Unable to import credential with powershell and surebackup

PowerShell script exchange

Unable to import credential with powershell and surebackup

Veeam Logoby frigomiam » Fri Aug 03, 2018 3:18 pm

Hi all,

Issue is
I can't remotely run a script to Surebackup VMs with encrypted credentials.

Root cause is because I can't import the encrypted credentials with following code :
$cred = Import-Clixml file.dat

Error triggered is then "Key not valid for use in specified state"

That normally happens when one tries to import credential that were created by a different user.
But here I'm calling the script using SureBackup with the correct user.

Example

Originally 1 user called Bob creates encrypted credential using following method $cred = Get-Credential $cred | Export-Clixml C:\cred.dat


Content of script.ps1 could be just :
Code: Select all
#we import the encrypted credential. Then we use it to run a script remotely using invoke-command.
$cred = Import-Clixml  C:\cred.dat
Invoke-Command -ComputerName $SurebackupVMIP -Credential $cred  -ScriptBlock {
return get-content C:\TEMP\test.txt
}



I can run script.ps1 as Bob:
Example : windows task scheduler, and "When running the task, use the following user account" Bob Or Just simple powershell lines :
$cred = Get-Credential
===> I would input in the GUI Bob credentials ===> then run the script as Bob :
start-process powershell.exe -credential $cred -argumentlist "-File script.ps1"

that works ok
but with surebackup it would fail with error ( we can see it uses .net CreateProcessWithLogonW :


[30.07.2018 15:53:21] <01> Info [CreateProcessWLogon] Starting CreateProcess thread. Timeout: 60 sec
[30.07.2018 15:53:21] <01> Info [CreateProcessWLogon] Building StartupInfo
[30.07.2018 15:53:21] <01> Info [CreateProcessWLogon] CreateProcess thread started. Waiting for complete
[30.07.2018 15:53:21] <51> Info [CreateProcessWLogon] Calling CreateProcessWithLogonW. User: bob. Domain: mydomain. CmdLine: C:\Windows\system32\windowspowershell\v1.0\powershell.exe -NoLogo -NonInteractive -NoProfile -Command "C:\script.ps1" 192.168.255.32. WorkingDir: C:\Program Files\Veeam\Backup and Replication\Backup
[30.07.2018 15:53:21] <51> Info [CreateProcessWLogon] CreateProcessWithLogonW call success
[30.07.2018 15:53:21] <01> Info [CreateProcessWLogon] CreateProcess thread completed
[30.07.2018 15:53:22] <54> Info [SureBackup] [DUB-INTRAWEB] [ScriptTests] [Console] Import-Clixml : Key not valid for use in specified state.
[30.07.2018 15:53:22] <54> Info [SureBackup] [DUB-INTRAWEB] [ScriptTests] [Console] At C:\script.ps1:22 char:23
[30.07.2018 15:53:22] <54> Info [SureBackup] [DUB-INTRAWEB] [ScriptTests] [Console] + ... aths_cred = Import-Clixml C:\cred.dat ...

[30.07.2018 15:53:22] <54> Info [SureBackup] [DUB-INTRAWEB] [ScriptTests] [Console] +


So bottom line, how to run a script remotely in a secure way on a Surebackup VM and powershell ? How do people do ?
Only workaround I found is to have credential in clear in the script which is not secure.

thank you,
frigomiam
Enthusiast
 
Posts: 38
Liked: 4 times
Joined: Tue Nov 25, 2014 3:47 pm
Full Name: francois nature

Re: Unable to import credential with powershell and sureback

Veeam Logoby frigomiam » Thu Aug 09, 2018 2:48 pm

I found a workaround. Basically I don't attempt to run a script remotely using invoke-command. I'm just reading a file that is on a C drive of the replica, example : get-content \\nameofreplica\c$\temp\nameofile

Would be great though if one could import credential for the purpose of surebackup.
But now I won't need it
frigomiam
Enthusiast
 
Posts: 38
Liked: 4 times
Joined: Tue Nov 25, 2014 3:47 pm
Full Name: francois nature


Return to PowerShell



Who is online

Users browsing this forum: No registered users and 7 guests