Unable to connect to RDMDataSource via Application Identity
Hi everyone,
I am currently working on using PowerShell to automatically export all passwords stored in my vault to a .csv file. This is to be done via a scheduled task on my DVLS server.
The server has the latest versions of DVLS Console, Server, RDM and Devolutions.PowerShell installed - so everything is up to date.
My aim is to carry out authentication via an appkey and an appsecret, as no user interaction is planned. However, executing the following code opens a browser window for interactive login - which is not desired in my scenario.
The application identity used has the required access rights both via DVLS groups and directly to the vault. If I log in via the open browser window, access works for a short time, but only as long as the Powershell session is active. The next time I run the script, the login window appears again.
Code:
Import-Module Devolutions.PowerShell
$dsname = "dvls"
$dsurl = "https://[DVLS-URL]"
$appkey = "XXXXXX"
$appsecret = "XXXXXXX"
$ds = New-RDMDataSource -DVLS -Name $dsname -Server $dsurl -ScriptingTenantID $appkey -ScriptingApplicationPassword $appsecret -SetDatasource -WarningAction SilentlyContinue
Set-RDMDataSource $ds
#Location of the CSV file you want to export the RDM sessions to
$exportFileName = "C:\Temp\EXPORTS\RDMCredentialsData_$(get-date -f yyyy-MM-dd).csv"
Set-RDMCurrentRepository [Vault-ID]
Update-RDMUI
#Get all the sessions in the current vault
$RDMsessions = Get-RDMSession | Where-Object {$_.ConnectionType -ne "Group"} | Select-Object -Property Name, ID, ConnectionType, Group, HostFull
#Iterate in every session
foreach ($session in $RDMsessions){
#Add the username field
$session | Add-Member -MemberType NoteProperty "Username" -Value (Get-RDMSessionUserName -ID $session.id)
#Add the password field as clear text to the session
$session | Add-Member -MemberType NoteProperty "Password" -Value (get-RDMSessionPassword -ID $session.id -AsPlainText)
#Export the session to a CSV file to the path configured earlier.
$session | Export-Csv -Path $exportFileName -Append -NoTypeInformation
}
Thank you in advance for any help.
Marco
All Comments (9)
Hello Marco,
Regarding the first issue: it looks like you're creating the data source, but not actually connecting to it. You need to explicitly set it using:
Set-RDMCurrentDataSource -DataSource $ds
Also note that your script currently creates a new data source on each run. For reference, please see the following documentation that shows how to properly connect using Remote Desktop Manager cmdlets: https://docs.devolutions.net/powershell/dvls-powershell/powershell-connectivity/#method-1-using-remote-desktop-manager-cmdlets
As for the web prompt: it's likely the default data source being loaded automatically. The New-RDMDataSource call triggers that behavior. I’ll look into changing this so that no data source is loaded by default when creating a new one. In the meantime, you can either change the default data source, or use an override configuration (portable mode). You can find more details here: https://docs.devolutions.net/powershell/rdm-powershell/rdm-powershell-core-module/#use-an-override-configuration-portable
Let me know if you need more help.
Best regards,
Maxime
Hello Marco,
Regarding the first issue: it looks like you're creating the data source, but not actually connecting to it. You need to explicitly set it using:
Set-RDMCurrentDataSource -DataSource $ds
Also note that your script currently creates a new data source on each run. For reference, please see the following documentation that shows how to properly connect using Remote Desktop Manager cmdlets: https://docs.devolutions.net/powershell/dvls-powershell/powershell-connectivity/#method-1-using-remote-desktop-manager-cmdlets
As for the web prompt: it's likely the default data source being loaded automatically. The New-RDMDataSource call triggers that behavior. I’ll look into changing this so that no data source is loaded by default when creating a new one. In the meantime, you can either change the default data source, or use an override configuration (portable mode). You can find more details here: https://docs.devolutions.net/powershell/rdm-powershell/rdm-powershell-core-module/#use-an-override-configuration-portable
Let me know if you need more help.
Best regards,
Maxime
Hello @Maxime Bernier,
could you give me an example adapted to my use case? Unfortunately, I'm not really sure how to use the override configuration or how to include it in my code.
