Home Analyst Portal

SMLets in Runbook

James_JohnsonJames_Johnson Customer Advanced IT Monkey ✭✭✭

Hello everyone,

Trying to setup some runbooks that run a powershell script using some SMLets commands but I can't figure out how to get them working.

I've switched the registry key that runs the .net script into the latest version, in this case 5.1 but it can't find the command probably because its 32 bit?

Trying to do invoke-command doesn't work, I get "user does not have permission to do this" even when using SCSM admin accounts, I think because of double-hop but even if I pass credentials into a new session it still fails. I also added the powershell IP and tried to run it through there and get the same permission denied error. Not sure how this actually is running the script.

Has anyone got this to work?

Thanks,

James

Best Answer

  • James_JohnsonJames_Johnson Customer Advanced IT Monkey ✭✭✭
    Answer ✓

    I did try that I get the same results. I just tried changing the authentication to kerberos and specifying it to run on my portal/secondary management server instead of trying to run on the SCORCH server and that actually seems like it is working now.

    Thanks for the response @Brian_Wiest

Answers

  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭

    Have you logged into the SCORCH server with the SCORCH service account and installed SMLets?

  • James_JohnsonJames_Johnson Customer Advanced IT Monkey ✭✭✭
    Answer ✓

    I did try that I get the same results. I just tried changing the authentication to kerberos and specifying it to run on my portal/secondary management server instead of trying to run on the SCORCH server and that actually seems like it is working now.

    Thanks for the response @Brian_Wiest

  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭

    Did you install the SCSM console on the SCORCH server?

    If you log into the SCORCH server as the service account. Can you run the PS in PS ISE?

  • James_JohnsonJames_Johnson Customer Advanced IT Monkey ✭✭✭
    edited April 2020

    Yes I can run everything just fine in the ISE and it also runs fine in Runbook Tester, but when I try to run it normally I get the "User does not have permission to do this" error when trying to actually use any SMLets commands.

    I'm not sure if it's the SCORCH server or the remote mgmt server giving the error, I think it might be the remote server.

  • Peter_MiklianPeter_Miklian Customer Advanced IT Monkey ✭✭✭
    edited April 2020
    • Runbooks are executed in scope of logged in user while using Runbook tester.
    • Runbooks are executed under service account running Orchestrator service while they run in Orchestrator.

    Does that user has permissions to access SCSM? Maybe your services are running under Local\SYSTEM account.

  • James_JohnsonJames_Johnson Customer Advanced IT Monkey ✭✭✭

    Right, I understand that but the service account I have running everything is a SCSM admin and definitely has access to everything in SMLets as well as admin rights on both the SCORCH and web server. I verified the services are all running under that account and when I log the user the script is running as that matches as well.

  • Peter_MiklianPeter_Miklian Customer Advanced IT Monkey ✭✭✭
    edited April 2020

    No errors in Windows event logs?

  • James_JohnsonJames_Johnson Customer Advanced IT Monkey ✭✭✭
    edited April 2020

    @Peter_Miklian

    No errors but when I checked the Audit Log it seems like it's connecting as anonymous even when I try adding a credential with the -credential switch.


    Edit: Actually I had a typo, the using the -cred switch does allow it to work running locally. Not sure why it's not using the session credentials.

Sign In or Register to comment.