All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Does TA-Exchange-Mailbox need domain User account for powershell inputs Exchange 2010?

phoenixdigital
Builder
‎09-26-2017 03:43 PM

Hi All,

Been working at getting the exchange app installed and having issues with this one TA-Exchange-Mailbox and Exchange Server 2010.

http://docs.splunk.com/Documentation/MSExchange/3.4.2/Add-Ons/TA-Mailboxinputs

All the powershell scripts that it tries to run return this error with no more information or reasons.

alt text

The scripts can be run manually by a logged in user and they produce data just fine. The only thing that I think it could be is that the powershell scripts can't be run when the Universal Forwarder is configured to run as Local System Account.

alt text

Thoughts?

The manual makes no reference to this requirement and all the other TA's powershell scripts run OK.

Preview file
11 KB
Preview file
153 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

phoenixdigital
Builder
‎09-26-2017 04:58 PM

A colleague suggested I tweak the TA-Exchange-Mailbox/bin/exchangepowershell.cmd file to include -ExecutionPolicy Bypass and data started flowing.

@ECHO OFF

SET SplunkApp=TA-Exchange-Mailbox

IF %1 EQU v8.0 ( GOTO ExchangeVersion2007 
) ELSE ( GOTO ExchangeVersionOth)

:ExchangeVersion2007
FOR /F "tokens=2* delims=     " %%A IN ('REG QUERY "HKLM\Software\Microsoft\Exchange\%1\Setup" /v MsiInstallPath') DO SET Exchangepath=%%B
Powershell -ExecutionPolicy Bypass -PSConsoleFile "%Exchangepath%\Bin\exshell.psc1" -command ". '%SPLUNK_HOME%\etc\apps\%SplunkApp%\bin\powershell\%2'"
goto:eof

:ExchangeVersionOth
FOR /F "tokens=2* delims=     " %%A IN ('REG QUERY "HKLM\Software\Microsoft\ExchangeServer\%1\Setup" /v MsiInstallPath') DO SET Exchangepath=%%B
Powershell -ExecutionPolicy Bypass -PSConsoleFile "%Exchangepath%\bin\exshell.psc1" -command ". '%SPLUNK_HOME%\etc\apps\%SplunkApp%\bin\powershell\%2'"
goto:eof

We suspect it is due to the local powershell script execution policy but since I don't have access to the server directly this is a quick fix.

http://docs.splunk.com/Documentation/ActiveDirectory/1.2.2/DeployAD/EnableauditingandPowerShellondom...

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

phoenixdigital
Builder
‎09-26-2017 04:58 PM

A colleague suggested I tweak the TA-Exchange-Mailbox/bin/exchangepowershell.cmd file to include -ExecutionPolicy Bypass and data started flowing.

@ECHO OFF

SET SplunkApp=TA-Exchange-Mailbox

IF %1 EQU v8.0 ( GOTO ExchangeVersion2007 
) ELSE ( GOTO ExchangeVersionOth)

:ExchangeVersion2007
FOR /F "tokens=2* delims=     " %%A IN ('REG QUERY "HKLM\Software\Microsoft\Exchange\%1\Setup" /v MsiInstallPath') DO SET Exchangepath=%%B
Powershell -ExecutionPolicy Bypass -PSConsoleFile "%Exchangepath%\Bin\exshell.psc1" -command ". '%SPLUNK_HOME%\etc\apps\%SplunkApp%\bin\powershell\%2'"
goto:eof

:ExchangeVersionOth
FOR /F "tokens=2* delims=     " %%A IN ('REG QUERY "HKLM\Software\Microsoft\ExchangeServer\%1\Setup" /v MsiInstallPath') DO SET Exchangepath=%%B
Powershell -ExecutionPolicy Bypass -PSConsoleFile "%Exchangepath%\bin\exshell.psc1" -command ". '%SPLUNK_HOME%\etc\apps\%SplunkApp%\bin\powershell\%2'"
goto:eof

We suspect it is due to the local powershell script execution policy but since I don't have access to the server directly this is a quick fix.

http://docs.splunk.com/Documentation/ActiveDirectory/1.2.2/DeployAD/EnableauditingandPowerShellondom...

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...