locked
Deleted RRS feed

Answers

  • Hi,

    Is there any chance that this password file might be modified by security software?

    Please try to backup this file to an removable disk. When this issue occurs, please compare these two files to check if it has been modified.

    Best Regards,


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, April 22, 2016 10:08 AM

All replies

  • Hi,

    Is there any chance that this password file might be modified by security software?

    Please try to backup this file to an removable disk. When this issue occurs, please compare these two files to check if it has been modified.

    Best Regards,


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, April 22, 2016 10:08 AM
  • Originally posted this in the powershell section but someone called "Elaine Jing" suggested placing it in the security forum.

    I have a bit of a strange problem with a powershell script that reads a password for a service account from an encrypted text file.

    So, this is how the password was stored in the first place, done manually by logging into the server directly with the service account (lets called it svcaccount) and then opening up powershell to do the following:

    read-host -assecurestring | convertfrom-securestring | out-file C:\password.txt

    Then, this area of the script reads this password:

    cat C:\password.txt | convertto-securestring

    This script is set to run by a scheduled task every 5 minutes, and set to run as "svcaccount", the same account that was logged in when the password file was generated.

    This task and script has worked fine for a few months. But suddenly, I noticed the task was not doing it's job even though it did run. So I logged in to the server as svcaccount, and manually ran that script, this is where I saw the "Key not valid for use in specified state" error. Note that the svcaccount has not had it's password changed, nor has the machine ever been taken off the domain and rejoined.

    I have done some research on this, on all of them involve in some way or another to use the -key parameter to instead specify the key used to encrypt/decrypt the password file. That might have been a workaround, but my client will not allow storing this key either in a text file, or inside the script (encrypting this key itself will likely only create the exact same problem as above). So far, the only suggestion I have been given is to use the -key parameter and store the key in an encrypted USB. This does seem a bit long winded, so first I want to understand why after a few months I get this error and how it can be overcome?

    Also, I have the exact same task/script set up on multiple servers, and the problems occurred on them too, at roughly the same time. If I recreate the password file again, the problem goes away. But after another few months, the problem came back (so in total I have had this twice now).

    I am also facing the exact same problem. Did you find any solution for this?
    Tuesday, June 26, 2018 6:58 AM