14 Replies Latest reply on Jan 15, 2016 10:04 AM by humejo

    Get-SwisObject : An error occurred when verifying security for the message.

    jamccabe


      I am trying to connect to SolarWinds server from a different server and run a powershell script.  My ultimate goal is mark an IP address as available.  I can get the connection established, but as soon as I do a Get-SwisObject I get a security message.

       

      Get-SwisObject : An error occurred when verifying security for the message.

       

      If I put in a bogas password, I get the same message, so I guess I am not convinced that I am actually getting connected to my solarwinds server.

       

      Here is my script:

       

      If (!(Get-PSSnapin | where {$_.Name -eq "SwisSnapin"})) {
          Add-PSSnapin "SwisSnapin"
      }

       

      $hostname = "solar.mycompany.com"
      $username="admin"
      $password="1234567"

       

      $cred = New-Object -typename System.Management.Automation.PSCredential -argumentlist @($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))

       

      #Connect to the System
      $target = Connect-Swis -v2 -Credential $cred -Hostname $hostname

       

      #Get all URIs of Nodes in the System
      $UriBasket = Get-SwisData $target "SELECT Uri FROM Orion.Nodes"

       

      I searched high and low and I can not find what this error means (An error occurred when verifying security for the message.).

       

      FYI, I am able to log on with the same account via a web browser, so I know the account has access.

       

      Any help would be greatly appreciated.

       

      Not sure I put this in the right group either.

       

      Thanks, Jon

        • Re: Get-SwisObject : An error occurred when verifying security for the message.
          Jan Pelousek

          Hello, this error is usually caused by different time settings between the server (SolarWinds Information Service on your Orion server) machine and the client (SDK based script in your case). Please check if the time on the server matches to the time on the client. I think timezone doesn't matter, but can't remember 100%.

          Please let me know if it helped.

          Regards,

          Honza

          1 of 1 people found this helpful
            • Re: Get-SwisObject : An error occurred when verifying security for the message.
              jamccabe

              Thanks for the rely Honza,

               

              I just checked both servers and the times are exact.  Both are getting their time from the same SNTP server, which is the windows domain controller.

               

              Any other ideas?

               

              Thanks for your help on this, much appreciated.

               

              -Jon

                • Re: Get-SwisObject : An error occurred when verifying security for the message.
                  Jan Pelousek

                  Could you, please tell us, which Orion SDK against which version of Orion (or NPM version) are you using?

                  Does it work if you use the connection to SWISv3? (without the -v2 switch)?

                  Can you try to use the IP address intstead of the hostname for the connection?

                    • Re: Get-SwisObject : An error occurred when verifying security for the message.
                      jamccabe

                      I have the latest SDK (1.8.116) on my app server.

                       

                      I opened the SWQL Studio on that app server.  I can connect to V2 and V3 using the local Orion account (by IP or machine name), but I can not connect to it using my AD account.

                       

                      When using my AD account, I get a similar message.  "Unable to connect to the Information Service.  An error occurred when verifying security for the message".  I get this same message when running my powershell script.

                       

                      We are new to this product here, so maybe my AD account within Orion is not setup correctly?

                       

                      Thanks

                       

                      -Jon

                        • Re: Get-SwisObject : An error occurred when verifying security for the message.
                          tdanner

                          Are you able to log in with your AD account on the website?

                            • Re: Get-SwisObject : An error occurred when verifying security for the message.
                              jamccabe


                              Yes, I can login with my AD account and the local Orion account.

                                • Re: Get-SwisObject : An error occurred when verifying security for the message.
                                  jamccabe

                                  Here is the full message that I am getting back to from my powershell script, maybe this will help:

                                   

                                  Get-SwisData : An error occurred when verifying security for the message.
                                  At D:\Test.ps1:34 char:26
                                  + $UriBasket = Get-SwisData <<<<  $target "SELECT Uri FROM Orion.Nodes"
                                      + CategoryInfo          : InvalidOperation: (:) [Get-SwisData], MessageSecurityException
                                      + FullyQualifiedErrorId : SwisError,SwisPowerShell.GetSwisData
                                  Get-SwisObject : Cannot bind argument to parameter 'Uri' because it is null.
                                  At D:\Test.ps1:40 char:31
                                  +    $NodeProps = Get-SwisObject <<<<  $target $UriEntry
                                      + CategoryInfo          : InvalidData: (:) [Get-SwisObject], ParameterBindingValidationException
                                      + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,SwisPowerShell.GetSwisObject

