I am trying to setup auto VPN on Windows 10 laptop and created a Powershell scripted as suggested in https://learn.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections. I am using the same script to setup the VPN.
The profile creation works fine, but when I run the script again, deletion of the profile fails. I debugged the problem and found out that EnumerateInstances on MDM_VPNv2_01 class in root\cimv2\mdm\dmmap namespace is failing. It fails with following error string - "A general error occurred that is not covered by a more specific error code..".
On doing some more exploration, I found out that I need to execute following WMI query to get the instances of MDM_VPNv2_01 class, that too returns a Generic Failure (Please note I have a VPN adapter created on the laptop when I executed this query):
PS C:\> Get-WmiObject -Namespace root\cimv2\mdm\dmmap -Class MDM_VPNv2_01
Get-WmiObject : Generic failure
At line:1 char:1
+ Get-WmiObject -Namespace root\cimv2\mdm\dmmap -Class MDM_VPNv2_01
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
I tried several options like running this query in WMI-explorer, recompiling the MOF for this particular provider etc., but nothing helped. I ran WMIDiag on my machine which gives following message for the MDM_VPNv2_01 class:
.9847 17:26:21 (3) 1 static instance(s) found for '__SystemSecurity' in 'ROOT/CIMV2/MDM/DMMAP'in 0 second(s).
.9848 17:26:21 (3) Retrieving static information (MOF) of 'MDM_VPNv2_01' (I=1).
.9849 17:26:21 (3) Qualifier information of 'MDM_VPNv2_01': Dynamic=True, Provider='DMWmiBridgeProv', Association=False.
.9850 17:26:21 (3) Dynamic 'MDM_VPNv2_01' class in 'ROOT/CIMV2/MDM/DMMAP' is supported by WMI provider 'DMWmiBridgeProv'.
.9851 17:26:21 (3) Skipping request of dynamic instances of 'MDM_VPNv2_01' in 'ROOT/CIMV2/MDM/DMMAP' because:
.9852 17:26:21 (3) - Request all dynamic instances is set to FALSE.
Please note that the same script works fine on other laptops. It is worth mentioning here that I am running this script with a local user account having administrator privileges.
I could not find any helpful information related to this problem on Internet. It would be really a great help if someone can suggest a possible solution for this problem.
I enabled WMI activity debug and observed following error log on running the query to get MDM_VPNv2_01 class instances:
Log Name: Microsoft-Windows-WMI-Activity/Debug
Source: Microsoft-Windows-WMI-Activity
Date: 20-09-2018 19:38:41
Event ID: 101
Task Category: None
Level: Error
Keywords:
User: INCT-ARUN\akoshal
Computer: INCT-Arun
Description:
ComponentName = WMI_ADAPTER; ErrorId = 0x1; ErrorDetail = WMIContext::PostResultToServer, provider completed the operation with context (00000211E4C517A0). Failed with MIRESULT (1).; FileName = onecore\admin\wmi\wmiv2\tools\adapter\wmicontext.cpp:945
Related
I am trying to get list of applications registered in AAD via PowerShell.
I got into my tenant successfully using Connect-AzureAD. But when I'm running Get-AzureADApplication, I'm getting error like below:
Get-AzureADApplication : Error occurred while executing GetApplications
Code: Authentication_Unauthorized
Message: User was not found.
RequestId: 28b83872-c29b-423a-9870-ed2ad714f597
DateTimeStamp: Sat, 25 Jun 2022 1:35:23 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At line:1 char:1
+ Get-AzureADApplication
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzureADApplication], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetApplication
What does User was not found message mean?
I have Global Admin role and I tried elevating my access too that gives me access to all. But still I'm facing the same error.
Can anyone help me out what am I missing here?
The error 'User not found' usually occurs if you are trying to retrieve info of one tenant by connecting wrong(different) tenant or tenant that does not exist.
Please check the TenantDomain you are getting in the response while executing Connect-AzureAD cmdlet.
I tried to reproduce the same in my environment and got below results:
When I ran Connect-AzureAD cmdlet and logged in with personal Microsoft account, I got blank under TenantDomain that means it does not exist.
