Share via

account permissions

John Curtiss 66 Reputation points
2020-08-26T00:53:49.337+00:00

orchestrator 2016 runbook calling a powershell script in the .net script activity. script is wrapped in "$result = powershell {ipmo SomeModule}".

the script also calls a creds file with an AESKey which was created using the orchestrator runbook service account. specifically, this script is using the psPAS module for cyberark available in the gallery. but i don't know if that's relevant.

if i RDP to the runbook server as my orchestrator runbook service account and run the powershell script, the script works.
if i RDP to the runbook server as my orchestrator runbook service account and run the Runbook Tester, the runbook works.

but if i launch the runbook from the orchestrator web console, it doesn't work. (of course the activity shows Success.)

main question, what could be the difference between
running the runbook tester as the service account on the runbook server (works)
vs
the runbook service, running as the service account, running the runbook on the runbook server? (doesn't work)

System Center Orchestrator
System Center Orchestrator
A family of System Center products that provide an automation platform for orchestrating and integrating both Microsoft and non-Microsoft IT tools.
217 questions
0 comments

9 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. John Curtiss 66 Reputation points
    2020-09-01T14:49:05.123+00:00

    21877-cybearkorchestratorscript.txt

    script attached. the runbook is just "initialize data -> run script"

    0 comments
  2. Stefan Horz 3,461 Reputation points
    2020-09-01T18:18:44.057+00:00

    Hi,

    can you add this in you code like i suggested here: looking-inside-the-thing-with-21 

    #wrap it in a $result so we can use 64 bit powershell and import the module

$result = powershell {

#establish a connection to the ...
#your code
####
##
#
}2>&1
IF ($Error) {throw New-Object System.Exception($Error)}

$result
$safe = $result.safename
$safe
$accountid = $result.id
$accountid
$account = $result.username
$account
$requestor = $result.membername
$requestor

    Regards,
    Stefan

    0 comments
  3. Stefan Horz 3,461 Reputation points
    2020-09-01T18:21:06.433+00:00

    Hi,

    can you add this in your code like i suggested here: looking-inside-the-thing-with-21 

    #wrap it in a $result so we can use 64 bit powershell and import the module

$result = powershell {

#establish a connection to the ...
#your code
####
##
#
}2>&1
IF ($Error) {throw New-Object System.Exception($Error)}

$result
$safe = $result.safename
$safe
$accountid = $result.id
$accountid
$account = $result.username
$account
$requestor = $result.membername
$requestor

    Regards,
    Stefan

    0 comments
  4. John Curtiss 66 Reputation points
    2020-09-02T14:03:37.81+00:00

    just to be clear, your lines lines 10 and 11 are all i'm adding, at the end of $result = powershell {my stuff}?

    i get error summary text "Cannot find an overload for "Exception" and the argument count: "2"." even in the previously successful runbook tester.

    *edit the runbook tester still successfully creates the account in cyberark, it just logs that error in orchestrator

    0 comments