Script signing

Jun 14, 2011 at 5:54 PM

Hi

Thank you for the great job !

I have just a problem with script signing : I tried copying the signature string to the Signature field of the script action in my workflow, but I still gett the message:

Error while executing PowerShell Script: Échec de la vérification d'AuthorizationManager.

Are there particular things to which I should take more care ?

I checked the documentation, but I'm not sure I understand well this part:

"Simply copy & paste the script and the signature to the script and signature field of the “Execute PowerShell Script” action.

White spaces in the script will be ignored in the signing process."

What should I copy and paste exactly ?

Many thanks !

Coordinator
Jun 15, 2011 at 7:53 AM

Hi Emmanuel,

I'm not sure that this is a signing problem. AuthoritationManager is a PowerShell internal class. Maybe you use a PowerShell Snap-In to which the app pool/timer service account have no permissions or even the account have no permission to run the powershell at all.

To verify that try to run the script with the account under which the app pool/timer servive account is running in the PowerShell console itself . 

Bye,

Christian

 

Jun 17, 2011 at 8:26 AM

Hi Christian

Many thanks for your reply!

I'll check this of course. Though, I have tested to execute the script after having disabled the signing obligation on the server, and it works fine. This is why I suspected the signature I copied.

I'll keep you informed.

Regards

Emmanuel

Jun 24, 2011 at 8:29 AM
Edited Jun 27, 2011 at 9:08 AM

Hi Christian,

I tried running the script with both the farm admin account (system account) and with my account who is only administrator of the collection: I still get the same error. But if I disable the obligation to sign scripts on the server, then it's ok.

Though, I found another security problem, but I don't know if I must post it in another discussion (if yes just tell me):

- I have a script that tries to execute the Get-SPWebApplication applet, in order to check the existence of a URL on the farm.

- when I execute the script through the powershell console, in command-line, it's ok. I run it with an account who is farm administrator though.

- when I launch the script through my workflow, it says: "you must have farm administration rights in order to execute this applet".

24/06/2011 09:13 Erreur
Aucune information de présence Compte système
Error while executing PowerShell Script: Vous devez disposer des droits d’administrateur de batterie de serveurs pour exécuter cette applet de commande. Error

What I don't understand is which account is used here to execute the applet. I tried to launch the workflow with the farm admin account (system account), and with my account. I tried to add to the farm administrators group my account, and the account under which the application pool of my webapp runs (the webapp where I launch the workflow), I still get the same message.

I noticed that the user account in the message is always system account, whatever user account I use to launch the workflow.

I also tried to execute the action in an impersonification step (emprunt d'identité in french, I don't know how to translate :) ), I still get the same message.

What am I doing wrong ?

Many thanks in advance, regards

Emmanuel