Skip to content

CredManStore does not appear to work in a PowerShell remote session #203

Open
@sockduct

Description

@sockduct

Prerequisites

  • Write a descriptive title.
  • Make sure you are able to repro it on the latest released version
  • Search the existing issues.

Steps to reproduce

Hello - when using SecretManagement/ExtensionModules/CredManStore, it doesn't work in a PowerShell remote session. Should it or is there a way to get it to work in a remote session? If it is not expected to work in a remote session could this be documented? In fact - I would be willing to submit a PR if someone can walk me through it.

Expected behavior

# On a server:
PS> Set-Secret -Vault CredMan -Name 'mytestcred1' -Secret (Get-Credential)
# Note:  Stores in Windows Credential Manager as "ps:<name>" - worth documenting somewhere?
# Note:  CredMan doesn't support metadata - worth documenting somewhere?
PS> Get-Secret -Name mytestcred1 -Vault CredMan

UserName                     Password
--------                     --------
test1    System.Security.SecureString


# Expecting same behavior in a PowerShell remote session

Actual behavior

# Open a PowerShell remote session into the server:
PS> Enter-PSSession -Computer Server01 -Credential $cred
RPS> Get-Secret -Vault CredMan -Name mytestcred1
Get-Secret : Error while retrieving secret from vault CredMan : ERROR_NO_SUCH_LOGON_SESSION
    + CategoryInfo          : InvalidOperation: (Microsoft.Power...etSecretCommand:GetSecretCommand) [Get-Secret], PSInvalidOperationException
    + FullyQualifiedErrorId : CredManVaultGetError,Microsoft.PowerShell.SecretManagement.GetSecretCommand

Get-Secret : The secret mytestcred1 was not found.
    + CategoryInfo          : ObjectNotFound: (Microsoft.Power...etSecretCommand:GetSecretCommand) [Get-Secret], ItemNotFoundException
    + FullyQualifiedErrorId : GetSecretNotFound,Microsoft.PowerShell.SecretManagement.GetSecretCommand


# Also:
RPS> Set-Secret -Vault CredMan -Name 'mytestcred2' -Secret (Get-Credential)

Windows PowerShell Credential Request: cmdlet Get-Credential at command pipeline position 1
Warning: A script or application on the remote computer IT-SCRIPT-PROD1.DWSD.ORG is requesting your credentials. Enter your credentials only if you trust the remote computer and the application or script that is requesting them.

Supply values for the following parameters:
Credential
set-secret : Error while writing secret to vault CredMan : ERROR_NO_SUCH_LOGON_SESSION
At line:1 char:1
+ set-secret -vault credman -name mytestcred2 -secret (get-credential)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Microsoft.Power...etSecretCommand:SetSecretCommand) [Set-Secret], PSInvalidOperationException
    + FullyQualifiedErrorId : CredManVaultWriteError,Microsoft.PowerShell.SecretManagement.SetSecretCommand

Error details

# Please see actual behavior section - let me know if more details needed/desired

Environment data

# Server 2016 used:
PS> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.14393.5127
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14393.5127
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version

CredManStore 1.0.0

Visuals

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions