on 09-03-2014 1:56 PM
Hi Experts
We have an IdM 7.2 SP08 implementation. I am using pass type 'ToShellArgs' to call power shell script to create exchange accounts. It was all working fine until last month and now it suddenly stopped working. I am able to execute the power shell directly and can create the exchange accounts, but through IdM it doesn't create exchange account though there is no errors in the logs. From further trouble shooting I understand that this pass not even executing the script. Please help me to solve this issue
BR
Shiju
Ok I disabled the arguments and just execute the pass as below
The powershell ISE window got opened up but was showing this error below on the screen even though the power shell command prompt was seen in next line
Full error :
File C:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1 cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at http://g
o.microsoft.com/fwlink/?LinkID=135170.
At line:0 char:0
Will this be a problem ? Do I need to enable the scripting ? Then why the scripts are able to execute directly ?
BR
Shiju
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Start powershell manually and run
Set-ExecutionPolicy Unrestricted
This should allow the script to run, but it is a security risk. You can also try to start powershell with the parameter
–ExecutionPolicy Bypass
added as an argX in the pass configuration.
If this solves it then there's probably a windows update or policy update on the server that caused the problem.
Br,
Per Christian
Hello Shiju,
is the task executed? Did you check the dispatcher, that is assigned to this task, if that is running? Did you re-start it yet?
Regards,
Steffi.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Did you uninstall and install the dispatcher service perhaps? If so you might need to verify that the dispatcher service has the correct authorization (username/password) setting instead of the system account. An easy way to test that is to run the dispatcher in testmode as it will user your login credentials while executing powershell and the script.
Br,
Per Christian
Shiju,
I'd look at two things:
1. As Chris referenced, check the permissions on the service account running the dispatchers. Make sure there were no changes to the account.
2. In the pass where you invoke powershell. try changing the cmd argument so it start with "cmd /c" to invoke a separate command shell session.
Also have you tried the Test Provisioning task on the Provision AM Exchange User task? If that runs fine as is, then your issue is with the workflow, not the provision task.
Matt
Hi Matt
1 . I checked this and found there is no permission issues
2 . Sorry I am not much familiar with the DOS commands, is it like the below ?
Attribute Value
------------------------------------------------------------
cmd "cmd /C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" |
And I checked the Test provisioning task and the task executed without any error, but it never executed the shell script, not even called the script.
BR
Shiju
Shiju,
Try doing this with a "Sell Execute" pass type instead.
Take a look here for more info.
http://help.sap.com/saphelp_nwidmic72/en/managing_passes/to_passes/dse_to_shell_dest.htm
BTW, you will have to use the cmd /c option here.
Matt
Just did a quick test here and found that my script was blocked. To verify, run the dispatcher in test-mode, replace the call to powershell.exe to powershell_ise.exe (interactive scripting environment, or debugger...)
My To_Shell pass is:
powershell_ise C:\temp\myps.ps1
Run the pass, powershell_ise loads the script, Run/Continue to see what happens:
Which is this:
And thats a system policy setting.
Next I ran into problems where the powershell.exe process still hang (seen in Task Manager just sitting idly along with a java.exe runtime)... A search gave me this workaround, execute:
cmd /c "echo . | powershell c:\temp\myps.ps1"
instead of
powershell c:\temp\myps.ps1
And for some reason that worked.
See:
Why does PsExec hang after successfully running a powershell script? - Server Fault
for additional info
Hi Per Krabsetsve,
Thanks for your quick help.
I tried as you mentioned and I got the below result. The dispatcher in test mode seems to be fine in terms of authorization. But the power shell in interactive mode throws an error about
Error processing arguments : to open multiple files..... as in the screenshot below.
Below is the pass which is causing this issue, can you please help further
HI Matt,
Thanks for your help.
I did as you mentioned as well, but it results the same, just not invoked the power shell script at all.
BR
Shiju
Seems like the ISE is not capable of accepting parameters so that won't work after all. Sorry.
I tried adding logging to file in my script to see if it was started at all using this at the top of my powershell script file
$stream = [System.IO.StreamWriter] "C:\temp\param.txt"
$stream.WriteLine("Begin parameters:");
foreach ($arg in $args)
{
$stream.WriteLine("$arg");
}
$stream.WriteLine("End parameters");
$stream.close();
The ToShellArgs pass worked just fine and all argX values from IdM were logged succesfully to the param.txt file. Since you write that your script isn't even started it seems I've not reproduced your scenario after all.
Hi Per Krabsetsve,
Thanks for digging in to it. In fact I too put a statement in the script so that I know whenever it is called. But that script never ever called when I execute this pass. If I execute the power shell script directly it was executed perfectly fine. So the issue is my ToShellArgs never called this power shell script.But now I am wondering that this pass is able to at least trying to open power shell when it is in ISE mode. Another hint is that this same pass was working fine until last month, we never made any changes to the IdM configurations. Will there be anything to check on windows OS updates on the IdM server ?
BR
Shiju
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.