The below VM extension fails to add VM to the domain.
It works fine when the ‘Computer Account’ exists in the AD. If the ‘Computer Account’ do not exist (New Server) it fails.
Set-AzureRmVMADDomainExtension -TypeHandlerVersion '1.0' -JoinOption 3 -DomainName $strDomainDNSName -ResourceGroupName $strRes_GrpName -VMName $strHostName -Credential $objCred -OUPath $strServerOU -Restart
The join option 3 should complete the below actions.
Value Meaning
NETSETUP_JOIN_DOMAIN
0x00000001 Joins the computer to a domain. If this value is not specified, joins the computer to a workgroup.
NETSETUP_ACCT_CREATE
0x00000002 Creates the account on the domain.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa370433(v=vs.85).aspx
Found the below error details under Azure VM Extension:
[
{
"code": "ComponentStatus/JoinDomainException for Option 3 meaning 'User Specified'/failed/1",
"displayStatus": "Provisioning failed",
"level": "Error",
"message": "ERROR - Failed to join domain='MyAd.ad.company.co.uk', ou='OU=Computers,DC=MyAd,DC=ad,DC=company,DC=co,DC=uk', user='LocalAdmin#MyAD.ad.company.co.uk', option='NetSetupJoinDomain, NetSetupAcctCreate' (#3 meaning 'User Specified'). Error code 2",
"time": null
}
{
"code": "ComponentStatus/JoinDomainException for Option 1 meaning 'User Specified without NetSetupAcctCreate'/failed/1",
"displayStatus": "Provisioning failed",
"level": "Error",
"message": "ERROR - Failed to join domain='MyAd.ad.company.co.uk', ou='OU=Computers,DC=MyAd,DC=ad,DC=company,DC=co,DC=uk', user='MGTAdmin#MyAd.ad.company.co.uk', option='NetSetupJoinDomain' (#1 meaning 'User Specified without NetSetupAcctCreate'). Error code 1332",
"time": null
}
]
Only the Built-in 'Computers' OU has the problem.
Tried both 'OU=Computers,DC=MyAd,DC=ad,DC=company,DC=co,DC=uk' and 'CN=Computers,DC=MyAd,DC=ad,DC=company,DC=co,DC=uk'. Failed with same Error.
But other user created OU works fine. For Eg. 'OU=TSTVLAN,OU=MGTServers,,DC=MyAd,DC=ad,DC=company,DC=co,DC=uk'
Mine was failing with "User Specified without NetSetupAcctCreate", error 1323 in the logs.
I needed to update the username to include the domain, ie
User= 'domainName\userName'
Then it worked.
Related
I am executing following query statement whose result set contains 10000 documents, while running the query I get permission denied error. If the result sets are small then this error does not come.
query
delete from `A` where _type="typeA" and tenant = "B" and status="ACTIVE"
From the above query 10000 records to be deleted
Following is the err
[
{
"code": 5000,
"msg": "open /data/tmp/scan-results428491556497897: permission denied - cause: open /tescodata/tmp/scan-results428491556497897: permission denied",
"query": "delete from `A` where _type=\"typeA\" and tenant = \"B\" and status=\"ACTIVE\""
},
{
"code": 5000,
"msg": " open /data/tmp/scan-results428491556497897: permission denied - cause: open /data/tmp/scan-results428491556497897: permission denied"
}
]
Here the CB version is 7.1
Make sure the following has read/write permissions
https://docs.couchbase.com/server/current/n1ql/n1ql-language-reference/backfill.html
I build a GraphQL API with Apollo and Prisma ORM which is connected to my hosted MySQL Database (The Database has already content in it).
When I run it on my localhost everything works fine and I can query the Database with GraphQL statements.
