Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error at Invoke-ScriptInBcContainer. Exception calling "Deserialize" with "1" argument(s): "Error occurred during a cryptographic operation." #3761

Open
jose-lloret opened this issue Nov 14, 2024 · 0 comments
Open

Error at Invoke-ScriptInBcContainer. Exception calling "Deserialize" with "1" argument(s): "Error occurred during a cryptographic operation." #3761

jose-lloret opened this issue Nov 14, 2024 · 0 comments
Assignees
@freddydk

Comments

@jose-lloret
Copy link
Contributor

Describe the issue

Running a PowerShell script to upgrade a Business Central database to current version raises the exception "Deserialize" with "1" argument(s): "Error occurred during a cryptographic operation.".
The script is using the Invoke-ScriptInBcContainer command and inside the script block the command that is raising the exception is Invoke-NAVApplicationDatabaseConversion.

Running the same commands without the need of the Invoke-ScriptInBcContainer inside the PowerShell container prompt works smoothly.

I'm trying to convert a BC14 database to BC25. For this, inside the BC25 container that is using a BC25 database I run the Invoke-NAVApplicationDatabaseConversion command to a BC14 database hosted in a external SQL Server.

Scripts used to create container and cause the issue

This script creates the BC25 container.

$Config = Get-Content 'config.json' -Encoding UTF8 | ConvertFrom-Json

$ContainerCred = New-Object PSCredential $Config.ContainerUser,(ConvertTo-SecureString -String $Config.containerPass -AsPlainText -Force)
$DBCred = New-Object PSCredential $Config.dbUser,(ConvertTo-SecureString -String $Config.dbPass -AsPlainText -Force)

$params = @{
    containerName = $Config.vaserver
    Credential = $ContainerCred
    auth = 'NavUserPassword'
    artifactUrl = 'https://bcartifacts-exdbf9fwegejdqak.b02.azurefd.net/onprem/25.1.25873.25900/es'
    licenseFile =  'C:\temp\MSPartnerBC25.bclicense'
    databaseServer = $Config.dbServer
    databaseName = 'op251'
    databaseCredential = $DBCred
    doNotExportObjectsToText = $true
    multitenant = $false
    assignPremiumPlan = $false
    useTraefik = $false
    bakFile = ''
    useGenericImage = ''
    includeCSide = $false
    useNewDatabase = $false
    includeAL = $false
    bakFolder = ''
    accept_eula = $true
    accept_outdated = $true
    includeTestToolkit = $false
    dns = ''
    isolation = 'process'
    enableTaskScheduler = $false
    useSSL = $false
    accept_insiderEula = $true
    alwaysPull = $true
    updateHosts = $true
    TimeZoneId = 'Romance Standard Time'
    PublicDnsName = ''
}

New-BcContainer @params

This is the script that I'm running to make the conversion and raises the exception:

$Config = Get-Content 'config.json' -Encoding UTF8 | ConvertFrom-Json

Invoke-ScriptInBcContainer `
    -containerName $Config.vaserver `
    -scriptblock {
        param(
            [string]$dbServer,
            [string]$dbName,
            [string]$dbUser,
            [string]$dbPass
        )

        $cred = New-Object PSCredential $dbUser,(ConvertTo-SecureString -String $dbPass -AsPlainText -Force)

        Invoke-NAVApplicationDatabaseConversion `
            -DatabaseServer $dbServer `
            -DatabaseName $dbName `
            -ApplicationDatabaseCredentials $cred `
            -Force
    } `
    -argumentList $Config.dbServer,$Config.vf14dbName,$Config.dbUser,$Config.dbPass

Full output of scripts

Container creation output:

