Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get-ADReplAccount : Exception has been thrown by the target of an invocation. #152

Closed
EricDaou opened this issue Feb 14, 2023 · 4 comments
Closed

Get-ADReplAccount : Exception has been thrown by the target of an invocation. #152

EricDaou opened this issue Feb 14, 2023 · 4 comments
Labels
duplicate question

Comments

@EricDaou
Copy link

I am trying to run Get-AdReplAccount on a windows 2019 Domain controller, it pulls 2 account's then crashes with the following error

"Get-ADReplAccount : Exception has been thrown by the target of an invocation."

FYI I have applied 95% of the STIG security baseline for server 2019 found here : https://www.stigviewer.com/stig/microsoft_windows_server_2019/

Could one of those controls have locked something down causing this issue?
@MichaelGrafnetter
Copy link
Owner

Hi @EricDaou , if it was caused by the STIG, you would not be able to connect at all. Could you please share the stack trace, as described here?
https://github.com/MichaelGrafnetter/DSInternals/blob/master/.github/CONTRIBUTING.md#submitting-bug-reports

@EricDaou
Copy link
Author

Here is the info you wanted, thanks again

PS C:\Windows\system32> Get-History

Id CommandLine

1 Get-ADReplAccount -All -Server ** -NamingContext "****"

PS C:\Windows\system32> $Error[0].Exception.Message
Exception has been thrown by the target of an invocation.

PS C:\Windows\system32> $Error[0].Exception.StackTrace
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object[] args)
at System.Security.Cryptography.MD5.Create()
at DSInternals.Common.Cryptography.DirectorySecretDecryptor.ComputeMD5(Byte[] key, Byte[] salt, Int32 saltHashRounds)
at DSInternals.Replication.ReplicationSecretDecryptor.DecryptSecret(Byte[] blob)
at DSInternals.Common.Data.DSAccount.LoadHashes(DirectoryObject dsObject, DirectorySecretDecryptor pek)
at DSInternals.Replication.DirectoryReplicationClient.d__17.MoveNext()
at DSInternals.PowerShell.Commands.GetADReplAccountCommand.ReturnAllAccounts()
at System.Management.Automation.CommandProcessor.ProcessRecord()

PS C:\Windows\system32> (Get-Module -Name DSInternals -ListAvailable).Version.ToString()
4.8

PS C:\Windows\system32> (Get-WmiObject -Class Win32_OperatingSystem).Caption
Microsoft Windows Server 2019 Standard

@MichaelGrafnetter
Copy link
Owner

Ah, OK, so that IS caused by the STIG, although I do not quite understand how 2 accounts could have gone through. Maybe they did not have passwords set. Please have a look at issue #97. The only solution on my side would be to reimplement MD5, which I do not want to do. Or maybe a better error message.

@EricDaou
Copy link
Author

Thank you! it was indeed FIPS.. turning it off it all run's as normal.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MichaelGrafnetter @EricDaou