0

I'm having a problem getting a PowerShell script which queries objects in a cloud-based Exchange resource to work in an Orchestrator runbook.

The PowerShell script (which works correctly from my desktop computer's command line and when stepping through it in ISE) sets up a remote management session to the cloud and looks like this:

try 
{
$user = "username@domain.com"
$pword = convert-toSecureString -string "password" -asplaintext -force
$creds = new-object -typename system.management.automation.pscredential -argumentlist $user, $pword
$o365 = new-pssession -configurationname Microsoft.Exchange -connectionuri https://ps.outlook.com -credential $creds -authentication basic - allowredirection
import-pssession $o365 -allowclobber -prefix o365
get-o365Mailbox 'Doe, John'
} 
catch
{
throw $_.exception
}

As I mentioned, it runs fine when I step through it in the editor on my desktop but when executed inside the Orchestrator runbook it fails on the "import-pssession" command (because the $o365 is never set).

I've taken the PowerShell script and run it manually on the actual runbook server and it works there as well as it does on my own desktop -- it's only when run inside of an Orchestrator runbook that it won't function. I only have a few weeks experience with Orchestrator and didn't know I'd run into a problem like this so quickly -- I am trying to run the script in a "Run .Net Script" activity with the language set to "Powershell," which I believe is the recommended method.

I've tried saving the script as a file on the runbook server and then used the "Run Program" activity to run PowerShell with this file (recommended by someone during my searching) and that doesn't work either.

halfer
  • 19,824
  • 17
  • 99
  • 186
David Graper
  • 26
  • 4

3 Answers3

0

Is the Orchestrator service account that's running the script a member of the Exchange RBAC role groups? If not, it won't be allowed to connect to those Exchange management sessions.

mjolinor
  • 66,130
  • 7
  • 114
  • 135
  • I'm not sure that would be relevant -- it would seem that the security context is set by the credentials specified in the "new-pssession" command. These credentials seem satisfactory when running the script from the PowerShell command line from anywhere (the runbook server or from any other machine on the Internet) – David Graper Nov 22 '13 at 14:23
0

The problem turned out to be related to the client's firewall and proxy settings for the service account they set up to be used by Orchestrator. They (the clients) would not grant the service account Internet access as a matter of policy.

A couple of different solutions came up: One was installing the PowerShell integration pack from CodePlex and using that -- the CodePlex PowerShell activity allowed me to explicitly set the security context of the activity, which let me get around their firewall issue by running the activity under an account which did have Internet access.

The second solution was installing the Exchange Admin integration pack and configuring a connection to the cloud host. Using the "Run Exchange PowerShell Command" activity rather than the more generic "Run .NET script" activity also allowed the code to work as expected.

David Graper
  • 26
  • 4
0

Orchestrator is still x86 and the commands in your script will only run in x64. Test this in your x86 ISE and see the same failure. My workaround is to call the script using the "Run Program" activity within the System activities list.:

Program execution Computer = I always start with initialize activity and then subscribe to the computer here Program path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Parameters: full path to the .ps1 of your script Working folder: c:\temp

user8168912
  • 59
  • 2