Hello Experts,
I have Windows Server 2016 installed on both my nodes, which is part of a failover cluster. I am running a VB Script role for High Availability of my application. My VB script calls a PowerShell Script which reads an XML file which stores encrypted username
and password of our application. Below is the command which is used to generate the XML file with credentials. Now since the below command is run using the Domain User (as I was logged in using the domain user). This file can be read only by the domain user.
$credential = Get-Credential
$credential | Export-CliXml -Path "C:\My\Secrets\myCred.xml"
So whenever my VB script which is running in failover cluster generic script role, calls my Powershell script within to read the above file using below command:
$credential = Import-CliXml -Path "C:\My\Secrets\myCred.xml"
The cluster is unable to file the file to read it and extract the credentials.
My requirement is simple, to run the cluster service also with the same Domain user so that the XML is accessible and read via failover cluster generic script role.
Also is there a way I can call the ps1 script using the domain account from the Generic script (VB script)?
Hope this makes sense!! Thanks in advance!!
Generic Script Role (VB Script:)
Function Online( )
PScmd = "powershell.exe -executionpolicy bypass -file " & ROOTFOLDERPATH & "\" & "StartCommPoints.ps1"
Dim WshShell
Set WshShell = CreateObject("WScript.Shell")
rv = WshShell.Run(PScmd, , True)
Dim http
Set http = wGet( "update&online" & SERVICE )
Online = 0
End Function
PowerShell Script (StartCommPoints.ps1):
$credential = Import-CliXml -Path "C:\Program Files (x86)\Philips\IBE\IBEInstaller\HighAvailability\Scripts\rhapsody.xml"
$cred =New-Object System.Management.Automation.PSCredential ($credential.UserName, $credential.Password)
Whenever I try changing Log on for Cluster Service I get below error. I made sure the domain user has all the required permissions.
'The Cluster Service service failed to start due to the following error: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in
(services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.'
Please Help!!!
Thanks,
Surabhi
Surabhi