PowerShell script exchange
Post Reply
OMW72
Enthusiast
Posts: 31
Liked: 3 times
Joined: Nov 16, 2022 2:18 pm
Contact:
Contact OMW72

Error message during work through KB4632

Post by OMW72 »

Hi R&D Team,
we received the malware detection event encrypted date for a VM.
Therefore we work through the KB4632.
When we execute the command: PS C:\temp\Investigation Tool Files> .\find-encrypted-data.ps1 1cc9b10c-a61e-4ecf-b0ce-975a19c0e72
the following message occurred:

Code: Select all

Previous clean restore point: 5ccb715d-2d33-40cf-b519-28bb7c11c7ea
Current suspicious restore point: 6f8f18ff-e539-459b-bc65-f5f0bd2c98b7
Mounting suspicious restore point...
Processing disk 6000C295-3157-cc88-27c1-5141f1a4ec9f...
Loading disk index delta...
Collecting suspicious offsets for disk ...
Get-MountSessionDevicesMap : Cannot bind argument to parameter 'DiskId' because it is an empty string.
At C:\temp\Investigation Tool Files\find-encrypted-data.ps1:75 char:99
+ ... tedDevices | Get-MountSessionDevicesMap -DiskId $delta.DiskId -LocalM ...
+                                                     ~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-MountSessionDevicesMap], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed,Get-MountSessionDevicesMap

We used that KB several times for other VM´s without any problems.
Any thoughts why we get that one?
Thanks for your help.
regards,
Oliver
Top
david.domask
Veeam Software
Posts: 2736
Liked: 629 times
Joined: Jun 28, 2016 12:12 pm
Contact:
Contact david.domask

Re: Error message during work through KB4632

Post by david.domask »

Hi OMW72,

This line from the script is unable to work because $delta.diskID returned an empty string as per the error:

$mountMap = $session.MountSession.MountedDevices | Get-MountSessionDevicesMap -DiskId $delta.DiskId -LocalMountDir $localMountDir

This is unexpected and it's unclear why this is returned empty for that restore point, so it's best to open a Support Case and let Support review the situation. Please include logs for Support to review. (Use the 3rd radio button to export logs from hosts, select the Veeam server itself to export from) Please mention the restore point IDs in the case so Support will know which restore point to check.

Please share your case number once created; I don't think that this is an error from your side, it sounds like the restore point that failed to be checked needs review, but it's unclear why the script is having issues on this particular restore point from just the error above.
David Domask | Product Management: Principal Analyst
Top
OMW72
Enthusiast
Posts: 31
Liked: 3 times
Joined: Nov 16, 2022 2:18 pm
Contact:
Contact OMW72

Re: Error message during work through KB4632

Post by OMW72 » 1 person likes this post

Hi David,
Thanks for the quick response in this matter.
As requested the case Id :Case # 07715151

Regards,
Oliver
Top
Post Reply

Return to “PowerShell”



Who is online

Users browsing this forum: Google [Bot] and 11 guests