PowerShell workflow triggering event log error and request failure

I have a PowerShell workflow (using the activity library from codeplex) that removes home directories at the appropriate time (triggered by MPR).  The script performs its function and the try block that the remove-item cmdlet is called in doesn't trigger its catch statements (an e-mail to me and more event log entries), but it throws an error in the event log and a failure back to the FIM portal.  In the event log, I get:

Access to the path 'C:\Windows\system32\LogFiles\WMI\RtBackup' is denied.

This doesn't occur if I run the Remove-Item command in a PowerShell session as the FIM app user, but it's definitely the remove-item cmdlet in the script which triggers the event.  UAC is disabled on the server.  I'm not sure what else to check for.  I'd really prefer to have successful executions listed as successes in the portal, but if I have to live with a mismatch, so be it.

Thoughts?

-Robert

July 2nd, 2015 3:16pm

This might be your problem - see the "More PowerShell Problems -ErrorAction Solutions" section in this post, which suggests this solution: add -ErrorAction SilentlyContinue after -recurse

Not sure if that's your issue, but I figure your problem is not actually a FIM one :).

Free Windows Admin Tool Kit Click here and download it now
August 13th, 2015 9:31am
The problem I want to solve isn't how to make PS ignore delete errors ... if the command doesn't work, I want to know about it.  What I'm trying to figure out (and sorry this wasn't clear) is why it's complaining about access to a file that it shouldn't be trying to delete in the first place (since it's not within any home directory path), and why it only makes that complaint when the command is run through FIM PS workflow vs. ISE/PS prompt.
August 13th, 2015 9:54am

I see - but wasn't able to determine this from what you said.  When the FIM workflow runs it is executed in the context of the invoking user, not the FIM service itself.  Could it be that the FIM service account is missing the necessary delegation privileges in AD?  Check the failed FIM request to see the identity of the requestor, and if it is not the FIM service, check what happens when you run your script from the ISE logged on as that user

As for the denied error, see this for an explanation of what this folder is for.

Have a look at the response marked as answer to this thread - this is why I am saying it sounds more like a user profile management/archive issue, baked into the O/S pe

Free Windows Admin Tool Kit Click here and download it now
August 13th, 2015 10:21am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics