locked
Invoke error - run pwershell script with webservice RRS feed

  • Question

  • Hello,

    I have a script and when i start this at my server, against server01 - with invoke, it runs without any problems:

    cls

    $strSvr = "server01"

    $script = {               

           Write-Host "Modify IIS Config Server"

    }

    Invoke-Command -ComputerName $strSvr -ScriptBlock $script -ErrorAction SilentlyContinue

    Output:

    Modify IIS Config Server

    My problem:

    We have implement a webservice, which run with a domain account at iis.

    This webservice call a batchfile and this batchfile start a powershell script.

    The content of this script is, the same:

    cls

    $strSvr = "server01"

    $script = {               

           Write-Host "Modify IIS Config Server"

    }

    Invoke-Command -ComputerName $strSvr -ScriptBlock $script -ErrorAction SilentlyContinue

    The webservice call the batch file, this batch file already start’s the powershell script, no problem.

    If the ps script is finished, i get an error:

    call "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -file "C:\Program Files\Build\IISConfigPrepareDeploy.ps1" ""c:\ApplicationLogs\20120323-1406"" ""c:\ApplicationLogs\20120323-1406\Deploy.log""

    Invoke-Command : An internal error occurred. 

    At C:\Program Files\Build\IISConfigPrepareDeploy.ps1:25 char:16

    +     Invoke-Command <<<<  -ComputerName $strSvr -ScriptBlock $script -ErrorAct

    ion SilentlyContinue

        + CategoryInfo          : InvalidOperation: (:) [Invoke-Command], PSInvali

       dOperationException

        + FullyQualifiedErrorId : InvalidOperation,Microsoft.PowerShell.Commands.I

       nvokeCommandCommand

    Some more information’s:

    The domain user, how run the iis site (webservice), is local admin at server01.

    Enable-PSRemoting at server01:

    Output:

    PS C:\Windows\system32> Enable-PSRemoting

    WinRM already is set up to receive requests on this machine.

    WinRM already is set up for remote management on this machine.

    I hope somebody can help me,

    Horst


    Thanks Horst MOSS 2007 Farm, MOSS 2010 Farm, TFS 2010

    Friday, March 23, 2012 1:36 PM

Answers

  • Joe,

    I found a solution!

    I add the domain account, which run the webservice, to the local administration group at server where the webservice is running.

    Horst


    Thanks Horst MOSS 2007 Farm, MOSS 2010 Farm, TFS 2010

    • Marked as answer by wuwu Wednesday, April 4, 2012 8:43 AM
    Wednesday, April 4, 2012 8:43 AM

All replies

  • Seems there is some error in "IISConfigPrepareDeploy.ps1" script. Can you post script over here for better understanding?

    Thanks & Regards
    Bhavik Solanki

    Please click “Mark as Answer” if this post answers your question and click "Vote as Helpful if this Post helps you.

    Friday, March 23, 2012 8:30 PM
  •  

    Hello,

    thank you for your answer.

    The content fromthe batch file:

    REM FileName: IISConfigPrepareDeploy.bat

    REM ================================================================================

    REM Start the iis config preparation with a Powershell script

    REM ================================================================================

    if '%1' == '' (

      echo ERROR: logPath is not set, the script does not run. >>"IISConfigPrepareDeploy.log"

      echo *.bat logPath logFile dropLocation release location state [oldVersionDB] >>"IISConfigPrepareDeploy.log"

      exit 1

    )

    echo call IISConfigPrepareDeploy.bat >>"%1\IISConfigPrepareDeploy.log"

    echo  >>"%1\IISConfigPrepareDeploy.log"

    echo logPath: %1 >>"%1\IISConfigPrepareDeploy.log"

    echo logFile: %2 >>"%1\IISConfigPrepareDeploy.log"

    echo  >>"%1\IISConfigPrepareDeploy.log"

    if '%2' == '' (

      echo ERROR: logFile is not set, the script does not run. >>"%1\IISConfigPrepareDeploy.log"

      echo *.bat logPath logFile dropLocation release location state [oldVersionDB] >>"%1\IISConfigPrepareDeploy.log"

      exit 1

    )

    REM Script body

    REM echo  ERROR: not yet implemented - IISConfigPrepareDeploy is unsuccess >>"%1\IISConfigPrepareDeploy.log"

    echo call "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -file "C:\Program Files\BuildPackage\IISConfigPrepareDeploy.ps1" "%1" "%2" >> "%1\IISConfigPrepareDeploy.log"

    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -file "C:\Program Files\BuildPackage\IISConfigPrepareDeploy.ps1" "%1" "%2" >> "%1\IISConfigPrepareDeploy.log"

    The content from the IISConfigPrepareDeploy.ps1:

    cls

    $strSvr = "server01"

    $script = {               

           Write-Host "Modify IIS Config Server"

    }

    Invoke-Command -ComputerName $strSvr -ScriptBlock $script -ErrorAction SilentlyContinue

    I hope, i get a solution!

    Horst


    Thanks Horst MOSS 2007 Farm, MOSS 2010 Farm, TFS 2010

    Sunday, March 25, 2012 8:26 AM
  • Hi,

    IIS would be the proper resource forum for your problem as below, thanks.

    http://forums.iis.net/

    Kevin Ni


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, March 29, 2012 9:25 AM
  • Hello Kevin,

    thanks for the information, but i think it is no IIS Powershell Problem.

