account permissions

John Curtiss 66 Reputation points
2020-08-26T00:53:49.337+00:00

orchestrator 2016 runbook calling a powershell script in the .net script activity. script is wrapped in "$result = powershell {ipmo SomeModule}".

the script also calls a creds file with an AESKey which was created using the orchestrator runbook service account. specifically, this script is using the psPAS module for cyberark available in the gallery. but i don't know if that's relevant.

if i RDP to the runbook server as my orchestrator runbook service account and run the powershell script, the script works.
if i RDP to the runbook server as my orchestrator runbook service account and run the Runbook Tester, the runbook works.

but if i launch the runbook from the orchestrator web console, it doesn't work. (of course the activity shows Success.)

main question, what could be the difference between
running the runbook tester as the service account on the runbook server (works)
vs
the runbook service, running as the service account, running the runbook on the runbook server? (doesn't work)

System Center Orchestrator
System Center Orchestrator
A family of System Center products that provide an automation platform for orchestrating and integrating both Microsoft and non-Microsoft IT tools.
230 questions
0 comments No comments
{count} votes

9 answers

Sort by: Most helpful
  1. John Curtiss 66 Reputation points
    2020-09-01T14:49:05.123+00:00

    21877-cybearkorchestratorscript.txt

    script attached. the runbook is just "initialize data -> run script"

    0 comments No comments

  2. Stefan Horz 3,466 Reputation points
    2020-09-01T18:18:44.057+00:00

    Hi,

    can you add this in you code like i suggested here: looking-inside-the-thing-with-21

    #wrap it in a $result so we can use 64 bit powershell and import the module
    
    $result = powershell {
    
    #establish a connection to the ...
    #your code
    ####
    ##
    #
    }2>&1
    IF ($Error) {throw New-Object System.Exception($Error)}
    
    $result
    $safe = $result.safename
    $safe
    $accountid = $result.id
    $accountid
    $account = $result.username
    $account
    $requestor = $result.membername
    $requestor
    

    Regards,
    Stefan

    0 comments No comments

  3. Stefan Horz 3,466 Reputation points
    2020-09-01T18:21:06.433+00:00

    Hi,

    can you add this in your code like i suggested here: looking-inside-the-thing-with-21

    #wrap it in a $result so we can use 64 bit powershell and import the module
    
    $result = powershell {
    
    #establish a connection to the ...
    #your code
    ####
    ##
    #
    }2>&1
    IF ($Error) {throw New-Object System.Exception($Error)}
    
    $result
    $safe = $result.safename
    $safe
    $accountid = $result.id
    $accountid
    $account = $result.username
    $account
    $requestor = $result.membername
    $requestor
    

    Regards,
    Stefan

    0 comments No comments

  4. John Curtiss 66 Reputation points
    2020-09-02T14:03:37.81+00:00

    just to be clear, your lines lines 10 and 11 are all i'm adding, at the end of $result = powershell {my stuff}?

    i get error summary text "Cannot find an overload for "Exception" and the argument count: "2"." even in the previously successful runbook tester.

    *edit the runbook tester still successfully creates the account in cyberark, it just logs that error in orchestrator

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.