                                  Get-SwisObject : An error occurred when verifying security for the message.
                                  At D:\Test.ps1:41 char:37
                                  +    $NodeCustomProps = Get-SwisObject <<<<  $target $CustomProps
                                      + CategoryInfo          : InvalidOperation: (:) [Get-SwisObject], MessageSecurityException
                                      + FullyQualifiedErrorId : SwisError,SwisPowerShell.GetSwisObject

                                   

                                  Thanks again.

                                    • Re: Get-SwisObject : An error occurred when verifying security for the message.
                                      tdanner

                                      Let's look at the SWISv3 log file. It will be on the Orion server at C:\ProgramData\Solarwinds\InformationService\v3.0\Orion.InformationService.log. To make it easier to find the problem, trigger the error from PowerShell immediately before copying this file. Then open it up in notepad and copy out the lines around the time you reproduced the problem.

                                        • Re: Get-SwisObject : An error occurred when verifying security for the message.
                                          jamccabe

                                          Interesting.  When I ran if from Powershell, I got the same error message but the log files did not get updated.  So I tried to connect using SWQL Studio using my AD account and I got the message that the NetTcpPortSharing  service was disable.  I set that to manual, started it, and the tried it again.  Now I get the following (x.509 error)

                                           

                                          2014-03-10 13:44:32,523 [5] INFO  SwqlStudio.MainForm - Opening subscriber endpoint at net.tcp://10.38.1.15:17777/SolarWinds/SwqlStudio/8924/Subscriber

                                          2014-03-10 13:44:34,693 [5] INFO  SwqlStudio.MainForm - Subscriber endpoint opened

                                          2014-03-10 13:44:34,703 [5] INFO  SwqlStudio.MainForm - Opening http subscriber endpoint at https://SMPISTAPP02.CMUTUAL.com:17778/SolarWinds/SwqlStudio/8924

                                          2014-03-10 13:44:34,942 [5] ERROR SwqlStudio.MainForm - Exception opening subscriber host with address net.tcp://10.38.1.15:17777/SolarWinds/SwqlStudio/8924/Subscriber.

                                          System.InvalidOperationException: Cannot load the X.509 certificate identity specified in the configuration.

                                             at System.ServiceModel.Description.ConfigLoader.LoadIdentity(IdentityElement element)

                                             at System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(ServiceHostBase host, ServiceDescription description, ServiceElement serviceElement, Action`1 addBaseAddress)

                                             at System.ServiceModel.ServiceHostBase.LoadConfigurationSectionInternal(ConfigLoader configLoader, ServiceDescription description, ServiceElement serviceSection)

                                             at System.ServiceModel.ServiceHostBase.LoadConfigurationSectionInternal(ConfigLoader configLoader, ServiceDescription description, String configurationName)

                                             at System.ServiceModel.ServiceHostBase.ApplyConfiguration()

                                             at System.ServiceModel.ServiceHostBase.InitializeDescription(UriSchemeKeyedCollection baseAddresses)

                                             at System.ServiceModel.ServiceHost.InitializeDescription(Type serviceType, UriSchemeKeyedCollection baseAddresses)

                                             at System.ServiceModel.ServiceHost.InitializeDescription(Object singletonInstance, UriSchemeKeyedCollection baseAddresses)

                                             at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)

                                             at SwqlStudio.MainForm.OpenSubscriber()

                                          2014-03-10 13:44:34,945 [5] INFO  SwqlStudio.MainForm - Listening on net.tcp://10.38.1.15:17777/SolarWinds/SwqlStudio/8924/Subscriber

                                          2014-03-10 13:44:35,891 [1] DEBUG SolarWinds.InformationService.Contract2.InfoServiceProxy - Creating channel factory for Information Service @ net.tcp://smpnetopp01:17777/SolarWinds/InformationService/v3/Orion/ad

                                          2014-03-10 13:44:36,121 [1] ERROR SolarWinds.InformationService.Contract2.InfoServiceProxy - An error occured opening a connection to the orion communication service.