As soon as I deploy my node.js project to DigitalOcean (auto deployed with GitHub) it stops working and I get the following error:
{
"errors": [
{
"message": "\nInvalid `prisma.content.findMany()` invocation in\n/workspace/src/schema.js:36:29\n\n 33 const resolvers = {\n 34 Query: {\n 35 memes: (parent, args) => {\n→ 36 return prisma.content.findMany(\n error: Error validating datasource `db`: the URL must start with the protocol `mysql://`.\n --> schema.prisma:7\n | \n 6 | provider = \"mysql\"\n 7 | url = env(\"DATABASE_URL\")\n | \n\nValidation Error Count: 1",
"locations": [
{
"line": 2,
"column": 3
}
],
"path": [
"memes"
],
"extensions": {
"code": "INTERNAL_SERVER_ERROR",
"exception": {
"clientVersion": "3.6.0",
"stacktrace": [
"Error: ",
"Invalid `prisma.content.findMany()` invocation in",
"/workspace/src/schema.js:36:29",
"",
" 33 const resolvers = {",
" 34 Query: {",
" 35 memes: (parent, args) => {",
"→ 36 return prisma.content.findMany(",
" error: Error validating datasource `db`: the URL must start with the protocol `mysql://`.",
" --> schema.prisma:7",
" | ",
" 6 | provider = \"mysql\"",
" 7 | url = env(\"DATABASE_URL\")",
" | ",
"",
"Validation Error Count: 1",
" at cb (/workspace/node_modules/#prisma/client/runtime/index.js:38689:17)",
" at processTicksAndRejections (internal/process/task_queues.js:97:5)"
]
}
}
}
],
"data": null
}
Here is my schema.prisma file:
generator client {
provider = "prisma-client-js"
}
datasource db {
provider = "mysql"
url = env("DATABASE_URL")
}
...
The only thing that is different from the hosted project compared to the local project is that I put .env file and node_modules on the .gitignore file.
So it seems like the project is accessing the wrong DATABASE_URL, but how should the hosted project know the DATABASE_URL in my .env file when the .env file is on .gitignore?
Here is what I do:
Change the DATABASE_URL in my .env file to my local MySQL Database hosted on a docker container
Run npx prisma migrate dev --preview-feature to generate the migration files
Run git add .
Run git commit -m "New Commit"
Run DATABASE_URL=mysql://censored:censored#censored:3306/censored npx prisma migrate resolve --applied "my_migration_folder_name" --preview-feature which succeeds and tells me "Migration my_migration_folder_name marked as applied."
Run git push
I can see that the Migration is successfully created on my MySQL Database but as soon as I run the app and try to query the database it gives me that error.
The code has to be correct because it is working on my localhost even when querying the hosted MySQL Database.
I also double checked that the Model in the schema.prisma file is in sync with my hosted MySQL Database schema.
I'm running out of ideas on what I could try.
EDIT
I actually think it has something to do with the environment variables I set in the settings of my DigitalOcean application.
Before it was set to:
envs:
- key: DATABASE_URL
scope: RUN_AND_BUILD_TIME
value: ${db.DATABASE_URL}
Now I set it to:
envs:
- key: DATABASE_URL
scope: RUN_AND_BUILD_TIME
value: mysql://censored:cesnored#censored:3306/censored
I thought that this will fix the problem but now it tells me that the connection fails because of wrong database credentials even though it is the right link with the right credentials.
I fixed it by clicking "Force rebuild and deploy" on my digitalOcean app.
I've created an Alexa skill based on the Hello World template using the ASK CLI. The skill is called demo-skill. I want to use the ask api update-skill command to update the skill to reflect local changes that I've made to the en-US.json file in the demo-skill project structure. This is the command I'm using:
ask api update-skill --skill-id <my skill id> --file <my working directory>/demo-skill/models/en-US.json
This is the error I'm receiving:
Call update-skill error.
Error code: 400
{
"message": "Skill manifest is not valid.",
"violations": [
{
"code": "INVALID_REQUEST_PARAMETER",
"message": "Instance at property path \"$\" has an invalid number of properties. Actual properties: 0, Minimum properties: 1",
"validationDetails": {
"originalInstance": {
"propertyPath": "$",
"type": "BODY"
},
"reason": {
"actualProperties": 0,
"minimumProperties": 1,
"type": "INVALID_NUMBER_OF_PROPERTIES"
}
}
}
]
}
Can someone please explain what parameter is missing here and how can I update a skill using the CLI if what I'm doing is wrong?
The command you are using is to update the schema of the skill, vs the interaction model.
The corollary to 'get' the schema is:
ask api get-skill -s {skill_id} --stage development > skill.json
If you turn around and put the output of that command into your command:
ask api update-skill --skill-id <my skill id> --file skill.json
you should find that the command executes successfully.
You may be looking for:
ask api update-model <-s|--skill-id <skillId>> <-f|--file <fileName>> <-l|--locale <locale>> [-g|--stage <stage>] [-d|--description <description>] [-p|--profile <profile>] [--debug]
Here are the docs for that:
ASK CLI command reference
I have deployed an API-Platform app using JWT token to ElasticBeanstalk which, as usual, works fine in my local server.
