165 views

"Test credential" return Authentication failed via MID server



Issue


"Test credential" against the Target server which hosts the MID server return "Authentication failed"

 

Sympton


Test Credential returns "Authentication failed"

  

Enable debug mode in MID server by setting MID server properties "mid.log.level" to debug. Following message logged in MID server log 

01/18/18 15:51:51 (525) Worker-Interactive:CommandPipeline DEBUG: PowerShellConnectionFactory: unauthorized connection LocalPowerShellSession created for key PowerShellSessionPoolKey[target:192.168.226.130&port:135&fixed_cred:&tag:&unique_id:470f2020073303009531d3369616c325&type:wmi]
01/18/18 15:51:51 (525) PowerConsole>std DEBUG: STDOUT:
01/18/18 15:51:51 (541) PowerConsole>std DEBUG: STDOUT: MI8D_COMMAND_COMPLETE
01/18/18 15:51:51 (541) PowerConsole>std DEBUG: STDOUT:
01/18/18 15:51:51 (541) PowerConsole>std DEBUG: STDOUT: MI8D_COMMAND_COMPLETE
01/18/18 15:51:51 (634) PowerConsole>err DEBUG: STDERR: ?Get-WmiObject : User credentials cannot be used for local connections
01/18/18 15:51:51 (634) PowerConsole>err DEBUG: STDERR: At C:\mid.kingston-10-17-2017__patch1-12-12-2017_01-03-2018_0843.windows.x86-64\agent\scripts\Powershell\WinRMAPI\Credentials\Credentials.psm1:70 char:20
01/18/18 15:51:51 (634) PowerConsole>err DEBUG: STDERR: +     $results = gwmi <<<<  win32_operatingsystem -computer $computer -credential $cred -impersonation 3 -authentication 6 -EA "Stop";
01/18/18 15:51:51 (634) PowerConsole>err DEBUG: STDERR: + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], ManagementException
01/18/18 15:51:51 (634) PowerConsole>err DEBUG: STDERR: + FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
01/18/18 15:51:51 (634) PowerConsole>err DEBUG: STDERR:

  

Solution


This is expected behavior due to Powershell command "Get-WmiObject" cannot use credential against localhost. The powershell command use during test credential is something as below:

Get-WmiObject -Class Win32_ComputerSystem -ComputerName $computer -Credential $cred

When MID server pass the command to the target server (in this case the same server box as MID server on), the powershell command will return error as the command cannot run on localhost. It expects the command run to remote computer.

Article Information

Last Updated:2018-02-19 10:43:54
Published:2018-02-19