• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
ControlUp Community

ControlUp Community

Connect, Learn, and Grow

  • Blog
  • Podcast
  • Meetups
  • Archives
  • Categories
    • ControlUp One Platform
    • ControlUp for Apps
    • ControlUp for Compliance
    • ControlUp for Desktops
    • ControlUp Scripts & Triggers
    • ControlUp Synthetic Monitoring
    • ControlUp for VDI
  • Topics
  • Events
    • Logos & Wallpaper
    • ControlUp.com
  • Join

Troubleshooting Script Issues with “Power On Generic VM” in ControlUp

Posted on April 19, 2024

A user reported encountering an issue with the "Power On Generic VM" script while using ControlUp at a customer’s site. Others responded with potential solutions and one user shared their process for releasing scripts on the ControlUp Community Slack channel. The original poster planned to run the script in a trigger on powered off VMs and asked if this would affect permissions. The conversation also delved into the necessary user permissions for scripts that use invoke-cuquery or similar functions and the importance of running as a domain user. A linked to a previous post about releasing scripts on the ControlUp Community Slack channel was also shared.


Read the entire ‘Troubleshooting Script Issues with "Power On Generic VM" in ControlUp’ thread below:

Issue with "Power On Generic VM"

Hi guys,

at a customer I ran into a (for me) strange issue with the "Power On Generic VM" script by @member

When I run the script via ControlUp console I get the following Error (see screenshot):

  • FullyQualifiedErrorId : System.UnauthorizedAccessException,ControlUp.PowerShell.User.Cmdlets.QueryMonitorService.InvokeQueryCmdlet

If I am connecting via RDP, with the very same user which runs the script in Realtime Console and run the script "manually" via powershell.exe everything works as expected.

Do I miss something obvious?

EDIT:

The user running the script is "local admin" on Monitors so "Log on as a batch job" and "Logon as a service" is in place ("Deny log on as batch job" is empty)


does the account running the script also have that permission in the security policy?


Yes. Account has "Run shared Script Actions" and in Machine Actions the right to run that specific script action…

Or do you asking for another permission?


this script uses the build in action to power on vm’s so the user also needs the permission to do that

@member we might need to make this more clear in the description


Power On VM is also granted…


So the list of permissions would be:

• Log on as a batch job

• Logon as a service

• Run shared Script Actions

• Power On VM

• (permission to run the actual script)

yes?


I duplicated the script and checked "Execute script with .NET Engine"; changed execution context to "Other machine" and selected a monitor; changed security context to "Default" and modified the script like this and its working:

“`

.SYNOPSIS

This script performs a Power On on a VM

.DESCRIPTION

This script performs a Power On on a VM. The script uses the CU Actions in version 8.8 to action the power-on, regardless of the underlying hypervisor.

.PARAMETER hostname

The hostname to perform the action on, supplied via a trigger or right-click action against a VM

.NOTES

Version: 0.1

Context: Computer, executes on Monitor

Author: Bill Powell

Requires: Realtime DX 8.8

Creation Date: 2023-05-11

.LINK

https://support.controlup.com/docs/powershell-cmdlets-for-solve-actions

>

[CmdletBinding()]

param (

[Parameter(Mandatory = $true, HelpMessage = ‘hostname of machine to be actioned’)]

[ValidateNotNullOrEmpty()]

[string]$hostname

)

region ControlUpScriptingStandards

$VerbosePreference = $(if( $PSBoundParameters[ ‘verbose’ ] ) { $VerbosePreference } else { ‘SilentlyContinue’ })

$DebugPreference = $(if( $PSBoundParameters[ ‘debug’ ] ) { $DebugPreference } else { ‘SilentlyContinue’ })

$ErrorActionPreference = $(if( $PSBoundParameters[ ‘erroraction’ ] ) { $ErrorActionPreference } else { ‘Stop’ })

$ProgressPreference = ‘SilentlyContinue’

