none
problems using dcomperm in powershell RRS feed

  • Question

  • What I basically need is some assistance on where to look for this issue.

    I'm using dcomperm to modify the runas for a dcom application. 

    I put together a powershell script I'll post below that makes 1 change to a com+ application then 2 calls to dcomperm to change the runas username and password of 2 applications.

    My issues.

    1. it works on the com+ and the first DCOM application, but fails on the second.

    2. No error codes are being returned. I even wrapped each section into individual Invoke-commands and captured is anything was returned, nothing.

    3. I get this error message. HRESULT MESSAGE = The server process could not be started because the configured identity is incorrect. Check the username and password

    It's the same error message as 

    https://support.microsoft.com/en-us/help/2757277/you-cannot-set-the-com-runas-password-on-a-windows-2003-machine-from-a

    0x8000401a: The server process cannot be started because the configured identity is incorrect. Check the username and password. (With exception of hex)

    And that message is supposed to only apply to at the latest Windows 2008R2

    4. I have the code open for dcomperm. I see it calling LsaStorePrivateData. Then there's LsaNtStatusToWinError, which I believe would return the error if there was one.

    $servers = ""
    Foreach ($server in $servers) {
        $RMsession = New-PSSession -ComputerName $server -Credential $creds
        if ($RMsession)
        {
    
            $return = Invoke-Command -Session $RMsession -ScriptBlock {
    
                $comAdmin = New-Object -comobject ("COMAdmin.COMAdminCatalog")
                $comAdmin.ShutdownApplication("COM+ application A")
                $applications = $comAdmin.GetCollection("Applications")
                $applications.Populate()
    
                foreach ($application in $applications)
                {
                    #Write-Host "test"
                    if ($application.Name -eq "COM+ application A")
                    {
                        write-Host $application.Name
                        $application.Value("Identity") = $username
                        $application.Value("Password") = $password
                        Write-Host "Saving Application "$application.Name" values "$applications.SaveChanges()                     
    
    
                        $comAdmin.StartApplication("COM+ application A")   
                    }
                      
                }
    
    
            }
            Write-Host $return
            $return = Invoke-Command -Session $RMsession -ScriptBlock {
                cmd.exe /c E:\Software\DComPerm.exe -runas "{APPID}" $username $password
            }
            Write-Host $return
            $return = Invoke-Command -Session $RMsession -ScriptBlock {
    			#### This part is not working or returning an error###
                cmd.exe /c E:\Software\DComPerm.exe -runas "{APPID}" $username $password
            }
            Write-Host $return
                
        }
        Remove-PSSession $RMsession

    Any assistance would be appreciated


    • Edited by akblackwel Wednesday, January 30, 2019 8:34 PM
    Wednesday, January 30, 2019 8:33 PM

Answers

All replies