I got the same error when I executed Get-AzureADApplication after that like below:
To resolve the error, try running Connect-AzAccount first and include TenantId that you got in response while executing Connect-AzureAD cmdlet like below:
Connect-AzAccount
Connect-AzureAD -TenantId 'your_tenant_id'
Get-AzureADApplication
I got the list of Azure AD applications successfully after running above script like below:
Reference:
powershell - Authentication_Unauthorized, User Not Found - answered by JoyWang
Current configuration:
1 SharePoint 2019 farm (single server installation)
3 Workflow Manager Servers
Workflow Manager servers are load balanced
Workflow Manager is set to work only on https
Workflow Manager SSL certificate with DNS=*.domain.com & all 3 server names
Required permissions are in place
URLs (SharePoint web application/site and wfm) are accessible both ways
Running with farm admin account:
Register-SPWorkflowService -SPSite "https://siteurl" -WorkflowHostUri "https://wfmurl:12290/" -Force -Verbose
Throws the following error:
Register-SPWorkflowService : Failed to query the OAuth S2S metadata endpoint at URI 'https://webappurl/_layouts/15/metadata/json/1'. Error details: 'There was an error deserializing
the object of type Microsoft.Workflow.Management.Security.OAuthS2SJsonMetadataDocument+JsonMetadataDocumentContract. Encountered unexpected character '<'.'. HTTP headers received from the server -
ActivityId: 6de1c881-b1ca-411d-9004-ceea397d4453. NodeId: SERVERNAME. Scope: /DEV. Client ActivityId : bdeb429f-7bb1-e0c1-d7d1-f868a175396b.
At line:1 char:1
+ Register-SPWorkflowService -SPSite https://webappurl ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (Microsoft.Share...WorkflowService:RegisterSPWorkflowService) [Register-SPWorkflowService], InvalidRequestException
+ FullyQualifiedErrorId : Microsoft.SharePoint.WorkflowServices.PowerShell.RegisterSPWorkflowService
Any input is appreciated.
it's related with post installing the April 2020 CU KB 4484292 and KB 4484291.
After call with MS premier field engineer it's resolved like http://thewindowsupdate.com/2020/06/04/sharepoint-2019-issue-with-sharepoint-2013-workflows-post-april-2020-cu/
You need to remove the existing SPTrustedSecurityTokenIssuer and the register it like below
Remove-SPTrustedSecurityTokenIssuer -Identity 9854855e-cea8-457f-8293-e405d4055ffb
(id from Get-SPTrustedSecurityTokenIssuer collection)
New-SPTrustedSecurityTokenIssuer -Name "00000005-0000-0000-c000-000000000000" -MetadataEndPoint 'http://server:12291/$System/$Metadata/json/1' -RegisteredIssuerName "00000005-0000-0000-c000-000000000000#*"
or
New-SPTrustedSecurityTokenIssuer -Name "00000005-0000-0000-c000-000000000000" -MetadataEndPoint 'https://server:12290/$System/$Metadata/json/1' -RegisteredIssuerName "00000005-0000-0000-c000-000000000000#*"
PS No any concern here at
Remove-SPTrustedSecurityTokenIssuer
easy to go
thanks!
in the end, it looked like there were some issues with the F5 load balancing. As a test we added in the host files the URL of the WFM and the connection worked fine afterwards. this was handed over after to the team that managed the F5 and they resolved the issue on their end.
I have written a Terraform template that creates an Azure Windows VM. I need to configure the VM to Enable PowerShell Remoting for the release pipeline to be able to execute Powershell scripts. After the VM is created I can RDP to the VM and do everything I need to do to enable Powershell remoting, however, it would be ideal if I could script all of that so it could be executed in a Release pipeline. There are two things that prevent that.
The first, and the topic of this question is, that I have to run "WinRM quickconfig". I have the template working such that when I do RDP to the VM, after creation, that when I run "WinRM quickconfig" I receive the following responses:
WinRM service is already running on this machine.
WinRM is not set up to allow remote access to this machine for management.
The following changes must be made:
Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.
Make these changes [y/n]?
I want to configure the VM in Terraform so LocalAccountTokenFilterPolicy is set and it becomes unnecessary to RDP to the VM to run "WinRM quickconfig". After some research it appeared I might be able to do that using the resource azure_virtual_machine_extension. I add this to my template:
resource "azurerm_virtual_machine_extension" "vmx" {
name = "hostname"
location = "${var.location}"
resource_group_name = "${var.vm-resource-group-name}"
virtual_machine_name = "${azurerm_virtual_machine.vm.name}"
publisher = "Microsoft.Azure.Extensions"
type = "CustomScript"
type_handler_version = "2.0"
settings = <<SETTINGS
{
# "commandToExecute": "powershell Set-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System' -Name 'LocalAccountTokenFilterPolicy' -Value 1 -Force"
}
SETTINGS
}
When I apply this, I get the error:
Error: compute.VirtualMachineExtensionsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status=<nil> Code="OperationNotAllowed" Message="This operation cannot be performed when extension operations are disallowed. To allow, please ensure VM Agent is installed on the VM and the osProfile.allowExtensionOperations property is true."
I couldn't find any Terraform documentation that addresses how to set the allowExtensionOperations property to true. On a whim, I tried adding the property "allow_extension_operations" to the os_profile block in the azurerm_virtual_machine resource but it is rejected as an invalid property. I also tried adding it to the os_profile_windows_config block and isn't valid there either.