BcContainerHelper is version 6.0.28
BcContainerHelper is not running as administrator
Host is Microsoft Windows 11 Pro - 10.0.22631.4317
UsePsSession is True
UsePwshForBc24 is True
UseWinRmSession is never
UseSslForWinRmSession is True
Docker Client Version is 27.2.0
Docker Server Version is 27.2.0
Removing Session op251
Removing container op251
Removing entries from hosts
Removing op251 from container hosts file
Removing op251-* from container hosts file
Removing Desktop shortcuts
Removing C:\ProgramData\BcContainerHelper\Extensions\op251
Fetching all docker images
Fetching all docker volumes
Pulling image mcr.microsoft.com/businesscentral:ltsc2022
ltsc2022: Pulling from businesscentral
Digest: sha256:549ceca21454562eb552f53ac18c12fb442a373724526c5abebd45aeafc57ea5
Status: Image is up to date for mcr.microsoft.com/businesscentral:ltsc2022
mcr.microsoft.com/businesscentral:ltsc2022
Using image mcr.microsoft.com/businesscentral:ltsc2022
Creating Container op251
Style: onprem
Multitenant: No
Version: 25.1.25873.25900
Platform: 25.0.25866.0
Generic Tag: 1.0.2.50
Container OS Version: 10.0.20348.2762 (ltsc2022)
Host OS Version: 10.0.22631.4317 (23H2)
Using process isolation
Using locale es-ES
Disabling the standard eventlog dump to container log every 2 seconds (use -dumpEventLog to enable)
Using license file C:\temp\MSPartnerBC25.bclicense
Additional Parameters:                                                                                                  
--env customNavSettings=EnableTaskScheduler=False
Files in C:\ProgramData\BcContainerHelper\Extensions\op251\my:
- AdditionalOutput.ps1
- HelperFunctions.ps1
- license.bclicense
- MainLoop.ps1
- SetupVariables.ps1
- updatehosts.ps1
Creating container op251 from image mcr.microsoft.com/businesscentral:ltsc2022
Using Shared Encryption Key file
7abd823e0051655ba7a1889d3e6f3821d7dd3893c6dd52b98dc21bfdc30f132b
Waiting for container op251 to be ready
Using artifactUrl https://bcartifacts-exdbf9fwegejdqak.b02.azurefd.net/onprem/25.1.25873.25900/es
Using installer from C:\Run\240
Installing Business Central: multitenant=False, installOnly=False, filesOnly=False, includeTestToolkit=False, includeTestLibrariesOnly=False, includeTestFrameworkOnly=False, includePerformanceToolkit=False, appArtifactPath=c:\dl\onprem\25.1.25873.25900\es, platformArtifactPath=c:\dl\onprem\25.1.25873.25900\platform, databasePath=, licenseFilePath=c:\dl\onprem\25.1.25873.25900\es\database\Cronus.bclicense, rebootContainer=True
Installing from artifacts
Starting Local SQL Server
Starting Internet Information Server
Copying Service Tier Files
c:\dl\onprem\25.1.25873.25900\platform\ServiceTier\Program Files
c:\dl\onprem\25.1.25873.25900\platform\ServiceTier\System64Folder
Copying Web Client Files
c:\dl\onprem\25.1.25873.25900\platform\WebClient\Microsoft Dynamics NAV
Copying ModernDev Files
c:\dl\onprem\25.1.25873.25900\platform
c:\dl\onprem\25.1.25873.25900\platform\ModernDev\program files\Microsoft Dynamics NAV
Copying additional files
Copying ConfigurationPackages
C:\dl\onprem\25.1.25873.25900\platform\ConfigurationPackages
Copying Test Assemblies
C:\dl\onprem\25.1.25873.25900\platform\Test Assemblies
Copying Applications
C:\dl\onprem\25.1.25873.25900\es\Applications
Copying dependencies
Importing PowerShell Modules
Skipping restore of Cronus database
Modifying Business Central Service Tier Config File for Docker
Creating Business Central Service Tier
Installing SIP crypto provider: 'C:\Windows\System32\NavSip.dll'
Installation took 17 seconds
Installation complete
Initializing...
Setting host.docker.internal to 192.168.168.99 in container hosts file (copy from host hosts file)
Setting gateway.docker.internal to 192.168.168.99 in container hosts file (copy from host hosts file)
Setting kubernetes.docker.internal to 127.0.0.1 in container hosts file (copy from host hosts file)
Setting host.containerhelper.internal to 172.29.32.1 in container hosts file
Starting Container
Hostname is op251
PublicDnsName is op251
Using NavUserPassword Authentication
Import Encryption Key
Stopping local SQL Server
Creating Self Signed Certificate
Self Signed Certificate Thumbprint AD7BE7C37D5F3D1A18704B15CA26FDE7CB875BBB
DNS identity op251
Modifying Service Tier Config File with Instance Specific Settings
Modifying Service Tier Config File with settings from environment variable
Setting EnableTaskScheduler to False
Starting Service Tier
Registering event sources
Creating DotNetCore Web Server Instance
Using application pool name: BC
Using default container name: NavWebApplicationContainer
Copy files to WWW root C:\inetpub\wwwroot\BC
Create the application pool BC
Create website: NavWebApplicationContainer without SSL
Update configuration: navsettings.json
Done Configuring Web Client
Using license file 'c:\run\my\license.bclicense'
Import License
Creating http download site
Container IP Address: 172.29.40.17
Container Hostname  : op251
Container Dns Name  : op251
Web Client          : http://op251/BC/
Dev. Server         : http://op251
Dev. ServerInstance : BC
Setting op251 to 172.29.40.17 in host hosts file

Files:
http://op251:8080/ALLanguage.vsix

Container Total Physical Memory is 31.6Gb
Container Free Physical Memory is 4.0Gb

Initialization took 157 seconds
Ready for connections!
Reading CustomSettings.config from op251
Set TimeZone in Container to Romance Standard Time
Creating Desktop Shortcuts for op251
Cleanup old dotnet core assemblies
Container op251 successfully created

Use:
Get-BcContainerEventLog -containerName op251 to retrieve a snapshot of the event log from the container
Get-BcContainerDebugInfo -containerName op251 to get debug information about the container
Enter-BcContainer -containerName op251 to open a PowerShell prompt inside the container
Remove-BcContainer -containerName op251 to remove the container again
docker logs op251 to retrieve information about URL's again
...

