What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

XML Custom EXE Script error

Votes:

0

I am having an issue when attempting to run a PowerShell script from PRTG. I have checked all the usual / recommened things like execution policy etc but still getting an error on execution. The script runs fine when run manually under both x64 and x86 PowerShell command prompts.

The script I am trying to run is the msxfaq.de Ubiquiti monitoring script . What is weird is that the Luciano's script is running fine with exactly the same PRTG settings / permissions.

I enabled logging to disk for the sensor and noticed the following in the output file.

& : AuthorizationManager check failed.
At line:1 char:138
+ ... l.Utility};&'C:\Program Files (x86)\PRTG Network Monitor\custom senso ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess

I have also tried specifying a user context for the sensor to run which was a local administrator. This made no difference.

Anyone got any suggestions for this because I am pretty much out of ideas?

custom-script-exe powershell prtg xml

Created on Oct 27, 2017 12:03:11 PM

Last change on Oct 31, 2017 8:29:56 AM by Luciano Lingnau [Paessler]



9 Replies

Votes:

0

So the command works fine if you execute it locally?

Created on Oct 28, 2017 12:52:25 AM by Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

Sure does. Have tested both x86 and x64 modes of PowerShell

Created on Oct 29, 2017 1:27:50 AM



Votes:

0

Are you specifying the user in the code, or in the settings for the sensor in PRTG to have it run as local admin?

Also, can you try executing it on the PRTG server with the parameters coded into it for the target machine and user context?

Created on Oct 30, 2017 8:11:48 PM by Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

The user for the Unifi side is specified in the script but I have also tested using parameters. Both work when run manually in Powershell command windows but not when run by PRTG

Created on Oct 30, 2017 11:09:54 PM



Votes:

0

Andre, I'll ask some of my colleagues who are more versed in coding than I am to take a look at this.

Created on Oct 31, 2017 12:41:22 AM by Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

Hello Andre,
thank you for your KB-Post and I'm happy to hear that my script works. :)

The error message looks misleading:

At line:1 char:138

Line 138 from the script is basically generating the XML result:

[...]
		  <float>0</float>
		  <mode>Difference</mode>
		  <CustomUnit>Pakete</CustomUnit>
[...]

However, the script has some differences to mine, for example this:

$ValidTLS = [System.Net.SecurityProtocolType]'Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $ValidTLS

In my version of the script I explicitly accept more protocols:

#Define supported Protocols
[System.Net.ServicePointManager]::SecurityProtocol = @("Tls12","Tls11","Tls","Ssl3")

That could be something you can try. Otherwise I'm pretty much out of ideas.

Best Regards,
Luciano Lingnau [Paessler Support]

Created on Oct 31, 2017 8:38:46 AM by Luciano Lingnau [Paessler]



Votes:

0

Hi Luciano,

Thanks for the information. I gave what you suggested a try but still get the same error. I didn't actually expect it to work since that is what is used for communicating with the Unifi controller and when run manually works as expected (even the feedback to the HTTP Push Data sensors).

This really looks like an issue with PRTG and how it interacts with Powershell on Windows 10 when running as a Local System service. I just can't work out what security context PRTG is using since it seems to be ignoring the unrestricted execution policy that has been set.

Is there any additional logging that can be obtained out of PRTG to see what its doing?

Created on Oct 31, 2017 9:52:02 AM



Votes:

0

Hello Andre,
thank you for your reply.

The best way to have the script run in a specific user context is to configure the sensor to "Use security context of probe service" and then configure the PRTG Probe Service to run with a specific user account (can be done via services.msc). However, this should make little difference since the Powershell script doesn't use Windows Authentication for anything (only Unifi controller credentials).

As for debugging/logs, the "Write EXE result to disk" option is really the only alternative from PRTG's side. The other thing you could try is using Process Monitor (from Sysinternals/microsoft) to find out what happens during the script's execution.

Please keep in mind that as described here, the PRTG Probe Service is a 32-bit application and will use the 32-bit version of powershell, which can have a different configured execution policy. However, if the problem was the execution policy we would usually see that in the log result.

Please let me know how it works out.

Best Regards,
Luciano Lingnau [Paessler Support]

Created on Oct 31, 2017 10:20:20 AM by Luciano Lingnau [Paessler]

Last change on Oct 31, 2017 10:21:37 AM by Luciano Lingnau [Paessler]



Votes:

1

Hello Andre, I'll try my best.

  1. PRTG is a 32bit program and uses the 32bit powershell. Keep that in mind whenever you write your own scripts:-)
  2. The PRTG Probe runs as LocalSystem or as a username. This user must be able to start a Powershell. One Thing can happen. The PowerShell runs some Kind of "autoexec"-Skript it is in "$Profile" and normally points to something like “C: :\Users\fcarius\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1” Make sure this file exists. (it can be empty). See powershell-authorizationmanager-check-failed
  3. Downloads from the Internet or even a UNC-Path are linked to an "Zone" and this can prevent the execution based on your IE Zone Settings. Use your Windows Explorer and check the Properties of the PS1-File is there a Button on the lower right Windows Position to "unlock" the Script ?. Click it to unlock the script.
  4. Sometimes you can use Sysinternals Procmon to trace the execution of Probes and their problems.
  5. Can you use Notepad and create a simple PS1-File only to send back a result like "0:OK" or a XML. So we should see, that a PS1 File is executed. If that the case then use Notepad again and copy the code to the temporary file and see if it works.

Frank

Created on Nov 6, 2017 10:34:00 PM

Last change on Nov 7, 2017 6:28:13 AM by Luciano Lingnau [Paessler]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.