Upgraded to 2022.3.6: Unable to save the entry; access denied.
Hello.
Since upgrading to 2022.3.6 (from 2022.2.something) i cannot edit entries anymore through our powershell scripts.
our application user has RDM administrator rights, and has all vaults assigned.
scripting access at application access / application is set to enabled, and default access checked.
also manually authenticating with my own (non application) user, which also has the highest permissions, has the same issue.
i can't figure out which obvious thing i'm missing
Consider the following code:
function Connect-RDMDataSource {
log "Connecting to Devolutions"
$ds = New-RDMDataSource -DVLS -Name 'mydps' -server $env:devolutions_dps_url -ScriptingApplicationPassword $env:devolutions_secret_password -ScriptingTenantID $env:devolutions_tenant_id -verbose
Set-RDMDataSource $ds -Verbose
Set-RDMCurrentDataSource $ds -Verbose
}
Connect-RDMDataSource
$sessions = get-rdmsession | where-object {$_.connectiontype -eq 'SSHShell'}
$count = 0
foreach ($s in $sessions) {
$count ++
echo "Changing SSH $($count) of $($sessions.count)"
$s.terminal.logpath = '$DEVOLUTIONSLOG$'
Set-RDMSession $s -Refresh -verbose
}
output:
Changing SSH 1 of 579 WARNING: Unable to save the entry; access denied Changing SSH 2 of 579 WARNING: Unable to save the entry; access denied Changing SSH 3 of 579 WARNING: Unable to save the entry; access denied Changing SSH 4 of 579 WARNING: Unable to save the entry; access denied
tested both on 5.1 and core 7.3
PS C:\Windows\system32> $PSVersionTable
Name Value
---- -----
PSVersion 5.1.17763.2931
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17763.2931
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
PS C:\Windows\system32> get-module remotedesktopmanager
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Binary 2022.3.1.0 RemoteDesktopManager {Add-HubGroupUser, Add-RDMPrivateSessionAttachment, Add-RDMRoleRepositoryAccess, Add-RDMRoleToUser...} PS C:\Users\r.wesseling> $PSVersionTable
Name Value
---- -----
PSVersion 7.3.0
PSEdition Core
GitCommitId 7.3.0
OS Microsoft Windows 10.0.22621
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0All Comments (25)
Hi,
Based on the script you provided and the changes that were introduced in 2022.3, my guess would be a license error.
Could please run Get-RDMDiagnostic and post the censured result here?
That should help confirm my hypothesis.
Regards
Jonathan Lafontaine
I think you are right.
Serial LicenseType IsLicenseValid IsLicenseExpired
------ ----------- -------------- ----------------
redacted None True True
If you don't have any problem with RDM but do with PowerShell, your DVLS might have multiple licenses and for some reason DVLS is assigning your app password an expired license.
If you have access, cleaning up the licenses in DVLS could probably help.
Jonathan Lafontaine
I have already cleaned up all licenses :)
Still having issues?
Jonathan Lafontaine
Unfortunately, yes, i still have the same problem.
I'll look into it.
Jonathan Lafontaine
Quick question, does the license returned by Get-RDMDiagnostic match the one in Administration > Licenses?
Jonathan Lafontaine
strange, there was a licensekey before. now it's empty
Serial LicenseType IsLicenseValid IsLicenseExpired
------ ----------- -------------- ----------------
False True
My guess is that for whatever reason, DVLS doesn't want to assign a license from the valid license pool.
It happily gave you an old one thought but since those are now gone, you hand up empty handed.
I'll check with the DVLS team if they have any idea what is happening.
What version of DVLS are you running?
Jonathan Lafontaine
Server Version
2022.3.6.0
Database Version
817
Thank you :)
I've talked with the devs on the DVLS team and we managed to find the issue.
The expired serial is saved in the user info associated with your app id and there's is currently no way to modify it.
We plan on improving our new serial validation system to deal with this edge case but that won't be available soon.
In the meantime, I will update our module with a special case that will bypass the current validation when necessary.
I'll let you know once it's available, hopefully today.
Jonathan Lafontaine
The now available 2022.3.1.1 should solve your issue.
