none
Powershell script runs from command line but not from within FIM Workflow RRS feed

  • Question

  • Following is a sample of a powershell script that runs fine from the powershell command line but not from within a FIM PowerShell Workflow Activity.  Note that the “solaris” session specified in the snippet below is defined in PuTTY with applicable IP address.  During execution of the workflow, the script does run up until the last line (it does some log file writing and some other processing not reflected in the snippet below).  The last line is an attempt to logon to a remote machine and execute MyScript.sh.  MyScript.sh never gets executed.

    Additionally, the rest of the workflow that follows this PowerShell Workflow Activity ALSO never executes.  Thus it appears that the script below hangs on the last line.  I thought adding the –batch would alleviate this, but not so.  Again the script runs fine from the powershell command line.

    ……………………………………………………………………………………………………………………………………………

    Param

    (

        [String]$USERID,

        [String]$USERNAME

    )

        $myApp = "D:\plink.exe"

        [Array] $Creds = ("root", "<root-password>"), ("sysadmin", "<sysadmin-password>")

        $sshcommand = & $myApp -load solaris -batch -l $Creds[0][0] -pw $Creds[0][1] /root/SOFTWARE/MyScript.sh $USERID $USERNAME

    Return ""

    ……………………………………………………………………………………………………………………………………………

    I replaced the last line with the following and got the same results:

    D:\plink.exe -batch -load solaris -l $Creds[0][0] -pw $Creds[0][1] /root/SOFTWARE/MyScript.sh $USERID $USERNAME

    I tested initiating this script from the FIM workflow activity using both the “Read from File” option and the “Include in Workflow Definition” option.  I get the same results either way.

    I noted that the command line was running PowerShell Version 3.0, while FIM was running Version 2.0.  I tested running this script from the command line as both Version 2.0 and Version 3.0, and it works successfully in both cases.  Thus the issue does not appear to be related to the version of PowerShell that FIM is running per se.  I understand that PowerShell 3.0 requires .NET Framework 4.0 and that the FIM Service runs on the 3.5 Framework, so perhaps the issue is related to these differences?

    Any thoughts on what may be causing this issue and how to resolve?  Does FIM perhaps not support Plink?  I appreciate that the issue might not have anything do with FIM and may just be powershell-specific, so I am posting on a powershell forum as well.  But also posting here in case anyone has seen this with FIM and been able to resolve.  Thanks for any ideas!


    Ramona Balke

    Friday, August 30, 2013 5:53 PM

Answers

  • I would first verify that the script runs in PowerShell 2.0.

    This also depends on the workflow activity you are using.  I am partial to http://fimpowershellwf.codeplex.com/.

    Consider the security context too; interactively the script runs as you (the logged on user) but in a FIM WF it runs as the FIM Service service account.


    CraigMartin – Edgile, Inc. – http://identitytrench.com

    • Marked as answer by RBalke Tuesday, September 3, 2013 9:14 PM
    Friday, August 30, 2013 11:22 PM
  • Hi Craig, thanks so much for the suggestions.  I had already ruled out the version issue.  The answer turned out to be relative to the credentials.  The set-up for the remote machine in Putty was done using one set of credentials, while the application runs as a different set of credentials.  In order to get it to work, I had to log on as the credentials that the application runs under and add a profile to Putty for the remote machine while logged in as THAT set of credentials.  I then had to connect once in order to accept the server's key.  Thanks again!

    Ramona Balke

    • Marked as answer by RBalke Tuesday, September 3, 2013 9:14 PM
    Tuesday, September 3, 2013 9:14 PM

All replies

  • I would first verify that the script runs in PowerShell 2.0.

    This also depends on the workflow activity you are using.  I am partial to http://fimpowershellwf.codeplex.com/.

    Consider the security context too; interactively the script runs as you (the logged on user) but in a FIM WF it runs as the FIM Service service account.


    CraigMartin – Edgile, Inc. – http://identitytrench.com

    • Marked as answer by RBalke Tuesday, September 3, 2013 9:14 PM
    Friday, August 30, 2013 11:22 PM
  • Hi Craig, thanks so much for the suggestions.  I had already ruled out the version issue.  The answer turned out to be relative to the credentials.  The set-up for the remote machine in Putty was done using one set of credentials, while the application runs as a different set of credentials.  In order to get it to work, I had to log on as the credentials that the application runs under and add a profile to Putty for the remote machine while logged in as THAT set of credentials.  I then had to connect once in order to accept the server's key.  Thanks again!

    Ramona Balke

    • Marked as answer by RBalke Tuesday, September 3, 2013 9:14 PM
    Tuesday, September 3, 2013 9:14 PM