none
Invoke child runbook to run powershell script against remote pc not working

    Question

  • Hi

    SCOrch newbie having trouble with invoking child runbooks which create folders on remote pc's via simple powershell script.

    I have a simple set up.

    One parent runbook, with two child runbooks. The parent runbook has a parameter per child runbook. So if data is passed to parameter1 in the parent runbook, that parameter is passed to child runbook 1. And if data is passed to paramter2 in the parent runbook, that parameter is passed to child runbook 2. 

    So that is simple, and if I run each child runbook using Runbook Tester (which means running my creds) they both work, each with a simple test powershell script, for creating folders on remote target pc's.

    But, if I invoke either of the child runbooks from the parent runbook, although the Runbook Tester reports success in the log, the folders are not created on the remote target pc's.

    So by using the Runbook Tester, it will use the credentials I started the SCOrch console with, but these are not being passed to the child runbooks when invoked, which I don't understand.

    Also, if I use a powershell IP (not the .NET activity) which allows me to specify credentials, even with credentials which have administrator access, the child runbooks if invoked will not create the folders (via powershell) on the remote target pc's.

    Again, if I run the child runbooks themselves, the powershell script runs successfully and the folders are created on the remote target pc.

    What do I need to do to get the right credentials to the child runbooks (when they are invoked) to allow the powershell script to create folders on remote pc's?

    I'm not looking for another way to achive this, the powershell create folders script is just for testing, there are different things I will do with powershell - but it has to run in the child runbooks when invoked via the parent runbook, and it has to work against remote pc's.

    Rgds

    JH



    Sunday, March 12, 2017 1:16 PM

All replies

  • Hi,

    the "Run .Net Script" Activity runs with the credentials from "Orchestrator Runbook Service".

    If this use has admin permission to the remote servers to create the folder I three  options:

    1. Give the user the appropriate permissions.

    2. Pass credentials in the script:

    $User = "domain\user"
    $PWord = ConvertTo-SecureString –String "{Subscribe encrypted variable if you don't want clear text here}" –AsPlainText -Force #PW enycrypted globale Variable 
    $Credential = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $User, $PWord
    new-item -itemtype directory -path \server\ahare\folder -credential $Credential

    3. In tab "Security" of the "Invoke Runbook" Activity specify a user with the appropriate permissions. This user must be member of the local\OrchestratorSystemGroup of the Runbook Server(s).

    Regards,

    Stefab


    Visit go2azure.eu and my blog at www.sc-orchestrator.eu !

    Monday, March 13, 2017 8:52 AM
    Answerer
  • Hi Stoyan

    Thank for taking the time to reply.

    Unfortunately I can't get this to work.

    In the Runbook Tester, the Run .NET Script activity fails, with the below Error Summary Test:

    Cannot retrieve the dynamic parameters for the cmdlet. The provider does not support the use of credentials. Perform the operation again without specifying credentials.

    This happens whether I use the global variables or enter the username, domain and password manually.

    Rgds

    JH

    Monday, March 13, 2017 10:00 AM
  • Hello Taw,

    Please share the piece of code that you have written for this activity. We can add more value to it to get it work.

    I got your situation.

    Regards.


    Priyabrata

    Tuesday, March 14, 2017 10:27 AM
  • Hi Pryabrata

    Thanks for replying.

    All I want to do run a powershell script via a child runbook (Microsoft Orchestrator).

    The first script I tested was very simple, as follows:

    -------

    $ComputerName = "ComputerName"
    $DriveLetter = "D"
    $Path = "TestFolder"
    New-Item -Path \\$ComputerName\$DriveLetter$\$Path -type directory -Force

    -------

    This works against a remote pc if I run it via Runbook Tester, which of course runs with the credentials of the logged on user, and my account has local administrator access on all client machines in the domain.

    However if I try to invoke this script via child runbook, it fails, even if I run it via Runbook Tester.

    For clarity, here is what I am trying to do:

    Orchestrator > Run Parent runbook > Invoke child runbook > runs powershell script which creates folder on remote target pc

    Anyway, tried the script kindly supplied by Stoyas, as per above.

    This would not work, the error messages suggesting that the credentials config will not work with New-Item.

    Looking into this, it suggested I should use PSDrive. So I tried that, it failed too.

    Here is the PSDrive script:

    ------

    $Dest   = "\\ComputerName\D$"
    $Username = "domain\username"
    $Password = ConvertTo-SecureString "EncryptedGlobalVariable" -AsPlainText -Force
    $mycreds = New-Object System.Management.Automation.PSCredential($Username, $Password)
    New-PSDrive -Name J -PSProvider FileSystem -Root $Dest -Credential $mycreds -Persist
    New-Item -Path $Source -Destination "J:\TestFolder"

    ------

    Running that produces this error in the Runbook Tester:

    Dynamic parameters for NewDrive cannot be retrieved for the 'FileSystem' provider. The provider does not support the use of credentials. Perform the operation again without specifying credentials.

    So, still looking for a way to run a powershell script against a remote pc via an invoked child runbook.

    Rgds

    Tuesday, March 14, 2017 11:49 AM
  • Hello Taw,

    The code is fine written by you. Please follow the steps suggested by Stefan. You should get the desired results. 

    Regards


    Priyabrata

    Wednesday, March 15, 2017 8:54 AM
  • Hi Priyabrata

    Thanks for replying.

    As you can read above, I tried using Stefan's steps, it wouldn't work.

    Rgds

    Wednesday, March 15, 2017 12:28 PM