DVLS Module: Error while retreiving tokens

Hello Andreas,

Thank you for reporting this issue.

At the moment, I can connect on DVLS 2022.2.6 using a DVLS Custom account. Is it a domain you're trying to use to connect using the DVLS PowerShell module?

Best regards,

Hi Erica

Thank your for the Answer.

Im using a Domain Account as before. But now with Application Secrets it works.

Best Regards,
Andreas

Hi Andreas,

Thank you for your feedback.

I cannot reproduce the issue using a domain account. I can connect without any problem.

Using the Application Secret is really a good idea.

Let us know if you want to investigate further more the domain authentication problem from PowerShell.

Best regards,

Hi Erica,
We have same problem as Andreas mentioned.
You mentioned in you last post term Application Secret. What does it mean? Is it Devolutions Server local account?

When I use powershell commands to create new session mentioned below and when I use valid domain account than I receive same error as Andreas: Error while retreiving tokens. I have tried login via Web or RDM to Devolutions server with this domain account, then it works.

$cred = Get-Credential

PowerShell credential request
Enter your credentials.

New-DSSession -Credential $cred -BaseUri https://***************
Exception: ******\PowerShell\Modules\Devolutions.Server\2022.2.6.1\Private\OAuth (WIP)\Request-DSOAuthAccessToken.ps1:25
Line |
25 | throw 'Error while retreiving tokens.'
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Error while retreiving tokens.


I have installed latest powershell module Devolutions.Server 2022.2.6.1 and Powershell 7.2.5
Is there any switch like in Web version for login via domain account in command New-DSSession?
But we need to run our powershell scripts with domain accounts.

Best regards
Jakub

Hello Jakub,

Thank you for your feedback.

I will ask our engineering team to investigate this Error while retrieving tokens message.

About the Application Secret, you can create it in Administration - Applications. Please this online documentation page about it.
https://helpserver.devolutions.net/webinterface_applications.html

Once I will get any information about the error message, I will let you know.

Best regards,

Hello Jakub,

I've tried logging in with a domain user and it works as expected on my end.

Could you please check your logs after a failed attempt to see if we could find anything useful there?
"Reports -> Data source logs" & "Reports -> Login attempts"

Also, please let me know your current Devolutions Server's version.

Best regards,

Hello Erica and Alexandre,
Erica, thank you for explenations. I going to try it.

Alexandre, we have installed Devolutions Server verzion 2022.2.6.0 in test and production environment. I have installed PS module 2022.2.6.1. Upgrade to this last version was without any issue in both cases.
I have tried login again and I found in log file these last events:
2022-07-25 07:58:19,385 INFO [52] OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ProcessJsonResponse`1+<HandleAsync>d__3.MoveNext - The response was successfully returned as a JSON document: {
"error": "authorization_pending",
"error_description": "The authorization has not been granted yet by the end user.",
"error_uri": "https://documentation.openiddict.com/errors/ID2014"
}.

Best regards
Jakub

Hello Erica and Alexandre,
do you have any news for us about this case?

Thank you
Best regards
Jakub

Hello Jakub,

I will verify with Alexandre what could be the problem.

About the account you are using to connect, do you get any logs in Reports - Login Attempt on the DVLS web UI?

Best regards,

Hello Jakub,

Could you please make sure that the Scripting application has the Is Allowed and Default Access options enabled in Administration - System Settings - Application Access?



Best regards,

Hello Erica,
answer for your first question: Yes,I can see logs when I try to login with a powershell script.You can see part of this log in screen below (FYI username in this log is correct)


answer for your second question: Yes, we have still enabled it as you can see below

Hello Jakub,

Thank you for your feedback.

With the New-DSSession cmdlet, when using an Application to connect to DVLS, we must use the -AsApplication switch like this sample.

$DS_URL= 'https://server/dvls'
$appSecret = 'longkey'
$appKey = 'key'
[securestring]$Password = ConvertTo-SecureString $appSecret -AsPlainText -Force
[pscredential]$Credential = New-Object System.Management.Automation.PSCredential ($appKey, $Password)
New-DSSession $Credential $DS_URL -AsApplication

Could you please try it out and let me know if that helps?

Best regards,

Hello Erica,

we have tested this mode and it works fine. We have generated applications keys and secrets
Colleagues works on modifications in their scripts for this access mode.

Am I to take your last post to mean that logging in with a domain account in a powershell script is no longer functional and supported? Or this problem will be resolved in future release?

Thank you
Best regards
Jakub

Hello Jakub,

Thank you for your feedback.

The domain authentication still works and will still be supported. The script sample I published is regarding the usage of an application key if it's what you were using. But from what I understand from your last post, you try to use a domain account to connect using the DVLS PowerShell module but that still doesn't work.

I think we should troubleshoot your problem in a remote session. Please open a ticket by sending an email at service@devolutions.net and add a reference to this thread in your message.

Best regards,