All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does TA-Exchange-Mailbox need domain User account for powershell inputs Exchange 2010?

phoenixdigital
Builder
‎09-26-2017 03:43 PM

Hi All,

Been working at getting the exchange app installed and having issues with this one TA-Exchange-Mailbox and Exchange Server 2010.

http://docs.splunk.com/Documentation/MSExchange/3.4.2/Add-Ons/TA-Mailboxinputs

All the powershell scripts that it tries to run return this error with no more information or reasons.

alt text

The scripts can be run manually by a logged in user and they produce data just fine. The only thing that I think it could be is that the powershell scripts can't be run when the Universal Forwarder is configured to run as Local System Account.

alt text

Thoughts?

The manual makes no reference to this requirement and all the other TA's powershell scripts run OK.

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

phoenixdigital
Builder
‎09-26-2017 04:58 PM

A colleague suggested I tweak the TA-Exchange-Mailbox/bin/exchangepowershell.cmd file to include -ExecutionPolicy Bypass and data started flowing.

@ECHO OFF

SET SplunkApp=TA-Exchange-Mailbox

IF %1 EQU v8.0 ( GOTO ExchangeVersion2007 
) ELSE ( GOTO ExchangeVersionOth)

:ExchangeVersion2007
FOR /F "tokens=2* delims=     " %%A IN ('REG QUERY "HKLM\Software\Microsoft\Exchange\%1\Setup" /v MsiInstallPath') DO SET Exchangepath=%%B
Powershell -ExecutionPolicy Bypass -PSConsoleFile "%Exchangepath%\Bin\exshell.psc1" -command ". '%SPLUNK_HOME%\etc\apps\%SplunkApp%\bin\powershell\%2'"
goto:eof

:ExchangeVersionOth
FOR /F "tokens=2* delims=     " %%A IN ('REG QUERY "HKLM\Software\Microsoft\ExchangeServer\%1\Setup" /v MsiInstallPath') DO SET Exchangepath=%%B
Powershell -ExecutionPolicy Bypass -PSConsoleFile "%Exchangepath%\bin\exshell.psc1" -command ". '%SPLUNK_HOME%\etc\apps\%SplunkApp%\bin\powershell\%2'"
goto:eof

We suspect it is due to the local powershell script execution policy but since I don't have access to the server directly this is a quick fix.

http://docs.splunk.com/Documentation/ActiveDirectory/1.2.2/DeployAD/EnableauditingandPowerShellondom...

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

phoenixdigital
Builder
‎09-26-2017 04:58 PM

A colleague suggested I tweak the TA-Exchange-Mailbox/bin/exchangepowershell.cmd file to include -ExecutionPolicy Bypass and data started flowing.

@ECHO OFF

SET SplunkApp=TA-Exchange-Mailbox

IF %1 EQU v8.0 ( GOTO ExchangeVersion2007 
) ELSE ( GOTO ExchangeVersionOth)

:ExchangeVersion2007
FOR /F "tokens=2* delims=     " %%A IN ('REG QUERY "HKLM\Software\Microsoft\Exchange\%1\Setup" /v MsiInstallPath') DO SET Exchangepath=%%B
Powershell -ExecutionPolicy Bypass -PSConsoleFile "%Exchangepath%\Bin\exshell.psc1" -command ". '%SPLUNK_HOME%\etc\apps\%SplunkApp%\bin\powershell\%2'"
goto:eof

:ExchangeVersionOth
FOR /F "tokens=2* delims=     " %%A IN ('REG QUERY "HKLM\Software\Microsoft\ExchangeServer\%1\Setup" /v MsiInstallPath') DO SET Exchangepath=%%B
Powershell -ExecutionPolicy Bypass -PSConsoleFile "%Exchangepath%\bin\exshell.psc1" -command ". '%SPLUNK_HOME%\etc\apps\%SplunkApp%\bin\powershell\%2'"
goto:eof

We suspect it is due to the local powershell script execution policy but since I don't have access to the server directly this is a quick fix.

http://docs.splunk.com/Documentation/ActiveDirectory/1.2.2/DeployAD/EnableauditingandPowerShellondom...

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...