Solved

Powershell Invoke-Command headache

Posted on 2014-03-19
3
412 Views
Last Modified: 2014-03-20
Writing a powershell script that I can schedule to run automagically, every couple weeks.  Script is to enumerate all servers on the network, enumerate services running with domain accounts, generate a new password, update AD and then update the service.

Through much troubleshooting I've basically identified that one line quite plainly isn't running.  Yet when I do it manually it does run.

I have tried the invocations from two methods, which I assume are transparent, but tested anyways:
$ses=New-PSSession -ComputerName $service.SystemName
Invoke-Command -Session $ses -ScriptBlock {}

#and

Invoke-Command -ComputerName $service.SystemName -ScriptBlock {}

Open in new window


So, here we go.  New-Password is a string generator that I wrote to meet my password requirements.  The line which I believe is not working correctly is line 11.
		foreach ($service in $managerservices){
			Write-Verbose "Beginning Service $($service.name)"
			$password = New-Password 10
			$secureADpassword = ConvertTo-SecureString -String $password -AsPlainText -force
			Set-ADAccountPassword -Identity $service.StartName.Split("\")[1] -NewPassword $secureADpassword -reset
			Write-Verbose "Invoking on $($service.SystemName)"
			Invoke-Command -ComputerName $Service.SystemName -ScriptBlock {
				param($service,$password)
				$secureServicepassword= ConvertTo-SecureString -String $password -Force -AsPlainText;
				$newservice=get-wmiobject win32_service -filter "name='$($service.name)'";
				$newservice.Change($null,$null,$null,$null,$null,$null,$newservice.StartName,$secureServicepassword,$null,$null,$null);#THIS LINE DOES NOT WORK
				$newservice.StopService();
				$newservice.StartService();
			} -ArgumentList $service,$password
			write-verbose "Adding $($service.Name) to array"
			$servlog = New-Object System.Object
			$servlog | add-member -type NoteProperty -name Server -value $service.SystemName
			$servlog | add-member -type NoteProperty -name Service -value $service.Name
			$servlog | add-member -type NoteProperty -name Username -value $service.StartName
			$servlog | add-member -type NoteProperty -name Password -value $password
			$servicesmanaged+=$servlog;
			
			$MASTERLIST +=$servlog
		}

Open in new window


I'm probably doing something stupid.  But I can't seem to see it.

Interestingly, the return output for the commands is (apart from the startservice method) entirely what I would expect to see.

It's being tested on a service with a manual startup, presently stopped.

WMI response for the change command is status code 0 (worked?!)
WMI response for the stop command is status code 5 (cannot accept control).  That said, if I start the service, it returns status code 0.
WMI response for the start command is status code 15 (invalid login)

If I manually type the new password into the service via the services.msc I am able to start the service
0
Comment
Question by:lunanat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 39941161
It wouldn't surprise me if the command doesn't accept the password as a secure string.  I would try just specifying a plain text password in the command to see if it works.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39942043
... which means just use $password in the WMI call instead of $secureServicepassword.
0
 
LVL 1

Author Closing Comment

by:lunanat
ID: 39942500
I guess that's what I get for expecting Microsoft to be secure.  Thanks!
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help you understand what HashTables are and how to use them in PowerShell.
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question