This is the ouput for the conversion script:

Invoke-ScriptInBcContainer: C:\Users\myuser\git\scripts\test.ps1:3
Line |
   3 |  Invoke-ScriptInBcContainer `
     |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Exception calling "Deserialize" with "1" argument(s): "Error occurred during a cryptographic operation."

This is the error trace obtained with the $Error[0] | Format-List -Force command:

Exception             : System.Management.Automation.MethodInvocationException: Exception calling "Deserialize" with "1" argument(s): "Error occurred during a cryptographic operation."
                         ---> System.Security.Cryptography.CryptographicException: Error occurred during a cryptographic operation.
                           at Microsoft.PowerShell.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
                           at Microsoft.PowerShell.SecureStringHelper.Unprotect(String input)
                           at System.Management.Automation.InternalDeserializer.ReadSecureString()
                           at System.Management.Automation.InternalDeserializer.ReadOneDeserializedObject(String& streamName, Boolean& isKnownPrimitiveType)
                           at System.Management.Automation.InternalDeserializer.ReadOneObject(String& streamName)
                           at System.Management.Automation.InternalDeserializer.ReadProperties(PSObject dso)
                           at System.Management.Automation.InternalDeserializer.ReadPSObject()
                           at System.Management.Automation.InternalDeserializer.ReadOneDeserializedObject(String& streamName, Boolean& isKnownPrimitiveType)
                           at System.Management.Automation.InternalDeserializer.ReadOneObject(String& streamName)
                           at System.Management.Automation.InternalDeserializer.ReadProperties(PSObject dso)
                           at System.Management.Automation.InternalDeserializer.ReadPSObject()
                           at System.Management.Automation.InternalDeserializer.ReadOneDeserializedObject(String& streamName, Boolean& isKnownPrimitiveType)
                           at System.Management.Automation.InternalDeserializer.ReadOneObject(String& streamName)
                           at System.Management.Automation.InternalDeserializer.ReadListContainer(ContainerType ct)
                           at System.Management.Automation.InternalDeserializer.ReadPSObject()
                           at System.Management.Automation.InternalDeserializer.ReadOneDeserializedObject(String& streamName, Boolean& isKnownPrimitiveType)
                           at System.Management.Automation.InternalDeserializer.ReadOneObject(String& streamName)
                           at System.Management.Automation.Deserializer.Deserialize(String& streamName)
                           at System.Management.Automation.PSSerializer.DeserializeAsList(String source)
                           at System.Management.Automation.PSSerializer.Deserialize(String source)
                           at CallSite.Target(Closure, CallSite, Type, Object)
                           --- End of inner exception stack trace ---
                           at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)
                           at Invoke-ScriptInBcContainer(Closure, FunctionContext)
                           at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object dollarUnderbar, Object inputToProcess)
                           at System.Management.Automation.CommandProcessorBase.Complete()
TargetObject          :
CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
FullyQualifiedErrorId : CryptographicException
ErrorDetails          :
InvocationInfo        : System.Management.Automation.InvocationInfo
ScriptStackTrace      : at Invoke-ScriptInBcContainer, C:\Users\myuser\Documents\PowerShell\Modules\BcContainerHelper\6.0.28\ContainerHandling\Invoke-ScriptInNavContainer.ps1: line 297
                        at <ScriptBlock>, C:\Users\myuser\git\scripts\test.ps1: line 3
                        at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo : {}
PSMessageDetails      :

Additional context

As I have said previously, the commands inside the script block work perfectly in the container powershell prompt with the same configuration.

[OP251] PS C:\Run\my> $Config = Get-Content 'config.json' -Encoding UTF8 | ConvertFrom-Json
[OP251] PS C:\Run\my> $cred = New-Object PSCredential $Config.dbUser,(ConvertTo-SecureString -String $Config.dbPass -AsPlainText -Force)
[OP251] PS C:\Run\my> Invoke-NAVApplicationDatabaseConversion -DatabaseServer $Config.dbServer -DatabaseName $Config.vf14dbName -ApplicationDatabaseCredentials $cred -Force
Inplace publishing skipped. Emit version 25047 is current.

DatabaseServer      : host.docker.internal
DatabaseName        : VF14_3441
DatabaseCredentials : System.Management.Automation.PSCredential
DatabaseLocation    :
Collation           :

This is the host PowerShell version:

Name                           Value
----                           -----
PSVersion                      7.4.6
PSEdition                      Core
GitCommitId                    7.4.6
OS                             Microsoft Windows 10.0.22631
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

And this is the docker container PowerShell version:

Name                           Value
----                           -----
PSVersion                      7.4.5
PSEdition                      Core
GitCommitId                    7.4.5
OS                             Microsoft Windows 10.0.22631
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@freddydk freddydk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@freddydk @jose-lloret