    When you see the content of the powershell script, there is no iis command included. I think, this is a powershell command.

    cls

    $strSvr = "server01"

    $script = {               

           Write-Host "Modify IIS Config Server"

    }

    Invoke-Command -ComputerName $strSvr -ScriptBlock $script -ErrorAction SilentlyContinue

    Horst


    Thanks Horst MOSS 2007 Farm, MOSS 2010 Farm, TFS 2010

    Thursday, March 29, 2012 9:28 AM
  • Wuwu,

    The issue looks like Invoke-Command is having problems...Can you try running your powershell code alone to see if this is a remote connectivity issue?

    Joe

    Thursday, March 29, 2012 2:30 PM
  • Hello,

    thanks for your answer!

    When i start this script with powershell ise or normal powershell window at server02 against server01 - with invoke, it runs without any problems.

    When i start the batch file, that starts the powershell, it also runs.

    cls

    $strSvr = "server01"

    $script = {               

           Write-Host "Modify IIS Config Server"

    }

    Invoke-Command -ComputerName $strSvr -ScriptBlock $script -ErrorAction SilentlyContinue

    The Output:

    Modify IIS Config Server

    -------------------------------------------------

    When the webservice call the batchfile and this batchfile start the powershell script then I have this error.

    I think also that is a problem with invoke.

    I hope somebody can help me,

    Horst


    Thanks Horst MOSS 2007 Farm, MOSS 2010 Farm, TFS 2010

    Thursday, March 29, 2012 6:11 PM
  • wuwu,

    Remote administration requires that the account be part of the administrators group on the remote machines and it uses Kerberos authentication by default.  Does the account have this level or permissions on the server?

    Joe

    Thursday, March 29, 2012 6:40 PM
  • Hello Joe,

    The domain user, which runs the iis website - webservice (start the batch file), is member at administration group at server01 - remote server. Is this correct?

    Kerberos: I doesn't have configure anyting with kerberos at server, where the webservice run and also nothing at remote server.

    Can you explain, how can i do this?

    Thanks,

    orst


    Thanks Horst MOSS 2007 Farm, MOSS 2010 Farm, TFS 2010

    Thursday, March 29, 2012 7:04 PM
  • Orst,

    As far a kerberos is concened you don't have to configure anything.  It's the default Authentication protocol on an AD domain.  Is the webservice account a local or domain account?  Setting up remoting on domain machines using domain accounts is a simple process but if the machine or account is not on the domain then it defaults to NTLM authentication and that requires more work.  Try using the webservice credentials  with the invoke-command and see if it works...

    invoke-command -computer server01 -script { ipconfig } -cred domain\webservice

    joe

    Thursday, March 29, 2012 7:59 PM
  • hello joe,

    I have treid this, to change the invoke command with -cred. The result, access denied error at log file.

    The setting for the authentication for the website, from the webservice is:

    Anonymous with App Pool Credentials.

    Did you have another idea?

    Horst


    Thanks Horst MOSS 2007 Farm, MOSS 2010 Farm, TFS 2010

    Friday, March 30, 2012 1:06 PM
  • Horst,

    Using the -credential parameter would require you manually input a password.  Have you tried testing just the example I provided earlier to see if the webservice could successfully execute the invoke-command?

    Joe

    Friday, March 30, 2012 1:55 PM
  • Hello,

    When I start the powershell script direct or over the batch with -cred, in booth test's the manually input for credentials are shown.

    When i type in the password, the script run without error's.

    The error - access denied at log file is only, when the webservice start the batch and then the ps1 script.

    I hope we get a solution for this problem,

    Thanks,

    Horst


    Thanks Horst MOSS 2007 Farm, MOSS 2010 Farm, TFS 2010

    Saturday, March 31, 2012 6:30 PM
  • Horst,

    It sounds like a permissions issue with the webservice account, considering that the code works when you run it with your credentials.  Does the script need to be run as the webservice account?  Would it be possible to schedule the task to run and use your credentials?

    Joe

    Monday, April 2, 2012 7:56 PM
  • Hello Joe,

    I have tried to run the webservice with my user account and now the whole script's are working fine.

    The webservice call the batch, the batch the powershell and the logs are fine.

    With my accounts, i am administrator at every system!

    Now, which permission is required for the other webservice user, did you have any idea?

    Horst


    Thanks Horst MOSS 2007 Farm, MOSS 2010 Farm, TFS 2010

    Tuesday, April 3, 2012 6:50 AM
  • Horst,

    So indeed it's a permissions issue. Not sure exactly what perm's are required but the following post on the forums.iis.net: http://forums.iis.net/t/1173892.aspx suggests that perhaps you should give the webservice account full control to the web.config file's ntfs perm's. 

    Joe

    Tuesday, April 3, 2012 11:51 AM
  • Joe,

    I found a solution!

    I add the domain account, which run the webservice, to the local administration group at server where the webservice is running.

    Horst


    Thanks Horst MOSS 2007 Farm, MOSS 2010 Farm, TFS 2010

    • Marked as answer by wuwu Wednesday, April 4, 2012 8:43 AM
    Wednesday, April 4, 2012 8:43 AM