[int]$outputWidth = 400

if( ( $PSWindow = (Get-Host).UI.RawUI ) -and ( $WideDimensions = $PSWindow.BufferSize ) )

{

$WideDimensions.Width = $outputWidth

$PSWindow.BufferSize = $WideDimensions

}

endregion ControlUpScriptingStandards

region Define the CUAction

$RequiredAction = "Power On VM" # or any of "Force Power Off VM","Force Reset VM","Power On VM","Restart Guest","Shutdown Guest"

$RequiredActionCategory = ‘VM Power Management’

endregion

region Process Args

$hostname = $args[0] # the computername is passed as the only argument

endregion

region Load the version of the module to match the running monitor and check that it has the new features

function Get-MonitorDLLs {

[CmdletBinding()]

param (

[Parameter(Mandatory=$true)][string[]]$DLLList

)

[int]$DLLsFound = 0

Get-CimInstance -Query "SELECT * from win32_Service WHERE Name = ‘cuMonitor’ AND State = ‘Running’" | ForEach-Object {

$MonitorService = $_

if ($MonitorService.PathName -match ‘^(?<op>"{0,1})\b(?<text>[^"]*)\1$’) {

$Path = $Matches.text

$MonitorFolder = Split-Path -Path $Path -Parent

$DLLList | ForEach-Object {

$DLLBase = $_

$DllPath = Join-Path -Path $MonitorFolder -ChildPath $DLLBase

if (Test-Path -LiteralPath $DllPath) {

$DllPath

$DLLsFound++

}

else {

throw "DLL $DllPath not found in running monitor folder"

}

}

}

}

if ($DLLsFound -ne $DLLList.Count) {

throw "cuMonitor is not installed or not running"

}

}

$AcceptableModules = New-Object System.Collections.Generic.List[object]

try {

$DllsToLoad = Get-MonitorDLLs -DLLList @(‘ControlUp.PowerShell.User.dll’)

$DllsToLoad | Import-Module

$DllsToLoad -replace "^.*\\",” -replace "\.dll$",” | ForEach-Object {$AcceptableModules.Add($_)}

}

catch {

$exception = $_

Write-Error "Required DLLs not loaded: $($exception.Exception.Message)"

}

if (-not ((Get-Command -Name ‘Invoke-CUAction’ -ErrorAction SilentlyContinue).Source) -in $AcceptableModules) {

Write-Error "ControlUp version 8.8 commands are not available on this system"

exit 0

}

endregion

region Perform CUAction on target

$ThisComputer = Get-CimInstance -ClassName Win32_ComputerSystem

Write-Output "Action $RequiredAction applied to $hostname from $env:hostname"

$Action = (Get-CUAvailableActions -DisplayName $RequiredAction | Where-Object {($.Title -eq $RequiredAction) -and ($.IsSBA -eq $false) -and ($_.Category -eq $RequiredActionCategory)})[0]

$Action

$Allrows = Invoke-CUQuery -Table $Action.Table -Fields * -Where "sName = ‘${hostname}’"

"———————-"

$Allrows

"———————-"

$Allrows.Data | ForEach-Object {

$VMTableRow = $_

$Result = Invoke-CUAction -ActionId $Action.Id `

-Table $Action.Table `

-RecordsGuids @($VMTableRow.key)

Write-Output "Action $RequiredAction applied to $hostname, result $($Result.Result)"

}

endregion

Write-Output "Done"“`

Ok, it worked just once… 😞

Seems Invoke-CUQuery is the problem…

If I run it manually $Allrows.Data looks good (its shorted but you get it):

“`Data : {@{key=a4c8e1f9-4b44-4e8a-b478-f0529f839c45; objectId=93758; […] AzureTotalBandwidthCost=}}

Success : True

Error :

ErrorCode : 0

Total : 1

Returned : 1

Stats : { DriverTime = 17, Channels = 0, SearchIni = 3, SearchIniNodeAvg = 0,333333333333333, SearchIniNodeMax = 1, Seek = 0, Collect = 0 }

