PowerShell script exchange
Post Reply
manuel.aigner
Enthusiast
Posts: 35
Liked: 5 times
Joined: Sep 25, 2017 8:25 am
Full Name: Manuel Aigner
Contact:

How to modify/update existing credential

Post by manuel.aigner »

Hi there,

We are new at implementing Veeam BR at our companie.
Due to the fact we have many windows domains and a lot of machines without domain membership we have the need maintain a quite big credential store in VBR. As we don't do this manually and we have an password vault (Secret Server from Thycotic), I'm working on a script which keeps the Veeam credstore sync with Secret Server which has da ability to remote manage/change passwords on any of our VMs. (By our company policy it's not allowed have never expiring passwords. Specially for administrativ users)

ATM I'm struggling around with the 2 cmdlets Add-VBRCredentials and Set-VBRCredentials. To create a new credential is no problem. But I have no idea how to edit an existing one in case the password has changed. As I've read in documentation I should use Set-VBRCredentials for this use case.
But IMHO Add-VBRCredentials and Set-VBRCredentials are doing nearly the same.

I don't know how this cmdlet want's to know which credential im want to change. I cant define an ID or search criteria. My first trial was to pipeline it with

Code: Select all

get-VBRCredentials -Name  <loginname> | set-VBRCredentials -Credential $PSCredentialObjectFromSecretServer->not Working
get-VBRCredentials | where { <where clause> } | set-VBRCredentials -Credential $PSCredentialObjectFromSecretServer -> nope!
If i only try

Code: Select all

set-VBRCredentials -Credential $PSCredentialObjectFromSecretServer
It will only generate a new credential with the same name as the existing one but a new ID which is clearly not assigned to any jobs and as consequence useless.

Does anyone of you have any ideas

Here my unfinished function:

Explanation:
My script should only update secrets where description field looks like this:
SecretID:<correlatingSecredIDOnSecredServer>
E.g.:
SecredID:1234



Code: Select all

function Update-VeeamCredFromSecretServer {
<#
.SYNOPSIS
Update existing Veeam credential from Secret Server

.DESCRIPTION
Update existing Veeam credential from Secret Server

.PARAMETER SecretIDs
A description of the SecretIDs parameter.

.PARAMETER ConnectionObject
A description of the ConnectionObject parameter.

.EXAMPLE
PS C:\> Update-VeeamCredFromSecretServer

.NOTES
Additional information about the function.
.ROLE
VersionsDateAuthorDescription
0.0.1.0010.11.2017AIMCreated
#>

[CmdletBinding()]
param
(
[int[]]$SecretIDs,
$ConnectionObject,
[string]$VeeamMGMTSrv = '...hidden...',
[string]$DescriptionPrefix = 'SecretID',
[switch]$force

)

if (!($ConnectionObject)) {
$ConnectionObject = Connect-POISecretServer
if (-not ($ConnectionObject)) {
return Write-StatusLog -8778 "-Unable to connect to SecretServer!" -ObjectLogging -ObjIsOK:$false
}

}

if (!(Connect-POIVeeamMGTMServer -VeeamMGMTSrv $VeeamMGMTSrv).OK) {
return Write-StatusLog -8778 "-Script aborted, unable to connect to '$VeeamMGMTSrv'" -ObjectLogging -ObjIsOK:$false
}

try {
$VeeamCreds = Get-VBRCredentials -ErrorAction Stop | where {$_.Description -like "$($DescriptionPrefix):*"}
} catch {
return Write-StatusLog -8778 "-Unable to fetch credentials list from Veeam for automatical update , Last exception:`r`n'$($_.Exception)`r`n$($_.CategoryInfo)'" -ObjectLogging -ObjIsOK:$false -ObjInput $_
}

if (![bool]$SecretIDs) {
try {
[int[]]$SecretIDs = (($VeeamCreds.Description).split(":")) | where {
$_ -ne $($DescriptionPrefix)
}
} catch {
return Write-StatusLog -8778 "-Unable to fetch credentials list from Veeam for automatical update , Last exception:`r`n'$($_.Exception)`r`n$($_.CategoryInfo)'" -ObjectLogging -ObjIsOK:$false -ObjInput $_
}
}

