer. Then connect to scvmm2.mmmmmm.com and try the command again using the new connection. Or, you can ensure that the Virtual Machine Manager service is started
on scvmm2.mmmmmm.com. Then connect to scvmm2.mmmmmm.com and try the command again using the new connection. If the command fails again because of a connection failure, restart the Virtual Manager service and then try the operation again.
Try the operation again. If the issue persists, contact Microsoft Help and Support.
ID: 27235
This is what I get in Events
Warning 4/9/2015 3:27:04 PM PowerShell (Microsoft-Windows-PowerShell) 4100 Executing Pipeline
Log Name: Microsoft-Windows-PowerShell/Operational
Source: Microsoft-Windows-PowerShell
Date: 4/9/2015 3:27:04 PM
Event ID: 4100
Task Category: Executing Pipeline
Level: Warning
Keywords: None
User: mmmmmm\paufra
Computer: tools-francis.mmmmmm.com
Description:
Error Message = The connection to the VMM management server scvmm2.mmmmmm.com was lost. (Error ID: 1610)
Ensure that scvmm2.mmmmmm.com is online and that you can access the server remotely from your computer. Then connect to scvmm2.mmmmmm.com and try the command again using the new connection. Or, you can ensure that the Virtual Machine Manager service is started
on scvmm2.mmmmmm.com. Then connect to scvmm2.mmmmmm.com and try the command again using the new connection. If the command fails again because of a connection failure, restart the Virtual Manager service and then try the operation again.
Fully Qualified Error ID = 1610,Microsoft.SystemCenter.VirtualMachineManager.Cmdlets.GetSCReplicationGroupCmdlet
Recommended Action = Ensure that scvmm2.mmmmmm.com is online and that you can access the server remotely from your computer. Then connect to scvmm2.mmmmmm.com and try the command again using the new connection. Or, you can ensure that the Virtual Machine Manager
service is started on scvmm2.mmmmmm.com. Then connect to scvmm2.mmmmmm.com and try the command again using the new connection. If the command fails again because of a connection failure, restart the Virtual Manager service and then try the operation again.
Context:
Severity = Warning
Host Name = Default Host
Host Version = 4.0
Host ID = 94963cd4-5979-4786-9da2-c8814de8c7c3
Host Application = C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\Bin\VmmAdminUI.exe
Engine Version = 4.0
Runspace ID = 359d7a46-3752-4929-8c09-0de4152d10e4
Pipeline ID = 16
Command Name = Get-SCReplicationGroup
Command Type = Cmdlet
Script Name =
Command Path =
Sequence Number = 91
User = mmmmmm\paufra
Shell ID = Microsoft.PowerShell
User Data:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-PowerShell" Guid="{A0C1853B-5C40-4B15-8766-3CF1C58F985A}" />
<EventID>4100</EventID>
<Version>1</Version>
<Level>3</Level>
<Task>106</Task>
<Opcode>19</Opcode>
<Keywords>0x0</Keywords>
<TimeCreated SystemTime="2015-04-09T22:27:04.993655700Z" />
<EventRecordID>285</EventRecordID>
<Correlation ActivityID="{48059811-1A63-41E1-9057-7498D0E4FC20}" />
<Execution ProcessID="2344" ThreadID="4076" />
<Channel>Microsoft-Windows-PowerShell/Operational</Channel>
<Computer>tools-francis.mmmmmm.com</Computer>
<Security UserID="S-1-5-21-4008432563-1984933819-4238309236-2721" />
</System>
<EventData>
<Data Name="ContextInfo"> Severity = Warning
Host Name = Default Host
Host Version = 4.0
Host ID = 94963cd4-5979-4786-9da2-c8814de8c7c3
Host Application = C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\Bin\VmmAdminUI.exe
Engine Version = 4.0
Runspace ID = 359d7a46-3752-4929-8c09-0de4152d10e4
Pipeline ID = 16
Command Name = Get-SCReplicationGroup
Command Type = Cmdlet
Script Name =
Command Path =
Sequence Number = 91
User = mmmmmm\paufra
Shell ID = Microsoft.PowerShell
</Data>
<Data Name="UserData">
</Data>
<Data Name="Payload">Error Message = The connection to the VMM management server scvmm2.mmmmmm.com was lost. (Error ID: 1610)
Ensure that scvmm2.mmmmmm.com is online and that you can access the server remotely from your computer. Then connect to scvmm2.mmmmmm.com and try the command again using the new connection. Or, you can ensure that the Virtual Machine Manager service is started
on scvmm2.mmmmmm.com. Then connect to scvmm2.mmmmmm.com and try the command again using the new connection. If the command fails again because of a connection failure, restart the Virtual Manager service and then try the operation again.
