In the ComplianceReader or System Tasks logging, we note error messages being thrown by our Microsoft 365 / Office 365 (Deprecated) / Microsoft Azure / Amazon Web Services / Salesforce Adapter - this always fails at a particular stage, mentioned in our System Tasks or Compliance Reader logs as 'Failed to execute reader x'
Validate that the Pre-Requisites for Powershell inventory gathering are in order - there are additional requirements for the individual Powershell Adapter components, as outlined within the 'System Requirements and Compatibility ' > 'Pre-Requisite Software' section of the docs.flexera.com page for your FlexNet Manager Suite version
Within the importer.log in your ProgramData\Flexera Software\Compliance\Logging\ComplianceReader folder, or accessible from the Download Logs button of your System Tasks page, you should note the name of the stage your Powershell Adapter is failing on, for example:
"Failed to execute Reader 'Get Azure VM Instances' from file C:\ProgramData\Flexera Software\Compliance\ImportProcedures\Inventory\Reader\microsoft azure\Instance.xml"
The Reader 'Get Azure VM Instances' corresponds to a Method within our Powershell Adapter's logic.ps1 file - located with our instance.xml in Reader\Microsoft Azure\
If we open our instance.xml, we can see the 'Get Azure VM Instances' Reader stage corresponds to Invoke-GetAzureInstanceData :
Having identified which method is being run here, we can run the AzureRm (The Azure Resource Manager Module, which the Azure Powershell Adapter utilises) commands this method calls from an Administrator Powershell Command Prompt - for the GetAzureInstanceData stage for example:
This should confirm that your current Powershell session has connected with the relevant Azure Account using the specified tenant, application and secret
<Credential> is a System.Management.Automation.PSCredential object, which should be supplied with our application ID (supplied as a string) and secret key - specified as a securestring - these should both be established within the Beacon UI for this connection
<TenantID> is the Tenant ID, supplied as a string, and again should be established within the Beacon UI when this connection was initially configured
-ServicePrincipal switch should establish we're connecting with a ServicePrincipal account
Scope 0 establishes that only this Powershell session should use the AzureRM account connection we're testing with
ErrorAction establishes whether we should attempt to continue to connect when confronted with an error
Manually running these functions may be used to ascertain whether all permissions for service principal accounts are in order, for example. This can also be used to confirm if there's any network firewalls, etc, blocking particular functions of the Reader.