Script error when run in PSU

I’m having a heck of a time getting a script to run in PSU although it works just fine when run from a regular PowerShell or PowerShell ISE session.

The script import three modules (ConfigurationManager, VMware.VimAutomation.Core & SwisPowerShell) and sets several variables. It then:

• Sets the location to the SCCM site drive.
• Queries SCCM for a list of servers in a particular device collection and adds the results to a variable.
• Sets the location back to C:\Windows\system32.
• Connects to Solarwinds and mutes alerts for the list of servers.
• Connects to vCenter and takes snapshots of the same list of servers.

It works like a charm when run outside of PSU. But inside, I get errors and it only gets as far as connecting to vCenter. It never queries SCCM, mutes alerts or even change to the SCCM site drive.

Here’s the full script (sanitized somewhat)

$Credentials = $Secret:PatchCreds

Import-Module "C:\Program Files (x86)\Microsoft Endpoint Manager\AdminConsole\bin\ConfigurationManager.psd1"
Import-Module VMware.VimAutomation.Core
Import-Module SwisPowerShell

$OrionServer = "orion1.domain.local"
$startDate = [DateTime]::UtcNow
$endDate = $startDate.AddHours(8)
$location = "C:\WINDOWS\system32"
$SiteCode = Get-PSDrive -PSProvider CMSITE

# Get server list from SCCM patching group
Set-Location -Path "$($SiteCode.Name):\"
$servers = Get-CMCollectionMember -CollectionName "Pilot_Patching" | foreach { $_.Name }
Set-Location -Path $location

# Schedule Solarwinds alerts to be muted starting now and ending in 8 hrs.
$swis = Connect-Swis -Hostname $OrionServer -Credential $Credentials
$sqlC = ""

ForEach ( $server in $servers ) {
  $sqlC += "'$server',"
}

$sqlC= $sqlC.TrimEnd(",")
$Nodes = Get-SwisData $swis -Query "SELECT Uri FROM Orion.Nodes WHERE Caption IN ($sqlC)"
$Nodes = @( $Nodes |% {[string]$_} )

ForEach ($Node in $Nodes) {
  Invoke-SwisVerb $swis Orion.AlertSuppression SuppressAlerts @( @($Node), $startDate, $endDate) | Out-Null
}

# Connect to vCenter
Set-PowerCLIConfiguration -Scope Session -InvalidCertificateAction Ignore -DefaultVIServerMode Multiple -Confirm:$false
Connect-VIServer -Server vcenter1.domain.local -AllLinked -Credential $Credentials

# Take snapshots
ForEach ($server in $servers) {
    Get-VM $server | New-Snapshot -Name "Pre-Patching" -Description "Created $(Get-Date)"
}

It’ll sit there for several seconds and then returns this:

Jul 20, 2022 1:02 PM [error] Cannot find path 'C:\ProgramData\UniversalAutomation\Repository:' because it does not exist.
Jul 20, 2022 1:02 PM [error] This command cannot be run from the current drive. To run this command you must first connect to a Configuration Manager drive.
Jul 20, 2022 1:02 PM [error] no viable alternative at input ‘)’ in Where clause
Jul 20, 2022 1:02 PM Scope ProxyPolicy DefaultVIServerMode InvalidCertificateAction DisplayD
Jul 20, 2022 1:02 PM eprecati
Jul 20, 2022 1:02 PM onWarnin
Jul 20, 2022 1:02 PM gs
Jul 20, 2022 1:02 PM ----- ----------- ------------------- ------------------------ --------
Jul 20, 2022 1:02 PM Session UseSystemProxy Multiple Ignore True
Jul 20, 2022 1:02 PM User
Jul 20, 2022 1:02 PM AllUsers
Jul 20, 2022 1:02 PM IsConnected : True
Jul 20, 2022 1:02 PM Id : /VIServer=domain\user@vcenter1.domain.local:443/
Jul 20, 2022 1:02 PM ServiceUri : https://vcenter1.domain.local/sdk
Jul 20, 2022 1:02 PM SessionSecret : “5b417042358b9b1ead7ef79ebd460e28f9d88d68”
Jul 20, 2022 1:02 PM Name : vcenter1.domain.local
Jul 20, 2022 1:02 PM Port : 443
Jul 20, 2022 1:02 PM SessionId : “5b417042358b9b1ead7ef79ebd460e28f9d88d68”
Jul 20, 2022 1:02 PM User : domain\user
Jul 20, 2022 1:02 PM Uid : /VIServer=domain\user@vcenter1.domain.local:443/
Jul 20, 2022 1:02 PM Version : 7.0.3
Jul 20, 2022 1:02 PM Build : 19717403
Jul 20, 2022 1:02 PM ProductLine : vpx
Jul 20, 2022 1:02 PM InstanceUuid : 6459aa8e-65e1-48ae-9827-f48d53805845
Jul 20, 2022 1:02 PM RefCount : 1
Jul 20, 2022 1:02 PM ExtensionData : VMware.Vim.ServiceInstance
Jul 20, 2022 1:02 PM IsConnected : True
Jul 20, 2022 1:02 PM Id : /VIServer=domain\user@vcenter2.domain.local:443/
Jul 20, 2022 1:02 PM ServiceUri : https://vcenter2.domain.local/sdk
Jul 20, 2022 1:02 PM SessionSecret : “4ba13bd0c9ea50b1db853d0766838d7b52c993ec”
Jul 20, 2022 1:02 PM Name : vcenter2.domain.local
Jul 20, 2022 1:02 PM Port : 443
Jul 20, 2022 1:02 PM SessionId : “4ba13bd0c9ea50b1db853d0766838d7b52c993ec”
Jul 20, 2022 1:02 PM User : domain\user
Jul 20, 2022 1:02 PM Uid : /VIServer=domain\user@vcenter2.domain.local:443/
Jul 20, 2022 1:02 PM Version : 7.0.3
Jul 20, 2022 1:02 PM Build : 19717403
Jul 20, 2022 1:02 PM ProductLine : vpx

And that’s where it ends. I have no idea how to step through this line-by-line to see what’s happening or on which line problems start happening.

Does anyone have any ideas and/or advice as to how I can get this working?

Thanks!

Product: PowerShell Universal
Version: 3.1.1
Installed via MSI on Windows Server 2019.
Running as local System account.

You can use debugging for troubleshooting

Debugging Scripts

Once you have the debugging enabled, you can check to see if the SCCM module loaded correctly.
Also, since your PSU service is running under a local System account, how are you handling permissions to query SCCM?

We also query ConfigMgr with the module, but we do two things differently.

Firstly, PSU is configured to run as a service account, which has read access to ConfigMgr.

Secondly, and this is less important but somehow still necessary, we unblock the file before importing it, since after every upgrade it gets identified as a file downloaded from the internet and not trusted.

$CMModulePath = “C:\Program Files (x86)\Microsoft Endpoint Manager\AdminConsole\bin\configurationmanager.psd1”

Unblock-File -Path $CMModulePath

Import-Module $CMModulePath