Fully Qualified Error ID = 1610,Microsoft.SystemCenter.VirtualMachineManager.Cmdlets.GetSCReplicationGroupCmdlet
Recommended Action = Ensure that scvmm2.mmmmmm.com is online and that you can access the server remotely from your computer. Then connect to scvmm2.mmmmmm.com and try the command again using the new connection. Or, you can ensure that the Virtual Machine Manager
service is started on scvmm2.mmmmmm.com. Then connect to scvmm2.mmmmmm.com and try the command again using the new connection. If the command fails again because of a connection failure, restart the Virtual Manager service and then try the operation again.
</Data>
</EventData>
</Event>Hi Sir,
First , please try to run the VMM configuration analyzer on that computer :
http://www.microsoft.com/en-us/download/details.aspx?id=41555
In addition , please try to use "VMMTrace" mentioned in following article to collect trace log and find some useful information :
http://blogs.technet.com/b/jonjor/archive/2011/01/07/vmmtrace-simplified-scvmm-tracing.aspx
Best Regards,
Elton Ji
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] . -
Need some help in building a PowerShell Script
I am in the process of setting up continuous self-auditing on a set of computers that are on a Domain. My company has a restriction on use of USB devices as well as CDs/DVDs. The domain pushes patches but we have been seeing some users that are using (or
trying to) the network without becoming a part of the domain. My aim is to run a PowerShell script periodically (say, hourly) on each computer on the domain and dump certain parameters to XML / XHTML and then load these onto a web-server that can display the
results in a (sort of) dashboard to flag anomalies like unauthorised USB use etc.
I know there must be some commercial products for this but the boss says "No" to a purchase.
Am I on the right track or do I need to change my approach? Also, is there a starting scirpt available somewhere so that I can study it for techniques? My major problem is the display part. I am able to dump it into XML and (sort of ) format it but how do
I collate the data and display it as a web-page is what is bothering me. Help would be deeply appreciated.@JRV:
Users don't have to be domain administrators
to be able to install software. Local admin is more than enough. ie: I am no admin in the domain of my customer but am allowed to install software
Although I agree with you, in the sense it would be easier to restrict the users, it doesn't mean that a company has to do it that way; and it certainly doesn't represent the intelligence of an individual.
@SarabRSingh:
What you are asking for is a lot of work, to get the script right (considering the special demands, ie. AV update checking is different depending on the SW) and it might require a lot of resources on the client.
From what you describe, you want to prevent any USB/Optical Media use. You should consider Group Policies to manage that. http://technet.microsoft.com/en-us/library/bb742376.aspx
The only part I would script (based on my work environment) is the checking of AV updates (gets tricky because our SW has a hard time forcing the user to update when connected by VPN).