I found a statement on Microsoft's documentation regarding the osProfile.allowExtensionOperations property that says:
"This may only be set to False when no extensions are present on the virtual machine."
https://learn.microsoft.com/en-us/dotnet/api/microsoft.azure.management.compute.models.osprofile.allowextensionoperations?view=azure-dotnet
This implies to me that the property is True by default but it doesn't actually say that and it certainly isn't acting like that. Is there a way in Terraform to set osProfile.alowExtensionOperations to true?
Running into the same issue adding extensions using Terraform, i created a Windows 2016 custom image,
provider "azurerm" version ="2.0.0"
Terraform 0.12.24
Terraform apply error:
compute.VirtualMachineExtensionsClient#CreateOrUpdate: Failure sending request: StatusCode=0
-- Original Error: autorest/azure: Service returned an error.
Status=<nil>
Code="OperationNotAllowed"
Message="This operation cannot be performed when extension operations are disallowed. To allow, please ensure VM Agent is installed on the VM and the osProfile.allowExtensionOperations property is true."
I ran into same error, possible solution depends on 2 things here.
You have to pass provider "azurerm" version ="2.5.0 and you have to pass os_profile_windows_config (see below) parameter in virtual machine resource as well. So, that terraform will consider the extensions that your are passing. This fixed my errors.
os_profile_windows_config {
provision_vm_agent = true
}
The following command throws an error while removing an owner from microsoft teams.
Remove-TeamUser -GroupId 7ad89f19-1c20-4f51-a520-1228002ac93d -User Megan.ryn.admin#xxx.onmicrosoft.com
ERROR:
Remove-TeamUser : Error occurred while executing Remove-TeamUser
Code: Request_ResourceNotFound
Message: Resource '7ad89f19-1c20-4f51-a520-1228002ac93d' does not exist or one of its queried reference-property
objects are not present.
InnerError:
RequestId: 7676f32b-2ed3-49fc-8013-69ea4a63b97b
DateTimeStamp: 2018-08-20T11:29:26
HttpStatusCode: Request_ResourceNotFound
At line:1 char:1
+ Remove-TeamUser -GroupId 7ad89f19-1c20-4f51-a520-1228002ac93d -User ...
+ CategoryInfo : NotSpecified: (:) [Remove-TeamUser], ApiException
+ FullyQualifiedErrorId : Microsoft.TeamsCmdlets.PowerShell.Custom.ErrorHandling.ApiException,Microsoft.TeamsCmdle ts.PowerShell.Custom.RemoveTeamUser
Strangely its the Teams GUID which the command reports as not being able to find. I can confirm further operations on adding new users to this team via powershell work fine
Some background
The team was provisioned via C# using Graph api. The user in question is the admin account under which the C# application was running.
I can confirm that the user Meganryn.admin has sufficient permissions
thanks
a
You need the user ID not the user try...
$megryn = get-teamuser -groupid 7ad89f19-1c20-4f51-a520-1228002ac93d | where-object{$_.Name -like "Megan.ryn.admin} | select -expandproperty userid
remove-teamuser -groupid 7ad89f19-1c20-4f51-a520-1228002ac93d -user $megryn
The environment:
Server: Windows Server 2012 R2 with Remote PowerShell enabled.
Workstation: Windows 8.1
So I've created a PowerShell Module called MyModule.psm1 with the following function:
Function CreateEvent() {
Write-EventLog –LogName ToolLog –Source “Schedule” –EntryType Information –EventID 13 –Message “There were users written to the database.”
}
I created a PSSessionConfigurationFile and then registered it with a configuration name of EventLogging, so that I can remote powershell via the following:
$Creds = Get-Credential
$SessionOpts = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
$Session = New-PSSession -ComputerName Server.Domain.Com -ConfigurationName EventLogging -Credential $Creds -UseSSL -SessionOption $SessionOpts
Import-PSSession $Session
Now, when I enter a Local Administrators credentials into the Get-Credential, I can run the function CreateEvent and everything works just fine. However, if I enter a Standard Local Users credentials, I get an error of: The registry key for the log "ToolLog" for source "Schedule" could not be opened.
I replaced the Write-EventLog in the Function with:
$EventLog = new-object System.Diagnostics.EventLog("ToolLog");
$EventLog.MachineName = ".";
$EventLog.Source = "Schedule";
$EventLog.WriteEntry("There were users written to the database.", "Information", 15);
And I receive an error of: Exception calling "WriteEntry" with "3" argument(s): "Cannot open log for source 'Schedule'. You may not have write access."
If I log on to the server locally and Import the Module and try to run the function I get the same exact errors. I also cannot run the cmdlet of Write-EventLog by itself.
From all of the information I found on the internet, I've give my local non-admin user write permissions to the event log. Both through RegEdit and through NTFS on the actual Event Log file.
Any ideas?
Thanks,
Brian
It's my understanding that only Administrators can create new event logs. I'm not sure if there is a way around this or not. I suggest adding the new event log on your server as an administrator ahead of time so that the event log is there before non-administrators try to write to it.