Jonathan Lafontaine
The new module doesn't allow me to connect to my DLVS
at Devolutions.Server.ApiWrapper.RDMSWebClient.RunSynchronous[T](Task`1 task)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.<GetRoleSummaries>b__151_0()
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.RetryAction[T](ExecuteActionDelegate`1 action, String label)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.ExecuteAction[T](ExecuteActionDelegate`1 action, ExecuteActionLogMode logMode)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.ExecuteActionMultipleData[T](ExecuteActionDelegate`1 action)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.GetRoleSummaries()
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSSecuritySubDataSource.GetRolesSummaries()
at Devolutions.RemoteDesktopManager.Managers.RoleManager.GetAllRoles(Boolean getAllRoleInformation, Boolean useRecentCache)
at Devolutions.RemoteDesktopManager.Managers.RoleManager.ResolveRoles(String[] roleNameOrIds)
at Devolutions.RemoteDesktopManager.Managers.RoleManager.GetRoleNames(String[] roleIDs)
at Devolutions.RemoteDesktopManager.Managers.SecurityManager.LoadSecurity(BaseConnectionDataSource dataSource)
at Devolutions.RemoteDesktopManager.Managers.ConnectionManager.LoadConnectionsFromDataSource(ConnectionEngine engine, Boolean hasChanged)
at Devolutions.RemoteDesktopManager.Managers.ConnectionManager.LoadConnections(BaseConnectionDataSource dataSource)
Get-RDMSession : Connection not found.
At line:170 char:16
+ $RDMSessions = Get-RDMSession
+ ~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-RDMSession], Exception
+ FullyQualifiedErrorId : 0,RemoteDesktopManager.PowerShellModule.GetRDMSessionCommand
i'm using the following code to connect,.
function Connect-RDMDataSource {
$ds = New-RDMDataSource -DVLS -Name 'mydps' -server $env:devolutions_dps_url -ScriptingApplicationPassword $env:devolutions_secret_password -ScriptingTenantID $env:devolutions_tenant_id -verbose
Set-RDMDataSource $ds -Verbose
Set-RDMCurrentDataSource $ds -Verbose
}
Connect-RDMDataSource
for now i reverted back to the previous module. there i can connect fine :) (but not edit records ;))
I'll get right on it, sorry this is happening.
Jonathan Lafontaine
Does the error message start with at Devolutions.Server.ApiWrapper.RDMSWebClient.RunSynchronous[T](Task`1 task)
or is there more to it?
Jonathan Lafontaine
it's missing 1 line
this is the full output.
PS C:\Windows\system32>
function Connect-RDMDataSource {
$ds = New-RDMDataSource -DVLS -Name 'mydps' -server $env:devolutions_dps_url -ScriptingApplicationPassword $env:devolutions_secret_password -ScriptingTenantID $env:devolutions_tenant_id -verbose
Set-RDMDataSource $ds -Verbose
Set-RDMCurrentDataSource $ds -Verbose
}
Connect-RDMDataSource
$RDMSessions = Get-RDMSession
NullReferenceException - Object reference not set to an instance of an object.
at Devolutions.Server.ApiWrapper.RDMSWebClient.RunSynchronous[T](Task`1 task)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.<GetRoleSummaries>b__151_0()
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.RetryAction[T](ExecuteActionDelegate`1 action, String label)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.ExecuteAction[T](ExecuteActionDelegate`1 action, ExecuteActionLogMode logMode)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.ExecuteActionMultipleData[T](ExecuteActionDelegate`1 action)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.GetRoleSummaries()
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSSecuritySubDataSource.GetRolesSummaries()
at Devolutions.RemoteDesktopManager.Managers.RoleManager.GetAllRoles(Boolean getAllRoleInformation, Boolean useRecentCache)
at Devolutions.RemoteDesktopManager.Managers.RoleManager.ResolveRoles(String[] roleNameOrIds)
at Devolutions.RemoteDesktopManager.Managers.RoleManager.GetRoleNames(String[] roleIDs)
at Devolutions.RemoteDesktopManager.Managers.SecurityManager.LoadSecurity(BaseConnectionDataSource dataSource)
at Devolutions.RemoteDesktopManager.Managers.ConnectionManager.LoadConnectionsFromDataSource(ConnectionEngine engine, Boolean hasChanged)
at Devolutions.RemoteDesktopManager.Managers.ConnectionManager.LoadConnections(BaseConnectionDataSource dataSource)
NullReferenceException - Object reference not set to an instance of an object.