if (![bool]$SecretIDs) {
return Write-StatusLog 0 "No SecretID given and no Veeam credential found for automatical update." -ObjectLogging -ObjIsOK:$true
}



foreach ($SecredIDNow in $SecretIDs) {
$Crednow = $VeeamCreds | where {
$_.Description -like "$($DescriptionPrefix):$($SecredIDNow)"
}
if (!$force.IsPresent) {
$SecretLastChange = Get-POISecretAudit -ConnectionObject $ConnectionObject -SecretID $SecredIDNow -FilterAction GetLatestChange | select -ExpandProperty DateRecorded
$CredLastChange = $Crednow | select -ExpandProperty ChangeTimeLocal

if (!($SecretLastChange -gt $CredLastChange)) {
Write-StatusLog 8771 "+Credential with ID '$SecredIDNow' is already current. No update needed. " -Autocolor
continue
}
}

$Secret = Get-POISecret -ID $SecredIDNow -ConnectionObject $ConnectionObject
if (!$Secret.OK) {
Write-StatusLog -8778 "-Unable to fetch secret with ID '$SecredIDNow' from Secret Server. , Last exception:`r`n'$($_.Exception)`r`n$($_.CategoryInfo)'" -ObjectLogging -ObjIsOK:$false -ObjInput $_
continue
}

try {
Set-VBRCredentials -Credential $Secret.obj.Credential -ErrorAction Stop
} catch {
return Write-StatusLog -8778 "-Error while updating credential with ID '$SecredIDNow', Last exception:`r`n'$($_.Exception)`r`n$($_.CategoryInfo)'" -ObjectLogging -ObjIsOK:$false -ObjInput $_
}

return Write-StatusLog 0 "Credential '$($Crednow.Name)' updated sucessfully." -ObjectLogging -ObjIsOK:$false



}



}

veremin
Product Manager
Posts: 20413
Liked: 2302 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: How to modify/update existing credential

Post by veremin » 1 person likes this post

I managed to update password and description, using the script below:

Code: Select all

Asnp VeeamPSSnapin
Set-VBRCredentials -Credential (Get-VBRCredentials -name "Name of your credentials") -Password "New Password" -Description "New Description"
Thanks.
manuel.aigner
Enthusiast
Posts: 35
Liked: 5 times
Joined: Sep 25, 2017 8:25 am
Full Name: Manuel Aigner
Contact:

Re: How to modify/update existing credential

Post by manuel.aigner »

Oh, ok I' got it!

Many thanks :)
veremin
Product Manager
Posts: 20413
Liked: 2302 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: How to modify/update existing credential

Post by veremin »

You're welcome. Kindly, reach us, should other help be needed. Thanks.
ThierryKL
Novice
Posts: 5
Liked: 1 time
Joined: Sep 18, 2019 8:13 am
Full Name: Thierry Kleinhentz
Contact:

Re: How to modify/update existing credential

Post by ThierryKL »

Hello,

when I try to change a credential, description or password I got this error :

Code: Select all

PS C:\> set-VBRCredentials -Credential (Get-VBRCredentials -name "BENCHSA.INT\srvbck_deploy") -Description "TKL-VBR-REMOTE.BENCHSA.INT_admcred"
set-VBRCredentials : Object reference not set to an instance of an object.
At line:1 char:1
+ set-VBRCredentials -Credential (Get-VBRCredentials -name "BENCHSA.INT ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Set-VBRCredentials], NullReferenceException
    + FullyQualifiedErrorId : System.NullReferenceException,Veeam.Backup.PowerShell.Cmdlets.SetVBRCredentials
the get-vbrcredentials cmdlet return the right credential

Code: Select all

PS C:\> $a=Get-VBRCredentials -Name "BENCHSA.INT\srvbck_deploy"

