Description
Description
When running SCCM related Orchestration activities, below error might be received:
Authentication failure with the local MID server service credential.
Troubleshooting
The first step is to open the input ECC that has error: "Authentication failure with the local MID server service credential."
Then open the output ECC, in the payload, it should have something similar to:
<parameter name="MIDScriptFile" value="scripts\PowerShell\SCCM\GetApplications.ps1"/>
Change this tag to
<parameter name="script.ps1" value="ls"/>
Then run the ECC again (set state to ready, clear processed field and sequence field, insert and stay).
It should fail with same error: Authentication failure with the local MID server service credential.
This indicates the failure occurs at "test credential" step before the actual script runs.
The issue is usually caused by PSDrive CMSite not available on Target SCCM Server.
To fix this, use the SCCM credential to log into the SCCM Server and connect via Windows PowerShell from the System Center Configuration Manager console.
Once this is done, the PSDrive is created for the credential after the ConfigurationManager module is loaded.
This requirement is documented in below product doc:
Create Windows credentials for SCCM deployments
To confirm this, or to find out what exactly is happening, below steps can be used:
(Note: the testing scripts are created from MID Server script: credentials.psm1, under function testCredentialSCCM )
On MID Server host, run below PowerShell commands:
$computer = "FQDN of the target SCCM Server";
$cred = get-credential; #put in the Windows Credential
$session = New-PSSession -computername $computer -configurationName Microsoft.PowerShell32 -Credential $cred;
invoke-command -session $session -scriptblock {import-module -name "$(split-path $env:SMS_ADMIN_UI_PATH)\ConfigurationManager.psd1";get-module};
Above command confirms the module is loaded. It should show the module with name "ConfigurationManager". Sample result:
The module above loads PSDrive with provider CMSite. Now let's confirm the drive is mapped by following command:
invoke-command -session $session -scriptblock {import-module -name "$(split-path $env:SMS_ADMIN_UI_PATH)\ConfigurationManager.psd1";get-psdrive -psprovider CMSite};
Sample result:
If the output is empty, or says drive with CMSite provider not available, it means the drive hasn't been created.
Follow Create Windows credentials for SCCM deployments to do below:
Use the credential to log into the SCCM Server and connect via Windows PowerShell from the System Center Configuration Manager console at least once to set the path variable for that credential.
Applicable Versions
Kingston, London, Madrid