We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Problem with WIN-PS Enable-RemoteMailbox script

luka_harabajsa
New Contributor III
New Contributor III

Hello,

 

We are trying to provision user mailbox from Saviynt. We deployed agent on Windows server, that part is working fine, we tried to write to a file and some other basic stuff.

 

This is script in our CREATEACCOUNTJSON:

{"CREATEACC":
["Script=\$username='test_User';\$password = '${PSSCRIPT_PASSWORD}' | ConvertTo-SecureString -AsPlainText -Force;\$credentials=New-Object System.Management.Automation.PsCredential -argumentlist \$username,\$password;\$AccountName='${user.systemUserName}';\$ConnectionUri='http://azxxxxx01.xxxx.net/powershell';Set-ExecutionPolicy Unrestricted -force -scope CurrentUser;\$sessionOption = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck;\$Session = Import-PSSession (New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri \$ConnectionUri -Authentication Basic -SessionOption \$sessionOption -Credential \$credentials) -AllowClobber;\$mbx = Enable-RemoteMailbox -Identity '$AccountName' -Alias '$AccountName';\$ses =(Get-PSSession).Name;Remove-PSSession -Name \$ses"],
"SuccessResponses" : "No results returned"
}

 

This is the error:

ecm-worker,"2023-03-17T15:18:44.054+00:00","{"log":"java.lang.RuntimeException: Failed : HTTP error code : 500\n","stream":"stdout","time":"2023-03-17T15:18:43.241468823Z"}"

What could be the issue?

Thank you!

 

8 REPLIES 8

adriencosson
Regular Contributor III
Regular Contributor III

Hi @luka_harabajsa,

Have you tried to run the Powershell Script directly from the IIS Server ?

If yes, could you please let us know how much time it takes to run the script and have a successful response ?

My take is that adding a Remote Mailbox to a user using Powershell is taking some time through Azure and therefore it only gives a message back to the server when Remote Mailbox is set up.

Hope this helps as preliminary guidelines !

Regards,
Adrien COSSON

luka_harabajsa
New Contributor III
New Contributor III

Hi @adriencosson,

We don't want to have it on the server, we want it in the Saviynt for easier maintenance. 

Our flow is to Enable-RemoteMailbox on on-prema Exchange, and then it will be sync. to Exchange Online. 

When i run it locally, it take no more than 5sec.

adriencosson
Regular Contributor III
Regular Contributor III

Hi @luka_harabajsa,

Agree on the easier maintenance. Just wondering how much time was it taking from the IIS server itself to reflect any performance issues.

From Saviynt side, any chance you can split up the Script to troubleshoot which part of the script would fail ? 

Regards,
Adrien COSSON

Hi @adriencosson,

Yeah we tried that, also we tried this approach as placing script itself on the server and running it from Saviynt. Still no luck. I will update if we found what is the issue 

SB
Saviynt Employee
Saviynt Employee

Can you try with the below CREATEACCOUNTJSON JSON format and see if it works. You will need to update the filed values based on your setup.

{
"accountIdPath": "accountName",
"responseColsToPropsMap": {},
"call": [
{
"name": "call1",
"connection": "userAuth",
"url": "https://abc/SaviyntApp/PS/ExecutePSScript",
"httpMethod": "POST",
"httpParams": "{\"Script\":\"\\$sAMAccName = '${user.username}';\\$pass = convertto-securestring -AsPlainText -Force -String 'syPQMYfP_TvrMfmxt2Rq';\\$mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist 'rbadev\\\\\\\\svc_saviyntexch_dev',\\$pass;invoke-command -ConfigurationName Microsoft.Exchange -ConnectionUri 'https://abc.com/powershell' -Credential \\$mycred -Authentication Basic -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck) -scriptblock {Enable-Mailbox -Identity \\$Using:sAMAccName -Database 'ArchiveDB_3'}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/x-www-form-urlencoded",
"SuccessResponses": {
"": [
"Success"
]
},
"unsuccessResponses": {
"responseMessage": [
"\"Failed\"",
"\"Powershell script taking too long Sample input: Invoke-Command -ComputerName \\\"SAVIYNTADSVCS\\\" -ScriptBlock {command to execute} -Credential $Cred\""
]
}
}
]
}


Regards,
Sahil

luka_harabajsa
New Contributor III
New Contributor III

@SB 

Do you have example how should connection JSON looks in this case when Powershell script is sent over REST?

Below is an example of Connection JSON.

{
"authentications": {
"acctAuth": {
"authType": "Basic",
"url": "<URL>",
"httpMethod": "POST",
"httpParams": {},
"httpHeaders": {},
"httpContentType": "text/html",
"properties": {
"userName":"<<USERNAME>>/token",
"password":"<<PASSWORD>>"
},
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken",
"AuthenticationFailed"
],
"timeOutError": "Read timed out"
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Basic",
"accessToken": "Basic <<TOKEN>>",
"apiRateLimitConfig": {"retryAfterCalls": 100,"retryWaitSeconds": 60}
}
}
}


Regards,
Sahil

Also, below is the link to the WIN-PS Connector guide in case you do not want to use REST. You can refer the same for examples of the JSON.

https://docs.saviyntcloud.com/bundle/WinPS-v231/page/Content/Appendix.htm

 


Regards,
Sahil