Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Not able to call the Saviynt API using powershell from one of the domain controller

vermark
Regular Contributor
Regular Contributor

‎06/15/2022 01:54 PM

Hi Team,

We are planing to install the password sync filter on all the domain controllers. We have three domain controllers.

Before installing the password sync filter we tried to call the following APIs using powershell to ensure the connectivity between Saviynt app and Domain controllers is working fine.
/ECM/api/login(powershell command is at the bottom)
/ECM/api/v5/getUser
/ECM/api/v5/changePassword
/ECM/oauth/access_token

We were successfully able to call the APIs from two domain controllers using powershell but when we tried to run the same powershell script on third domain controller it is giving the below error

=========================================================================================
Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a receive.
At line:11 char:1
+ Invoke-RestMethod @Parameters
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
=========================================================================================

We researched and found that this issue could be related to TLS we included the following command just above the Invoke-RestMethod like below

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-RestMethod

Again we ran the powershell script this time we got different error as below

=========================================================================================
Invoke-RestMethod : The request was aborted: Could not create SSL/TLS secure channel.
At line:11 char:1
+ Invoke-RestMethod @Parameters
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
=========================================================================================

Couple of questions:
1. What could be the cause for this error?
2. Is there any specific TLS version required to be enabled at DC end. (FYI - all three DCs have the same TLS configurations. As mentioned above API calls are working fine from two DCs but not from third)
3. Is it related to ssl certificate or server version or .net framework?
4. We cannot proceed with installation of password sync filter until we check through some way that the API calls are working from all DCs. So please let us now how to proceed further(FYI - we don't have internet connectivity on DCs so we cannot test using postman)

 

Below is the powershell command for calling /ECM/api/login:

=====================================================

$Body = @{
username = "Admin"
password = "Password"
}
$Parameters = @{
Method = "POST"
Uri = "https://companyname-dev.saviyntcloud.com/ECM/api/login"
Body = ($Body | ConvertTo-Json)
ContentType = "application/json"
}
Invoke-RestMethod @Parameters

=============================

 

 

0 Kudos
1 REPLY 1

avinashchhetri
Saviynt Employee
Saviynt Employee

‎06/15/2022 02:22 PM - edited ‎06/15/2022 02:23 PM

Is there any difference between the non working DC vs the working ones ? I'm sure you've done your due diligence but I thought I'd ask.

This seems an isolated issue which could be environment related since it works on 2/3 DC's against the same Saviynt host. I'd look into the server ssl certificates to begin with.

 

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri
0 Kudos
Copyright © 2024 Khoros, LLC