rjholtz's questions -server

rjholtz

Asked: 2022-01-28 10:23:40 +0800 CST

AZCopy Login Fails from remote server through PSSession

I'm having a weird authentication problem with AZCopy Login, and kicking off the script via Scheduled Task as a Group Managed Service Account. Please try to follow along as I try to explain this complicated procedure... TLDR below.

We have a manufacturing production floor Windows computer (PC) that save files based on the widgets it makes. We need to save these long term and want to as Azure Blobs. So on this PC we have a Powershell script (Sync Script) that connects to the Azure Storage Account with 'AZCopy login...' using an Azure Service Principal. It then syncs files from the PC to Azure Blob Container. This script works fine when I run it on the PC as either my own user, or from a Powershell prompt run as a Group Managed Service Account in our domain.

We have a server that we run all of our different Powershell scripts from (Tasks Server). On this Tasks Server we have another powershell script (Kickoff Script) that that will create a New-PSSession to the above mentioned PC, then use Invoke-Command with that PSSession to run the above mentioned Sync Script on the PC. This works fine when I run it on the Tasks Server as my own user, and when I run it as a scheduled task as my user.

However, When I run powershell as a gMSA on Tasks Server, it fails the AZCopy Login. Even trying to run the commands one by one, not in a script, it fails. The error is:

Failed to perform login command: failed to encrypt token, The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.

I have run 'Enable-WSManCredSSP -role Client -DelegateComputer ', as well as 'Enable-WSManCredSSP -role Server' on the PC and the Tasks Server with no difference.

Can someone please help me understand why this is failing?

TLDR; Group Mananaged Service Account on Server1 runs a scheduled task powershell script to create PSSession and Invoke-Command on PC1. PC1 receives invocation and runs script as GMSA and runs azcopy.exe login with Service Principal and Fails.

rjholtz

Asked: 2015-08-26 06:45:50 +0800 CST

What services does Nagios notify per contact?

In Nagios 3.2.3, I'd like to see all the hosts/services that send notifications to a specific contact. Is that possible?

AZCopy Login Fails from remote server through PSSession

What services does Nagios notify per contact?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?