1 Reply Latest reply on Aug 2, 2018 5:42 PM by mwb

    Issues with passing ${CREDENTIALS} to Powershell after upgrading poller VM to 2016

    mwb

      This is an odd issue, but fully verified.

       

      I've upgraded some of my Additional Polling Engine VMs to Windows 2016.  After doing so, I found that Powershell script monitors that I had been running previously mysteriously began to fail with errors when polling out of those APEs.  However, the same script continued to work on any APE that was running out of Server 2012 R2.  These scripts are running powershell locally on the APE and then connecting to the remote server through WMI to gather the necessary details (before anyone talks about WinRM and running the scripts remotely, it's not really an option to get every remote server even run with winrm quickconfig).

       

      Even odder is when I investigated to see if there were syntax changes with Powershell in Server 2016, I would find that the scripts would work when run through PowerShell ISE directly, substituting credentials for where SolarWinds was passing them in the ${CREDENTIALS} variable.

       

      After digging and running the same script template to the same server with the same credentials from two different APEs (one 2016, one 2012 R2), I can verify that the script works from an APE on 2012 R2, but not 2016.  Even odder is that if I pull out the ${CREDENTIALS} variable and replace it with the code below, it takes the credentials and works even from 2016:

      $Username = '<username>'
      $Password = '<password>'
      $pass = ConvertTo-SecureString -AsPlainText $Password -Force
      
      $SecureString = $pass
      
      $creds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecureString

       

      So then what I'm left with is some kind of odd situation where an APE on Server 2016 is somehow not able to populate or utilize ${CREDENTIALS} from the SolarWinds GUI when running a script.

       

      Does anyone have any insight into this at all?  I've not yet taken this to Support because I know I'll run the gamut of "we don't support scripts" arguments...

       

       

      The one of the scripts is below and it happens to pull SQL information out of the Windows registry for SPLA reporting - but this is occuring with all Powershell scripts from the APE on 2016, even the most simple of commands (but again, works if I avoid ${CREDENTIALS}):

      $server='${IP}'
      $creds = ${CREDENTIALS}
      
      $reg = Get-WmiObject -List -Namespace root\default -ComputerName $server -Credential $creds | Where-Object {$_.Name -eq 'StdRegProv'}
      
      $x = ($error[0] | out-string)
      
      $HKLM = 2147483650
      
      #getpath
      
      if(($reg.EnumKey($HKLM, 'SOFTWARE\Microsoft\Microsoft SQL Server\90\Tools\Setup').Returnvalue) -eq 0)`
      {$keypath= 'SOFTWARE\Microsoft\Microsoft SQL Server\90\Tools\Setup'}
      elseif(($reg.EnumKey($HKLM, 'SOFTWARE\Microsoft\Microsoft SQL Server\100\Tools\Setup').Returnvalue) -eq 0)`
      {$keypath = 'SOFTWARE\Microsoft\Microsoft SQL Server\100\Tools\Setup'}
      elseif(($reg.EnumKey($HKLM, 'SOFTWARE\Microsoft\Microsoft SQL Server\110\Tools\Setup').Returnvalue) -eq 0)`
      {$keypath = 'SOFTWARE\Microsoft\Microsoft SQL Server\110\Tools\Setup'}
      elseif(($reg.EnumKey($HKLM, 'SOFTWARE\Microsoft\Microsoft SQL Server\120\Tools\Setup').Returnvalue) -eq 0)`
      {$keypath = 'SOFTWARE\Microsoft\Microsoft SQL Server\120\Tools\Setup'}
      elseif(($reg.EnumKey($HKLM, 'SOFTWARE\Microsoft\Microsoft SQL Server\130\Tools\Setup').Returnvalue) -eq 0)`
      {$keypath = 'SOFTWARE\Microsoft\Microsoft SQL Server\130\Tools\Setup'}
      elseif(($reg.EnumKey($HKLM, 'SOFTWARE\Microsoft\Microsoft SQL Server\140\Tools\Setup').Returnvalue) -eq 0)`
      {$keypath = 'SOFTWARE\Microsoft\Microsoft SQL Server\140\Tools\Setup'}
      
      $v = $reg.GetStringValue($HKLM,$keypath,'Version').sValue
      $e = $reg.GetStringValue($HKLM,$keypath,'Edition').sValue
      
      $vstat= ($v.split('.',3) | select -index 0,1) -join '.'
      
      if ($x) {write-output $x
      $error.clear()
      exit(4)}
      ELSEIF (!$keypath) {Write-Host 'Statistic.version: 0'
      Write-Host 'Message.version: No Known MSSQL Installed'
      Write-Host 'Statistic.edition: 0'
      write-Host 'Message.edition: No Known MSSQL Installed'
      $error.clear()
      exit(0)}
      ELSE {Write-Host 'Statistic.version:' $vstat
      Write-Host 'Message.version:' $v
      Write-Host 'Statistic.edition:' $vstat
      write-Host 'Message.edition:' $e
      $error.clear()
      exit(0)}