This project is read-only.

FIM Powershell Workflow Activity - runas broken


I have been testing the PowerShell workflow activity and can't seem to get the runas domain\user option to work. If this option is selected, clicking Save results in an "Unable to process request" dialog. Is their additional configuration necessary to make this work?


adweigert wrote Sep 16, 2014 at 1:24 PM

Yes, you need to configure a shared secret key on the SharePoint site web.config and on the FIM service config that is used to encrypt/decrypt the password.

Add an entry to appSettings called "FIMPowerShellActivity.EncryptionKey" with a base64 encoded string that represents the AES256 key.

You can use this PowerShell snippet to generate a random key: [Convert]::ToBase64String((New-Object System.Security.Cryptography.Rfc2898DeriveBytes ([DateTime]::Now.ToString()),32,5000).GetBytes(32))

SimonHochevar wrote Dec 8, 2014 at 3:36 PM

Hi, even if I add the proposed values in the config files, I get the following error:
Failed to login user 'MYDOMAIN\myusername', error 0x00000569; User=myusername DOMAIN=MYDOMAIN ENCRYPTEDPASSWORD=<encryptedpassword>

Event log:
FIM.PowerShell.Workflow.Activities.FIMPowerShellActivityException: Failed to login user 'XXXX\xxxx', error 0x00000569; USER=xxxx DOMAIN=XXXX ENCRYPTEDPASSWORD=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
at FIM.PowerShell.Workflow.Activities.PowerShellRunAsUser.Invoke(Action action)
at FIM.PowerShell.Workflow.Activities.PowerShellActivity.Execute(ActivityExecutionContext executionContext)
at System.Workflow.ComponentModel.ActivityExecutor1.Execute(T activity, ActivityExecutionContext executionContext)
at System.Workflow.ComponentModel.ActivityExecutor
1.Execute(Activity activity, ActivityExecutionContext executionContext)
at System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)
at System.Workflow.Runtime.Scheduler.Run()
Any idea?