Connect-AzAccount not work with Task Scheduled

vincent manzari 41 Reputation points
2023-04-26T15:33:53.5566667+00:00

Hello all, I have a problem with a script that uses Connect-AzAccount. The script copy from a local folder to a storage blob


[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$TenantId = 'xxx'
$ApplicationId = 'xxx'
$thumbprint = 'xxx'
Connect-AzAccount -CertificateThumbprint $thumbprint -Tenant $TenantId -ApplicationId $ApplicationId 

$subscrp = Get-AzSubscription | Select-AzSubscription

$context = (Get-AzStorageAccount -ResourceGroupName $RGName -AccountName $StorageName).context

$SASToken = New-AzStorageAccountSASToken -Context $context -Service Blob -ResourceType Service,Container,Object -Permission "rlw" -ExpiryTime (Get-Date).AddDays(1) # -ExpiryTime(get-date).AddSeconds(3600)

$storagectx = New-AzStorageContext -StorageAccountName $StorageName -SasToken $SASToken

$files = gci $path
Foreach ($file in $files)
{
    Set-AzStorageBlobContent -File $file.FullName -Container $ContainerName -Context $storagectx |out-null
}
Disconnect-AzAccount

The script works if I run it from powershell or Powershell ISE, but it does not work if I put it in a Scheduled task. For the Task, I use a Managed Service Account. I have tested the sMSA with other script and Task scheduled in the same server and works. I have tested with a "classic" service account (domain account with Local Admin and Run as a batch job rights) but same issue It seems that the issue is to the command Connect-AzAccount. Can you help me please?

Connect-AzAccount
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,816 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,219 questions
{count} votes

6 answers

Sort by: Most helpful
  1. MotoX80 32,441 Reputation points
    2023-04-26T16:50:10.8466667+00:00

    Add a Start-Transcript to your script so that you can capture the full error message.

    https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.host/start-transcript?view=powershell-5.1

    I can't help you with Azure, but it would appear that the obvious problem is that you (somehow) need to grant access to the MSA to your Azure subscription. Maybe this link helps you.

    https://dirteam.com/sander/2017/12/28/using-azure-ad-connect-with-a-gmsa/

    0 comments No comments

  2. vincent manzari 41 Reputation points
    2023-04-27T07:41:15.33+00:00

    thanks @MotoX80

    I have tried to trace errors (also with Transcript) but but it doesn't display anything. About your link suggested, it refers to how to use a gMSA for Azure AD Connect service.

    0 comments No comments

  3. Limitless Technology 44,046 Reputation points
    2023-04-27T14:38:52.6966667+00:00

    Hello there,

    Look in the History tab for errors.

    Change the task to run cmd.exe instead of powershell.exe. In the arguments field specify a bat file name, C:\PSScripts\DisableADUsers.bat

    Create the .bat file to call the PS script but also redirect stdout and stderr to a log file where you can check for error messages.

    The Azure PowerShell environment just needs to understand what Azure subscription to work with by default. You probably did this for your own environment, but the task scheduler is running in a different environment.

    You just need to add an additional command to the beginning of your script to set the Azure subscription. Something like this:

    Set-AzureSubscription -SubscriptionName

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments

  4. vincent manzari 41 Reputation points
    2023-05-01T10:12:50.1966667+00:00

    Hello all,

    just some troubleshooting I found that the issue is the proxy. I added the setting to use proxys but seems that the managed account not works with the proxy. Proxy is set in IE and also in teh system setting (netsh winhttp).

    If I try with my personal account works but with the managed account no.

    within the script I added the following

    $proxy='http://192.168.1.100:8080'
    $ENV:HTTP_PROXY=$proxy
    $ENV:HTTPS_PROXY=$proxy

    but seems it doesn't works.

    Can you help me please?


  5. vincent manzari 41 Reputation points
    2023-05-02T07:47:31.5833333+00:00

    Hello,

    I'm not able to runas with the managed account (when I try, it request psw, I press enter but I received "The user name or password is incorrect".

    Anyway when I try to run script with task scheduler (I have modified the script to run a simple Invoke-Webrequest) , in the transcript I have this error

    TerminatingError(Invoke-WebRequest): "Unable to connect to the remote server"

    0 comments No comments