?
Solved

Powershell Invoke-Command headache

Posted on 2014-03-19
3
Medium Priority
?
418 Views
Last Modified: 2014-03-20
Writing a powershell script that I can schedule to run automagically, every couple weeks.  Script is to enumerate all servers on the network, enumerate services running with domain accounts, generate a new password, update AD and then update the service.

Through much troubleshooting I've basically identified that one line quite plainly isn't running.  Yet when I do it manually it does run.

I have tried the invocations from two methods, which I assume are transparent, but tested anyways:
$ses=New-PSSession -ComputerName $service.SystemName
Invoke-Command -Session $ses -ScriptBlock {}

#and

Invoke-Command -ComputerName $service.SystemName -ScriptBlock {}

Open in new window


So, here we go.  New-Password is a string generator that I wrote to meet my password requirements.  The line which I believe is not working correctly is line 11.
		foreach ($service in $managerservices){
			Write-Verbose "Beginning Service $($service.name)"
			$password = New-Password 10
			$secureADpassword = ConvertTo-SecureString -String $password -AsPlainText -force
			Set-ADAccountPassword -Identity $service.StartName.Split("\")[1] -NewPassword $secureADpassword -reset
			Write-Verbose "Invoking on $($service.SystemName)"
			Invoke-Command -ComputerName $Service.SystemName -ScriptBlock {
				param($service,$password)
				$secureServicepassword= ConvertTo-SecureString -String $password -Force -AsPlainText;
				$newservice=get-wmiobject win32_service -filter "name='$($service.name)'";
				$newservice.Change($null,$null,$null,$null,$null,$null,$newservice.StartName,$secureServicepassword,$null,$null,$null);#THIS LINE DOES NOT WORK
				$newservice.StopService();
				$newservice.StartService();
			} -ArgumentList $service,$password
			write-verbose "Adding $($service.Name) to array"
			$servlog = New-Object System.Object
			$servlog | add-member -type NoteProperty -name Server -value $service.SystemName
			$servlog | add-member -type NoteProperty -name Service -value $service.Name
			$servlog | add-member -type NoteProperty -name Username -value $service.StartName
			$servlog | add-member -type NoteProperty -name Password -value $password
			$servicesmanaged+=$servlog;
			
			$MASTERLIST +=$servlog
		}

Open in new window


I'm probably doing something stupid.  But I can't seem to see it.

Interestingly, the return output for the commands is (apart from the startservice method) entirely what I would expect to see.

It's being tested on a service with a manual startup, presently stopped.

WMI response for the change command is status code 0 (worked?!)
WMI response for the stop command is status code 5 (cannot accept control).  That said, if I start the service, it returns status code 0.
WMI response for the start command is status code 15 (invalid login)

If I manually type the new password into the service via the services.msc I am able to start the service
0
Comment
Question by:lunanat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 40

Accepted Solution

by:
footech earned 2000 total points
ID: 39941161
It wouldn't surprise me if the command doesn't accept the password as a secure string.  I would try just specifying a plain text password in the command to see if it works.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39942043
... which means just use $password in the WMI call instead of $secureServicepassword.
0
 
LVL 1

Author Closing Comment

by:lunanat
ID: 39942500
I guess that's what I get for expecting Microsoft to be secure.  Thanks!
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question