On EB though it is denying access to logged in users despite the correct BearerToken being provided.
This is the error thrown:
{
"errors": [
{
"message": "Access Denied.",
"extensions": {
"category": "graphql"
},
"locations": [
{
"line": 6,
"column": 9
}
],
"path": [
"retrievedQueryUser"
]
}
],
"data": {
"retrievedQueryUser": null
}
}
The query in question attempts to retrieve user profile info through the below graphql config:
* "retrievedQuery"={
* "item_query"=UserProfileResolver::class,
* "normalization_context"={"groups"={"get-owner"}},
* "security"="is_granted('IS_AUTHENTICATED_FULLY') and object == user"
* },
So, it should be a simple matter of checking if the users IS_AUTHENTICATED_FULLY and if it is the user him/herself trying to execute the query.
Far as I could tell, by dump below on /vendor/symfony/security-core/Authorization/AuthorizationChecker.php, it's failing to retrieve a token.
var_dump($this->tokenStorage->getToken()->getUser()->getUsername());
I did a cursory comparison of phpinfo() between my local installation and the one at AWS-EB and could not find any obvious mismatch.
This is the config for JWT at /config/packages/lexik_jwt_authentication.yaml.
lexik_jwt_authentication:
secret_key: '%env(resolve:JWT_SECRET_KEY)%'
public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'
user_identity_field: email
token_ttl: 1800
Just to confirm that the users are able to login. It's passing through the isGranted() check that fails.
Any ideas?
EDIT - add `/config/packages/security.yaml
security:
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
encoders:
App\Entity\User:
algorithm: auto
#algorithm: bcrypt
#algorithm: argon2i
cost: 12
providers:
database:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
refresh:
pattern: ^/api/token/refresh
stateless: true
anonymous: true
api:
pattern: ^/api
stateless: true
anonymous: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
guard:
authenticators:
- app.google_login_authenticator
- App\Security\TokenAuthenticator
entry_point: App\Security\TokenAuthenticator
user_checker: App\Security\UserEnabledChecker
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_SUPERADMIN }
- { path: ^/api/token/refresh, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_ANONYMOUSLY }
role_hierarchy:
ROLE_PROVIDER: ROLE_USER
ROLE_ADMIN: [ROLE_PROVIDER, ROLE_EDITOR]
ROLE_SUPERADMIN: ROLE_ADMIN
Upon further research I found out that Apache was stripping the authorization token from the request.
On the method supports of /lexik/jwt-authenticator-bundle/Security/Guard/JWTTokenAuthenticator, the dump as below will not include the token on AWS:
var_dump($request->headers->all());
var_dump($_SERVER);
As per this question, this is an issue of Apache configuration which is not accepting the authorization headers.
The indicated solution is to add the following to .htaccess:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
This resolves the issue, though one should note that the local Apache installation works fine without the above edit to .htaccess.
So, it should also be possible to change Apache config directly, but I could not find how to go about it.
EDIT: Later I found a specific instruction on 'JWT-Token' docs as follows, that confirm that solution on this link.
I'm trying to work out why I'm getting the error below; the path to the configuration.ps1 file should be configuration\configuration.ps1, however its failing as its reading it as configuration.0\configuration.ps1.
the whole error message is below, has anyone else come across this?
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'CreateADPDC'. Error message: \"The DSC Extension received an incorrect input: An error occurred while
executing script or module 'configuration.ps1': The term 'C:\\Packages\\Plugins\\Microsoft.Powershell.DSC\\2.77.0.0\\bin\\..\\DSCWork\\configuration.0\\configuration.ps1' is not
recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again..\nPlease correct the input and retry executing the extension.\"."
}
]
}
}'
At line:4 char:14
+ ... New-AzureRmResourceGroupDeployment -Name "coredeployment1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet
New-AzureRmResourceGroupDeployment : 18:31:08 - VM has reported a failure when processing extension 'CreateADPDC'. Error message: "The DSC Extension received an incorrect input: An
error occurred while executing script or module 'configuration.ps1': The term
'C:\Packages\Plugins\Microsoft.Powershell.DSC\2.77.0.0\bin\..\DSCWork\configuration.0\configuration.ps1' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again..
Please correct the input and retry executing the extension.".
Thanks in advance :)