PS C:\> $a


Id                : 848f820c-1469-4ea8-8cfe-18e896d7ae51
IsLocalProtect    : True
Name              : BENCHSA.INT\srvbck_deploy
CurrentUser       : False
UserName          : BENCHSA.INT\srvbck_deploy
UserNameOnly      : srvbck_deploy
DomainName        : BENCHSA.INT
EncryptedPassword : 
Description       : TKL-VBR-REMOTE.BENCHSA.INT_admcred
ChangeTimeLocal   : 18/09/2019 09:48:08
ChangeTimeUtc     : 18/09/2019 07:48:08
IsEmpty           : False
PasswordIsNull    : True
same result by using the credential object

Code: Select all

PS C:\> set-VBRCredentials -Credential $a -Description "TKL-VBR-REMOTE.BENCHSA.INT_admcred false"
set-VBRCredentials : Object reference not set to an instance of an object.
At line:1 char:1
+ set-VBRCredentials -Credential $a -Description "TKL-VBR-REMOTE.BENCHS ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Set-VBRCredentials], NullReferenceException
    + FullyQualifiedErrorId : System.NullReferenceException,Veeam.Backup.PowerShell.Cmdlets.SetVBRCredentials
Anyone got the same error ?

Veeam version 9.5 UPdate 4b

Thierry
chris.arceneaux
VeeaMVP
Posts: 695
Liked: 374 times
Joined: Jun 24, 2019 1:39 pm
Full Name: Chris Arceneaux
Location: Georgia, USA
Contact:

Re: How to modify/update existing credential

Post by chris.arceneaux » 1 person likes this post

Welcome to the Veeam forums Thierry!

I can confirm this behavior and it is not as expected. I'll follow-up internally to have this addressed. Thanks for posting!

Image
ThierryKL
Novice
Posts: 5
Liked: 1 time
Joined: Sep 18, 2019 8:13 am
Full Name: Thierry Kleinhentz
Contact:

Re: How to modify/update existing credential

Post by ThierryKL »

Hello Chris,

thank you for passing on the problem

Regards.
Thierry
veremin
Product Manager
Posts: 20413
Liked: 2302 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: How to modify/update existing credential

Post by veremin »

We're investigating this internally. Will update the topic, once I have more information.
veremin
Product Manager
Posts: 20413
Liked: 2302 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: How to modify/update existing credential

Post by veremin » 1 person likes this post

Confirmed to be a bug with standard (Windows) credentials; will be fixed in the next product update. Thanks!
ThierryKL
Novice
Posts: 5
Liked: 1 time
Joined: Sep 18, 2019 8:13 am
Full Name: Thierry Kleinhentz
Contact:

Re: How to modify/update existing credential

Post by ThierryKL » 1 person likes this post

Thank You veremin,

So we have to wait

Regards
jenreovh
Lurker
Posts: 2
Liked: never
Joined: Nov 27, 2019 12:49 pm
Contact:

Re: How to modify/update existing credential

Post by jenreovh »

Hello

We have the same bug, but what do you mean by "standard (Windows) credentials", is there a workaround before the availability of the update?

jean-rémy
chris.arceneaux
VeeaMVP
Posts: 695
Liked: 374 times
Joined: Jun 24, 2019 1:39 pm
Full Name: Chris Arceneaux
Location: Georgia, USA
Contact:

Re: How to modify/update existing credential

Post by chris.arceneaux »

Welcome to the Veeam forums jean-rémy!
jenreovh wrote:what do you mean by "standard (Windows) credentials"
When you're creating credentials in the Veeam Backup & Replication Console, you'll notice there are 3 different types:

Image

Image

A standard type is used for inputting Windows credentials.
jenreovh wrote:is there a workaround before the availability of the update?
Please open a case with Veeam support so they can further assist you.
jenreovh
Lurker
Posts: 2
Liked: never
Joined: Nov 27, 2019 12:49 pm
Contact:

Re: How to modify/update existing credential

Post by jenreovh »

Thank you , i'll ask for support so .
Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests