I have successfully got the remote command to run from Resilient with one issue we discovered.
Our remote_command calls an executable successfully, but here is the issue:
- Remote command successfully sends parameters to remote .exe
- In the parameters being sent over, one includes a remote share to save data to "\\RemoteShare\Data"
- The .exe receives those commands successfully and calls a python script and passes parameters properly.
- When the script then goes to save to "\\RemoteShare\Data" it errors out.
- The error states that this logon type is not allowed
- Wireshark shows the authentication has no values at the time of saving to remote share, meaning the remote command account information is getting lost somewhere.
- When this script is running locally, runs perfect.
The issue we believe is around account context. We tried "Run As" commands but have had no success. IBM Support has recommended we reach out on this forum for some help.
Initial Remote Command Error:
#################################################################################################
ERROR get_case: create_not_exist: "1"; case_path: "\\REMOTESERVER\AMR_Case\2021\WebReview\PIMS14762"
ERROR on line: 260
<type 'java.nio.file.FileSystemException'>: java.nio.file.FileSystemException: \\REMOTESERVER\AMR_Case\2021\WebReview: Logon failure: the user has not been granted the requested logon type at this computer.
Successfully use "RunAs" but can't pass password.
##################################################################################################
>> Needs password for "RUN AS" command
<utilities_shell_command_success[functions.utilities_shell_command] (<utilities_shell_command[functions.utilities_shell_command] (id=224, workflow=send_to_nuix_processing, user=brian.coleman@pfizer.com) 2021-01-08 21:25:03.061000>, [<resilient_circuits.action_message.FunctionResult object at 0x07D4A808>] )>
2021-01-08 16:25:33,334 DEBUG [actions_component] success! [<resilient_circuits.action_message.FunctionResult object at 0x07D4A808>], <utilities_shell_command[functions.utilities_shell_command] (id=224, workflow=send_to_nuix_processing, user=brian.coleman@pfizer.com) 2021-01-08 21:25:03.061000>
2021-01-08 16:25:33,337 DEBUG [actions_component] Message: Completed
2021-01-08 16:25:33,338 DEBUG [actions_component] Ack ID:resilient.localdomain-45232-1605123274281-3:2:8028:1:1
2021-01-08 16:25:33,340 DEBUG [actions_component] Result: {'commandline': '(runas /savecred /user:amer\\SERVICE ACCOUNT " cmd /k C:\\Private\\whoami.bat")', 'start': 1610141131378, 'end': 1610141132975, 'elapsed': 1596, 'exitcode': 1, 'stdout': 'Enter the password for amer\\SERVICE ACCOUNT: \x00\r\n', 'stderr': '', 'stdout_json': None, 'stderr_json': None}
------------------------------
Brian Coleman
------------------------------