I am trying to set up a simple demo for IT meeting later today so I can get some budget for Automation, but I am stuck at the very basic step - trying to run a simple whoami script using PSCredential that I saved.
Could this be some kind of permission issue with IIS again?
edit: just to clarify, jobs run using default user, but not when using PSCredential from vault
PSU 1.2.8
IIS 10.0
Runas InProcess as domain user standard account.
This is all I get from error log, nothing interesting in Event log:
2020-07-17T07:30:54.0882939+01:00 [INF] Error executing job 17: Did not receive port from client process. at UniversalAutomation.ExecutionService.ExecutePowerShell(Script script, IEnumerable`1 parameters, Job job, Schedule schedule, Int32 port, ExecutionCallback callback) in C:\src\universal\src\UniversalAutomation\Services\ExecutionService.cs:line 354
at UniversalAutomation.ExecutionService.TryExecute(Job job, Schedule schedule) in C:\src\universal\src\UniversalAutomation\Services\ExecutionService.cs:line 258
at UniversalAutomation.ExecutionService.Execute(Job job, Schedule schedule) in C:\src\universal\src\UniversalAutomation\Services\ExecutionService.cs:line 138 System.Exception (40078802)
I get same result as above when running as Network Service on IIS
Similar problem when running manually on Windows 10 in my user context (non admin domain user), just different error this time. Clean install of 1.2.8 as well
5475019+01:00 [INF] Job 2 started. (ba56eeaa)
2020-07-17T11:27:21.5695856+01:00 [INF] Starting job using Process. (4d0a5a43)
2020-07-17T11:27:21.5989120+01:00 0HM1A7F4F20BO:00000014 [INF] Request starting HTTP/1.1 GET http://localhost:5000/api/v1/job/2?t=1594981641584 (ca22a1cb)
2020-07-17T11:27:21.7084237+01:00 0HM1A7F4F20BO:00000014 [INF] Authorization was successful. (0d575a54)
2020-07-17T11:27:21.7084837+01:00 0HM1A7F4F20BO:00000014 [INF] Executing endpoint '"UniversalAutomation.JobController.Get (UniversalAutomation)"' (500cc934)
2020-07-17T11:27:21.7085457+01:00 0HM1A7F4F20BO:00000014 [INF] Route matched with "{action = \"Get\", controller = \"Job\"}". Executing controller action with signature "UniversalAutomation.Job Get(Int64)" on controller "UniversalAutomation.JobController" ("UniversalAutomation"). (122b2fdf)
2020-07-17T11:27:21.7095183+01:00 0HM1A7F4F20BO:00000014 [INF] Executing ObjectResult, writing value of type '"UniversalAutomation.Job"'. (8a1b66c8)
2020-07-17T11:27:21.7100382+01:00 0HM1A7F4F20BO:00000014 [INF] Executed action "UniversalAutomation.JobController.Get (UniversalAutomation)" in 1.4525ms (afa2e885)
2020-07-17T11:27:21.7102833+01:00 0HM1A7F4F20BO:00000014 [INF] Executed endpoint '"UniversalAutomation.JobController.Get (UniversalAutomation)"' (99874f2b)
2020-07-17T11:27:21.7104263+01:00 0HM1A7F4F20BO:00000014 [INF] Request finished in 111.5132ms 200 application/json; charset=utf-8 (791a596a)
2020-07-17T11:27:21.7162993+01:00 0HM1A7F4F20BO:00000015 [INF] Request starting HTTP/1.1 GET http://localhost:5000/api/v1/script/1?t=1594981641712 (ca22a1cb)
2020-07-17T11:27:21.8266577+01:00 0HM1A7F4F20BO:00000015 [INF] Authorization was successful. (0d575a54)
2020-07-17T11:27:21.8267180+01:00 0HM1A7F4F20BO:00000015 [INF] Executing endpoint '"UniversalAutomation.ScriptController.Get (UniversalAutomation)"' (500cc934)
2020-07-17T11:27:21.8267908+01:00 0HM1A7F4F20BO:00000015 [INF] Route matched with "{action = \"Get\", controller = \"Script\"}". Executing controller action with signature "UniversalAutomation.Script Get(Int64)" on controller "UniversalAutomation.ScriptController" ("UniversalAutomation"). (122b2fdf)
2020-07-17T11:27:21.8281917+01:00 0HM1A7F4F20BO:00000015 [INF] Executing ObjectResult, writing value of type '"UniversalAutomation.Script"'. (8a1b66c8)
2020-07-17T11:27:21.8283981+01:00 0HM1A7F4F20BO:00000015 [INF] Executed action "UniversalAutomation.ScriptController.Get (UniversalAutomation)" in 1.5611ms (afa2e885)
2020-07-17T11:27:21.8284264+01:00 0HM1A7F4F20BO:00000015 [INF] Executed endpoint '"UniversalAutomation.ScriptController.Get (UniversalAutomation)"' (99874f2b)
2020-07-17T11:27:21.8284703+01:00 0HM1A7F4F20BO:00000015 [INF] Request finished in 112.1814ms 200 application/json; charset=utf-8 (791a596a)
2020-07-17T11:27:21.8350074+01:00 0HM1A7F4F20BO:00000016 [INF] Request starting HTTP/1.1 GET http://localhost:5000/api/v1/job/2/parameter?t=1594981641830 (ca22a1cb)
2020-07-17T11:27:21.8541614+01:00 [INF] Error executing job 2: The stub received bad data. at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start()
at UniversalAutomation.JobProcessManager.StartProcessAsCurrentUser(String powerShellPath, String commandLine, Variable credential) in C:\src\universal\src\Universal.Server\Services\JobProcessManager.cs:line 186
at UniversalAutomation.JobProcessManager.Start(Job job, PowerShellVersion powerShellVersion) in C:\src\universal\src\Universal.Server\Services\JobProcessManager.cs:line 91
at UniversalAutomation.ExecutionService.ExecutePowerShell(Script script, IEnumerable`1 parameters, Job job, Schedule schedule, Int32 port, ExecutionCallback callback) in C:\src\universal\src\UniversalAutomation\Services\ExecutionService.cs:line 345
at UniversalAutomation.ExecutionService.TryExecute(Job job, Schedule schedule) in C:\src\universal\src\UniversalAutomation\Services\ExecutionService.cs:line 258
at UniversalAutomation.ExecutionService.Execute(Job job, Schedule schedule) in C:\src\universal\src\UniversalAutomation\Services\ExecutionService.cs:line 138 System.ComponentModel.Win32Exception (3af66a40)
afaik, if you wanna be able to do run As you have to run the dashboard as local System:
IIS Limitations with Universal Automation
App Service configured as Local System - Scripts will execute as the System Account by default and a Run as Accounts CAN be specified when executing a Script in Universal Automation
App Service configured as a Service Account - Scripts can ONLY be executed with the Service Account and a Run as Account CANNOT be specified when executing scripts.
Thanks, @Speegel
Not sure how I missed that big bold warning… but to be fair, this is not just an IIS limitation, I get the same problem when manually running .exe in context of standard domain user (me)
So now I need to solve dilemma of:
Running scripts as administrator, can use RUNAS
Not running scripts as admin, can’t use RUNAS, but could potentially use API calls with Passwordstate.