                                          System.ServiceModel.Security.SecurityNegotiationException: Either the target name is incorrect or the server has rejected the client credentials. ---> System.Security.Authentication.InvalidCredentialException: Either the target name is incorrect or the server has rejected the client credentials. ---> System.ComponentModel.Win32Exception: The logon attempt failed

                                             --- End of inner exception stack trace ---

                                             at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult)

                                             at System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential credential, ChannelBinding binding, String targetName, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel allowedImpersonationLevel)

                                             at System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential credential, String targetName, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel allowedImpersonationLevel)

                                             at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)

                                             --- End of inner exception stack trace ---

                                           

                                           

                                          Server stack trace:

                                             at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)

                                             at System.ServiceModel.Channels.StreamSecurityUpgradeInitiatorBase.InitiateUpgrade(Stream stream)

                                             at System.ServiceModel.Channels.ConnectionUpgradeHelper.InitiateUpgrade(StreamUpgradeInitiator upgradeInitiator, IConnection& connection, ClientFramingDecoder decoder, IDefaultCommunicationTimeouts defaultTimeouts, TimeoutHelper& timeoutHelper)

                                             at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.SendPreamble(IConnection connection, ArraySegment`1 preamble, TimeoutHelper& timeoutHelper)

                                             at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.DuplexConnectionPoolHelper.AcceptPooledConnection(IConnection connection, TimeoutHelper& timeoutHelper)

                                             at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)

                                             at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)

                                             at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

                                             at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)

                                             at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

                                             at System.ServiceModel.Channels.CommunicationObject.Open()

                                           

                                           

                                          Exception rethrown at [0]:

                                             at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

                                             at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

                                             at System.ServiceModel.ICommunicationObject.Open()

                                             at SolarWinds.InformationService.Contract2.InfoServiceProxy.Open()

                                          2014-03-10 13:44:36,125 [1] ERROR SwqlStudio.MainForm - Failed to connect

                                          System.ServiceModel.Security.SecurityNegotiationException: Either the target name is incorrect or the server has rejected the client credentials. ---> System.Security.Authentication.InvalidCredentialException: Either the target name is incorrect or the server has rejected the client credentials. ---> System.ComponentModel.Win32Exception: The logon attempt failed

                                             --- End of inner exception stack trace ---

                                             at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult)

                                             at System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential credential, ChannelBinding binding, String targetName, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel allowedImpersonationLevel)

                                             at System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential credential, String targetName, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel allowedImpersonationLevel)

                                             at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)

                                             --- End of inner exception stack trace ---

                                           

                                           

                                          Server stack trace:

                                             at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)

                                             at System.ServiceModel.Channels.StreamSecurityUpgradeInitiatorBase.InitiateUpgrade(Stream stream)

                                             at System.ServiceModel.Channels.ConnectionUpgradeHelper.InitiateUpgrade(StreamUpgradeInitiator upgradeInitiator, IConnection& connection, ClientFramingDecoder decoder, IDefaultCommunicationTimeouts defaultTimeouts, TimeoutHelper& timeoutHelper)

                                             at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.SendPreamble(IConnection connection, ArraySegment`1 preamble, TimeoutHelper& timeoutHelper)

                                             at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.DuplexConnectionPoolHelper.AcceptPooledConnection(IConnection connection, TimeoutHelper& timeoutHelper)

                                             at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)

                                             at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)

                                             at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

                                             at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)

                                             at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

                                             at System.ServiceModel.Channels.CommunicationObject.Open()

                                           

                                           

                                          Exception rethrown at [0]:

                                             at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

                                             at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

                                             at System.ServiceModel.ICommunicationObject.Open()

                                             at SolarWinds.InformationService.Contract2.InfoServiceProxy.Open()

                                             at SwqlStudio.ConnectionInfo.Connect()

                                             at SwqlStudio.MainForm.AddNewQueryTab()