Issue is
I can't remotely run a script to Surebackup VMs with encrypted credentials.
Root cause is because I can't import the encrypted credentials with following code :
$cred = Import-Clixml file.dat
Error triggered is then "Key not valid for use in specified state"
That normally happens when one tries to import credential that were created by a different user.
But here I'm calling the script using SureBackup with the correct user.
Example
Originally 1 user called Bob creates encrypted credential using following method $cred = Get-Credential $cred | Export-Clixml C:\cred.dat
Content of script.ps1 could be just :
Code: Select all
#we import the encrypted credential. Then we use it to run a script remotely using invoke-command.
$cred = Import-Clixml C:\cred.dat
Invoke-Command -ComputerName $SurebackupVMIP -Credential $cred -ScriptBlock {
return get-content C:\TEMP\test.txt
}
I can run script.ps1 as Bob:
Example : windows task scheduler, and "When running the task, use the following user account" Bob Or Just simple powershell lines :
$cred = Get-Credential
===> I would input in the GUI Bob credentials ===> then run the script as Bob :
start-process powershell.exe -credential $cred -argumentlist "-File script.ps1"
that works ok
but with surebackup it would fail with error ( we can see it uses .net CreateProcessWithLogonW :
[30.07.2018 15:53:21] <01> Info [CreateProcessWLogon] Starting CreateProcess thread. Timeout: 60 sec
[30.07.2018 15:53:21] <01> Info [CreateProcessWLogon] Building StartupInfo
[30.07.2018 15:53:21] <01> Info [CreateProcessWLogon] CreateProcess thread started. Waiting for complete
[30.07.2018 15:53:21] <51> Info [CreateProcessWLogon] Calling CreateProcessWithLogonW. User: bob. Domain: mydomain. CmdLine: C:\Windows\system32\windowspowershell\v1.0\powershell.exe -NoLogo -NonInteractive -NoProfile -Command "C:\script.ps1" 192.168.255.32. WorkingDir: C:\Program Files\Veeam\Backup and Replication\Backup
[30.07.2018 15:53:21] <51> Info [CreateProcessWLogon] CreateProcessWithLogonW call success
[30.07.2018 15:53:21] <01> Info [CreateProcessWLogon] CreateProcess thread completed
[30.07.2018 15:53:22] <54> Info [SureBackup] [DUB-INTRAWEB] [ScriptTests] [Console] Import-Clixml : Key not valid for use in specified state.
[30.07.2018 15:53:22] <54> Info [SureBackup] [DUB-INTRAWEB] [ScriptTests] [Console] At C:\script.ps1:22 char:23
[30.07.2018 15:53:22] <54> Info [SureBackup] [DUB-INTRAWEB] [ScriptTests] [Console] + ... aths_cred = Import-Clixml C:\cred.dat ...
[30.07.2018 15:53:22] <54> Info [SureBackup] [DUB-INTRAWEB] [ScriptTests] [Console] +
So bottom line, how to run a script remotely in a secure way on a Surebackup VM and powershell ? How do people do ?
Only workaround I found is to have credential in clear in the script which is not secure.
thank you,