Diagnosing Inventory Beacon Powershell Connection issues

Diagnosing Inventory Beacon Powershell Connection issues

Symptoms:

In the ComplianceReader or System Tasks logging, we note error messages being thrown by our Microsoft 365 / Office 365 (Deprecated) / Microsoft Azure / Amazon Web Services / Salesforce Adapter - this always fails at a particular stage, mentioned in our System Tasks or Compliance Reader logs as 'Failed to execute reader x'

Diagnosis:

Validate that the Pre-Requisites for Powershell inventory gathering are in order - there are additional requirements for the individual Powershell Adapter components, as outlined within the 'System Requirements and Compatibility ' > 'Pre-Requisite Software' section of the docs.flexera.com page for your FlexNet Manager Suite version

Within the importer.log in your ProgramData\Flexera Software\Compliance\Logging\ComplianceReader folder, or accessible from the Download Logs button of your System Tasks page, you should note the name of the stage your Powershell Adapter is failing on, for example:

"Failed to execute Reader 'Get Azure VM Instances' from file C:\ProgramData\Flexera Software\Compliance\ImportProcedures\Inventory\Reader\microsoft azure\Instance.xml"

The Reader 'Get Azure VM Instances' corresponds to a Method within our Powershell Adapter's logic.ps1 file - located with our instance.xml in Reader\Microsoft Azure\

If we open our instance.xml, we can see the 'Get Azure VM Instances' Reader stage corresponds to Invoke-GetAzureInstanceData :

<Reader xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xsi:type="SourceToObject"
Name="Get Azure VM Instances"
Order="110"
Retries="1"
Language="PowerShell"                
Method="Invoke-GetAzureInstanceData"

Having identified which method is being run here, we can run the AzureRm (The Azure Resource Manager Module,  which the Azure Powershell Adapter utilises) commands this method calls from an Administrator Powershell Command Prompt - for the GetAzureInstanceData stage for example:

  1. Connect-AzureRmAccount -Credential <credential> -TenantID <tenantid> -ServicePrincipal -Scope 0 -ErrorAction Stop
    1. This should confirm that your current Powershell session has connected with the relevant Azure Account using the specified tenant, application and secret
    2. <Credential> is a System.Management.Automation.PSCredential object, which should be supplied with our application ID (supplied as a string) and secret key - specified as a securestring - these should both be established within the Beacon UI for this connection
    3. <TenantID> is the Tenant ID, supplied as a string, and again should be established within the Beacon UI when this connection was initially configured
    4. -ServicePrincipal switch should establish we're connecting with a ServicePrincipal account
    5. Scope 0 establishes that only this Powershell session should use the AzureRM account connection we're testing with
    6. ErrorAction establishes whether we should attempt to continue to connect when confronted with an error
    7. For more details on this function in particular, note the Microsoft documentation - https://docs.microsoft.com/en-us/powershell/module/azurerm.profile/connect-azurermaccount?view=azure...
  2. Get-AzureRmSubscription
    1. Once a connection is established, this should allow us to output all associated subscriptions our Service Principal Account may access
    2. For more details on this function in particular, note the Microsoft documentation - https://docs.microsoft.com/en-us/powershell/module/azurerm.profile/get-azurermsubscription?view=azur...
  3. Get-AzureRmVmSize -Location <A specified Azure Location, e.g. US Central>
    1. This should output all available Azure VM sizes for the specified location
    2. The Location itself may be fed into the command as a String - e.g. 'Central US'
    3. For more details on this function in particular, note the Microsoft documentation - https://docs.microsoft.com/en-us/powershell/module/azurerm.compute/get-azurermvmsize?view=azurermps-...
  4. Get-AzureRmLocation
    1. Utilised in the Logic as Get-AzureRmLocation  | Where-Object {$_.providers -contains "Microsoft.Compute"}
    2. This outputs all Locations that contain the relevant Microsoft.Compute resource provider
    3. For more details on this function in particular, note the Microsoft documentation - https://docs.microsoft.com/en-us/powershell/module/azurerm.resources/get-azurermlocation?view=azurer...

Manually running these functions may be used to ascertain whether all permissions for service principal accounts are in order, for example.
This can also be used to confirm if there's any network firewalls, etc, blocking particular functions of the Reader.

Was this article helpful? Yes No
No ratings
Version history
Revision #:
1 of 1
Last update:
‎Jul 06, 2020 03:40 AM
Updated by:
 
Contributors