I was trying to do:
$credentials = New-Object System.Net.NetworkCredential -ArgumentList @($username, (ConvertTo-SecureString -String $password -AsPlainText -Force)) $request = [System.Net.HttpWebRequest]::Create($Urlstring) $request.Credentials = $credentials $response = [System.Net.HttpWebResponse] $Request.GetResponse()
I've tried messing with IIS configuration, Application Pools, SPN's etc..
I then found This page, which had a useful packet capture filter, I followed this but wasn't seeing the errors I wanted! Eventually after playing with the options I began to see kerberos errors for the account being locked out. This then let me realize that we were getting closer, so I tried resetting the password to something known without a mass of random characters in. It was still getting locked out.
I then changed from using a secure string to use a string as below and it immediately started working.
$credentials = new-object System.Net.NetworkCredential("AccountName", $password, "Domain")
$request = [System.Net.HttpWebRequest]::Create($Urlstring)
$request.Credentials = $credentials
$response = [System.Net.HttpWebResponse] $Request.GetResponse()
It seems that checking the CLR version with
$PSVersionTable.CLRVersion
shows the problem as apparently SecureString wasn't introduced until .Net v4.0
So I now need to either do plain text passwords - Not.. or come up with a way of testing this!
Also pay attention to pre-windows 2000 account names as they may also cause issues if not using the UPN, but I need to do further testing around this.
No comments:
Post a Comment