@Maxime Bernier
The browser window that appeared after calling up the code is no longer there. Now, however, the following is reported after Get and Set RDMDataSource: Invalid username or password, please check your credentials. I have created a new application identity and checked everything twice, in my opinion everything should be correct here. Also the settings under Administration -> System Settings -> Application Access (if this is for the application identities at all) are unchanged and everything is checked.
Hello Marco,
To create an override configuration, run the following commands once in PowerShell:
$override = Get-RDMPowerShellOverride $override.OptionFilePath = "PathToCfg" # e.g., C:\my\path\override\RemoteDesktopManager.cfg Set-RDMPowerShellOverride
You only need to run this once to set the override. After running it, simply restart PowerShell.
The .cfg file will be created on first execution. Once it's in place, you can create the data source as described in the documentation I linked in my previous reply.
Let me know if this resolves the issue. If not, I’ll be happy to investigate further.
Best regards,
Maxime
Hello Marco,
To create an override configuration, run the following commands once in PowerShell:
$override = Get-RDMPowerShellOverride
$override.OptionFilePath = "PathToCfg" # e.g., C:\my\path\override\RemoteDesktopManager.cfg
Set-RDMPowerShellOverride
You only need to run this once to set the override. After running it, simply restart PowerShell.
The .cfg file will be created on first execution. Once it's in place, you can create the data source as described in the documentation I linked in my previous reply.
Let me know if this resolves the issue. If not, I’ll be happy to investigate further.
Best regards,
Maxime
@Maxime Bernier
Still: Invalid username or password, please verify your credentials.
Hello Marco,
So far, I haven’t been able to replicate the issue.
If you check Reports → Login Attempts from the Web, what failure type is associated with your attempts? That might help us identify the cause, in case it’s not related to the username or password.
I’ll continue my investigation.
Best regards,
Maxime
Hello Marco,
As of the Devolutions.PowerShell 2025.2.2 module, the RDMDataSource cmdlets no longer load the initial data source by default.
I’m currently working to reproduce the issue you encountered.
Best regards,
Maxime
Hi Maxime,
sorry for the late response. I had actually already found a workaround on Friday and thought I had posted it in the forum. Seems like I got distracted.
In my message from last week I would have written something about the RDMOverride, but this is no longer necessary after version 2025.2.2. In addition, I had to set up the Devolutions Server again today and can therefore only test with a clean system. I can therefore tell you that it now works for me with the following code:
$dsname = "DVLS.PowerShell"
$ds = Get-RDMDataSource -Name $dsname
if ([string]::IsNullOrEmpty($ds))
{
$dsname = "DVLS-PowerShell"
$dsurl = "https://ServerURL"
$appkey = "appkey"
$appsecret = "appsecret"
$ds = New-RDMDataSource -DVLS -Name $dsname -Server $dsurl -ScriptingTenantID $appkey -ScriptingApplicationPassword $appsecret -SetDatasource -WarningAction SilentlyContinue
Set-RDMDataSource $ds
}
Set-RDMCurrentDataSource $ds
$exportFileName = "C:\Path.csv"
Set-RDMCurrentRepository [SSID]
Update-RDMUI
$RDMsessions = Get-RDMSession | Where-Object {$_.ConnectionType -ne "Group"} | Select-Object -Property Name, ID, ConnectionType, Group, HostFull
foreach ($session in $RDMsessions){
$session | Add-Member -MemberType NoteProperty "Username" -Value (Get-RDMSessionUserName -ID $session.id)
$session | Add-Member -MemberType NoteProperty "Password" -Value (get-RDMSessionPassword -ID $session.id -AsPlainText)
$session | Export-Csv -Path $exportFileName -Append -NoTypeInformation
}
icacls $exportFileName /inheritance:r > $null
icacls $exportFileName /remove:g *S-1-1-0 > $null
icacls $exportFileName /remove:g "Benutzer" > $null
icacls $exportFileName /grant:r "Administratoren:(F)" > $nullHello Marco,
I'm glad to hear it’s working for you now! If you need any further assistance, feel free to reach out.
Best regards,
Maxime