user log in / out --> group policy: logon/off script writing appending timestamp to a file
has he/she used any USB device --> if you want to block it: GPO, if you only want to track it: powershell
Get-WmiObject Win32_USBControllerDevice
has any new application / software been installed: restrict installation completely with user permissions or: http://social.technet.microsoft.com/Forums/en-US/f4dc8ab9-370b-423e-b65d-1fa46fa9bcc4/powershell-script-to-remotely-audit-computers-on-lan?forum=ITCG
was the AV: no idea on what you are using (maybe: http://serverfault.com/questions/129611/how-to-detect-when-antivirus-is-out-of-date-with-powershell
OS updated: WSUS http://technet.microsoft.com/en-us/library/cc708519(v=ws.10).aspx
If you found this post helpful, please "Vote as Helpful". If it answered your question, remember to "Mark as Answer"
MCC & PowerShell enthusiast
http://oliver.lipkau.net/blog -
Hi,
I´m in a situation where I need to disable static IP option on all Domain machines (workstations). I have found many different forum topics about that but nothing is suitable for me. Let me describe a situation:
* In our environment every computer have specific IP configured in DHCP (specific MAC = specific IP). Machines Must be configured DHCP enabled!
* In our environment all developers are local admins in their computers. This can´t be changed as we are IT corporation and this is our policy.
* As every IP have specific rights in Firewall to access different places then some IT guys are quite smart to change their IP to static IP that have more access then they should have.
This last thing is my main problem! We have working PKI and NPS in both WLAN and LAN so only domain and certified computers can have access to our local network. My mission is to prevent local admins to change IP addressess by themselves but I can´t find
a good solution for doing that. I have tought about Powershell script that is published by SCCM or GPO to all workstations and script idea is to find network card that is "connected to" our "domain.com" network. If this is true then automatically
DHCP will be enabled for that interface (Set-NetIPInterface -Dhcp Enabled). I know that here is an open window for some moment when script will be ran again or GPO policy will be refreshed but it´s better then nothing. In this script I have one problem - I
can´t find a solution about how to find network interface that is connected to our "domain.com"? It seems that there is no easy way to do that.
Is there any other and better solution to accomplished this situation. Any good ideas will be appreciated.
Best Regards,
TaaviHi,
the real answer is the one you don't want to hear: don't make your users local admninistrators.
Local administrators will always be able to get araound any security measurement you put in place. For gpo's for example, they can identify the involved registry key, configure it to their desired value and
remove privileges for everyone but themselves to write the key. Upcoming 'gpupdate' will not be able to write the values...
For your script, I would recommend to just configure all adapters to dhcp on the client computers. After all the location detection depends on the network Location Awareness service. If your users disable that one (an rermove the appropriate privileges from
registry ;) ) your script would again be useless.
That being said, as you post to the security forums my answer is focussed on the security off your solution. if you need assistance in creating this script, I would advice to post back in the Scripting guys forums (and leave out the why as you will otherwise
agin be pointed on the flawed security ;) )
I think get-connectionprofile might already be helpull on 8.1
MCP/MCSA/MCTS/MCITP
Maybe you are looking for
-
How do I organize the albums/songs in my iTunes?
I just decided to put a bunch of songs onto my iTunes so I could then sync those songs with my iPad 3 (and my new iPhone that's coming in the mail tomorrow ). Anyways, the way they organize my songs in iTunes is all messed up. If a song has more than
-
Setting flag delivery complete on purchase order with a report
Hello! In our system we have many old purchase orders without delivery complete flag. Now it is very difficult to get a correct report with open deliveries. Now we should set the flag delivery complete on each old PO and his needs a lot of time and a
-
Passing param from UIX Master-Deatil to Search form
OK This seems to be little bit advanced question (at least for me). Say I have two UIX pages 1. The first page (P1) contains Master Detail view of some table T1(ID1, ID2, ID3). 2. The second page (P2) is UIX search phase created from from the view of
-
Failure: "image.cpp", error 11602
I'm developing an application in LabView and with the Web publishing tool I can visualizethe results in Internet. The problem is that I open the explorer (Netscape or Internet Explorer) the following message appears in the screen: "Failure, "image.cp
-
Can't install Quicktime 7 as won't uninstall Quicktime 6.5
Hi Trying to install i-tunes with the new version of quicktime but when it tries to uninstall my current version of quicktime (6.5) the following message appears: Could not open key: HKEYLOCALMACHINE\SOFTWARE\Microsoft\windows\current version\uninsta