CurrentTime : 19.04.2024 15:40:52 +02:00

RequestId : 545163a9-1516-47b1-91f6-2ffb1271addc“`

If I run it via SBA $Allrows.Data is empty:

“`Data :

Success : True

Error :

ErrorCode : 0

Total : 0

Returned : 0

Stats : { DriverTime = 2, Channels = 0, SearchIni = 2, SearchIniNodeAvg = 0, SearchIniNodeMax = 0, Seek = 0,

Collect = 0 }

CurrentTime : 19.04.2024 15:42:55 +02:00

RequestId : 6a55e063-dd66-4c51-9954-56886e555fc4“`


Hmm. I found my original post on releasing those scripts here: https://controlupcommunity.slack.com/archives/C054TRXJUQN/p1688056505493399

The only thing that might be relevant here is my testing methodology, which was to develop the power off and power on scripts at the same time, so I clearly ran the two scripts, one after the other, several times.


Ok… I plan to run the script in a trigger on powered off VMs…


Any script that uses invoke-cuquery or anything like it (export-cuquery, invoke-cuaction, etc), needs to run as a domain user. Else the monitor will try to evaluate if the is allowed to access the data you’re trying to access using the ControlUp security policy.

Do note that I mean the user listed under execution context. Not who-ever right clicks a machine in the console.

If you do not specify a domain user, the monitor will try to lookup if system or network service has permission to run the script. And I don’t think you could get permissions assigned to a computer account in the CU security policy (I guess you could make it member of a AD security group)

Continue reading and comment on the thread ‘Troubleshooting Script Issues with “Power On Generic VM” in ControlUp’.  Not a member? Join Here!


Categories: All Archives, ControlUp for VDI, ControlUp Scripts & Triggers
Topics: ControlUp Solve, Logs, Microsoft, Microsoft Active Directory, Microsoft RDP, PowerShell, Reporting, Scripts, Security, Triggers, Virtual Desktops

Ask Us Anything, Connect, Learn, and Grow with the ControlUp Community!

Login to the ControlUp Community to ask us anything, stay up-to-date on what’s new and coming soon and meet other like-minded techies like you.

Not already a member? Join Today!

Primary Sidebar

ControlUp Academy

Enroll in ControlUp Academy for expert-led technical training, equipping you with skills to effectively deploy, manage, and grow your ControlUp investment.

Learn here >

Rotating Images

Hidden Gem from our Community on Slack!

ControlUp Betas - What's Coming Next?
NEW ControlUp Features - Stay Up-to-Date!
ControlUp Scripts - Scripting, Zero to Hero
Latest KB Articles - Be the First to Learn
Did you Know - with Sivan Kroitoru
Practical Perspectives Technical Use Case Training

Video Tutorials Library

Visit our technical how-to videos, offering step-by-step tutorials on advanced features, troubleshooting, and best practices.

Watch here >

ControlUp Blog

Check out the ControlUp blog for expert advice and in-depth analysis.

Read here >

ControlUp Script Library

Visit the ControlUp technical script library, which offers a multitude of pre-built scripts and custom actions for your monitoring and troubleshooting requirements.

See here >

ControlUp Support

Visit the ControlUp support home and to delve deeper into ControlUp solutions.

Browse here >

Download ControlUp RealTime DX

Start with ControlUp for real-time end-user environment insights, swift troubleshooting, and unprecedented performance optimization. Download now.

Download here >

Footer

      

ControlUp Community
Of Techie, By Techie, For Techie!

Terms of Use | Privacy Policy | Security
Dive Deeper, Learn more at ControlUp.com

  • facebook
  • twitter
  • youtube
  • linkedin

© 2023–2025 ControlUp Technologies LTD, All Rights Reserved.

We use cookies to ensure that we give you the best experience on our website. by continuing to use this site you agree to our Cookie policy..