at Devolutions.Server.ApiWrapper.RDMSWebClient.RunSynchronous[T](Task`1 task)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.<GetRoleSummaries>b__151_0()
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.RetryAction[T](ExecuteActionDelegate`1 action, String label)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.ExecuteAction[T](ExecuteActionDelegate`1 action, ExecuteActionLogMode logMode)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.ExecuteActionMultipleData[T](ExecuteActionDelegate`1 action)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.GetRoleSummaries()
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSSecuritySubDataSource.GetRolesSummaries()
at Devolutions.RemoteDesktopManager.Managers.RoleManager.GetAllRoles(Boolean getAllRoleInformation, Boolean useRecentCache)
at Devolutions.RemoteDesktopManager.Managers.RoleManager.ResolveRoles(String[] roleNameOrIds)
at Devolutions.RemoteDesktopManager.Managers.RoleManager.GetRoleNames(String[] roleIDs)
at Devolutions.RemoteDesktopManager.Managers.SecurityManager.LoadSecurity(BaseConnectionDataSource dataSource)
at Devolutions.RemoteDesktopManager.Managers.ConnectionManager.LoadConnectionsFromDataSource(ConnectionEngine engine, Boolean hasChanged)
at Devolutions.RemoteDesktopManager.Managers.ConnectionManager.LoadConnections(BaseConnectionDataSource dataSource)
PS C:\Windows\system32> Unfortunately, 2022.3.1.2 also has this problem.
Is there any update on this matter ?
Thank you.
Yes, as I am unable to reproduce your issue, I sent you a private message with a beta build and more logging to try to pinpoint the problem.
Jonathan Lafontaine
Sorry, i missed the private message :)
I have posted you the output.
Hello,
Finally updating the RDM PowerShell module to version 2022.3.1.3 has solved the problem.
Best regards,
Érica Poirier
The connection with 2022.3.1.3 works perfectly.
I do however still have issues with editting records, but, it's diffrent then with the older module.
I can now successfully edit / save one record.
after that, somehow the powershell module is in 'Limited mode', and is unable to save more session objects.
considering the output of get-rdmdiagnostic, my bet it has something to do with licensing...
This is my code and output:
I'm hoping i'm just missing something obvious ;)
import-module remotedesktopmanager -RequiredVersion 2022.3.1.3
get-module remotedesktopmanager
function Connect-RDMDataSource {
$ds = New-RDMDataSource -DVLS -Name 'mydps' -server $env:devolutions_dps_url -ScriptingApplicationPassword $env:devolutions_secret_password -ScriptingTenantID $env:devolutions_tenant_id -verbose
Set-RDMDataSource $ds -Verbose
Set-RDMCurrentDataSource $ds -Verbose
}
Connect-RDMDataSource
$sessions = get-rdmsession | where-object {$_.name -match 'TESTOBJECT'}
echo "Found sessions: $($sessions.count)"
echo "Diagnostic output before editting sessions"
Get-RDMDiagnostic
foreach ($session in $sessions) {
echo "processing session $($session.Name)"
$session.name = "$($session.Name)_Editted"
echo "editted session.name variable: $($session.Name)"
$session | Set-RDMSession -Refresh
echo ""
}
echo "Diagnostic output after editting sessions"
Get-RDMDiagnostic
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Binary 2022.3.1.3 remotedesktopmanager {Add-HubGroupUser, Add-RDMPrivateSessionAttachment, Add-RDMRoleRepositoryAccess, Add-RDMRoleToUser...}
WARNING: This is the last major release supporting PowerShell 5.1. Starting with 2023.1, our PowerShell module will only support PS7.
Found sessions: 2
Diagnostic output before editting sessions
Serial :
LicenseType :
IsLicenseValid : False
IsLicenseExpired : True
processing session TESTOBJECT
editted session.name variable: TESTOBJECT_Editted
processing session TESTOBJECT2
editted session.name variable: TESTOBJECT2_Editted
WARNING: Not allowed in limited mode
Diagnostic output after editting sessions
Serial : <redacted.-here-was-our-valid-license-key>
LicenseType : None
IsLicenseValid : True
IsLicenseExpired : TrueNevermind. I was reading through this forumpost, and saw your comment about the old application key.
I created a new one, and with the new application key it works perfectly.
I think there's some bug in the bugfix for handling old application keys / licenses.
But, it works with the new key, so i don't mind ;)
Thank you !
Hello,
Thank you for your feedback and glad that a new application key has solved your issue.
Best regards,
Érica Poirier
I will still take a look as the fix was supposed to remove the need to have a valid license associated to your app id.
Jonathan Lafontaine