Problem with Dell Warranty script

TKordas · August 24, 2023, 10:18pm

Hello.

I am currently trying to set up a way to get Dell Warranty information through BigFix. I have been following this to get it completed Dell Warranty PowerShell with OAuth 2.0

I am very new to BigFix and just as new to scripting as well so this is most likely just me not knowing exactly what I need to do. Below is what I currently have set up.

parameter “PowerShellExe”=“C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe”
parameter “ServiceTags”=“string values of selects “IdentifyingNumber from Win32_ComputerSystemProduct” of wmi”
parameter “dellFolder”=“C:\ProgramData\Dell”

action parameter query “ApiKey” with description “”
action parameter query “KeySecret” with description “”

delete __createfile
delete run.ps1

createfile until end
Param(
[Parameter(Mandatory = $true)]
$ServiceTags,
[Parameter(Mandatory = $true)]
$ApiKey,
[Parameter(Mandatory = $true)]
$KeySecret
)
[String]$servicetags = $ServiceTags -join ", "

$AuthURI = "https://apigtwb2c.us.dell.com/auth/oauth/v2/token"
$OAuth = "$ApiKey`:$KeySecret"
$Bytes = [System.Text.Encoding]::ASCII.GetBytes($OAuth)
$EncodedOAuth = [Convert]::ToBase64String($Bytes)
$Headers = @{{ }
$Headers.Add("authorization", "Basic $EncodedOAuth")
$Authbody = 'grant_type=client_credentials'
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Try {{
    $AuthResult = Invoke-RESTMethod -Method Post -Uri $AuthURI -Body $AuthBody -Headers $Headers
    $Global:token = $AuthResult.access_token
}
Catch {{
    $ErrorMessage = $Error[0]
    Write-Error $ErrorMessage
    BREAK        
}
Write-Host "Access Token is: $token`n"

$headers = @{{"Accept" = "application/xml" }
$headers.Add("Authorization", "Bearer $token")

$params = @{{ }
$params = @{{servicetags = $servicetags; Method = "GET" }

$Global:response = Invoke-RestMethod -Uri "https://apigtwb2c.us.dell.com/PROD/sbil/eapi/v5/asset-entitlements" -Headers $headers -Body $params -Method Get -ContentType "application/xml" -OutFile "C:\ProgramData\Dell\BigFixDellWarranty.xml"
end

move __createfile run.ps1

if {not exist folder (parameter “dellFolder”)}
folder create “{parameter “dellFolder”}”
endif

waithidden “{parameter “PowershellExe”}” -ExecutionPolicy Bypass -File run.ps1 -ServiceTags “{parameter “ServiceTags”}” -ApiKey “{parameter “ApiKey”}” -KeySecret “{parameter “KeySecret”}”

Ive tried running this and other versions where ive changed one or two things. BigFix action always comes out and says “Fixed” but the XML file is never created. Thank you.

orbiton · August 25, 2023, 2:25am

remember that BigFix by default works in 32-bit , not 64-bit… so there are times you will need to add action uses wow64 redirection {not x64 of operating system}
before waithidden “{parameter “PowershellExe”}”…

Also, remember that BigFix actions by Default using LocalSystem - you can simulate it by opening PowerShell ISE as LocalSystem (through PsExec) and check the script itself

ageorgiev · August 25, 2023, 8:31am

@orbiton is spot-on, there is no way for the script to make RestAPI call by default if running as “LocalSystem”. If you want to do some wait override to specify running it under specific account, that may work but not as is.

Rony · August 25, 2023, 2:15pm

I haven’t added “action uses wow64 redirection {not x64 of operating system}” and my current task is working. I also run the action fine as SYSTEM since the API call is with Dell. You can certainly try these changes as they shouldn’t hurt anything but I don’t think these are your issues since mine is working. The only change I made from the original upload was relevance to run less often based on the XML modification date. I may have also changed the “Success Criteria” of the action to confirm the XML is present. You may have the “Success Criteria” currently set to “This action will be considered successful when it runs to completion”. Have you created the API with Dell? The action will prompt for an API Key and Password each time it is run. Dell will require you to renew the API key on an annual basis but this is a simple 5 second process by logging into Tech Direct and renewing.

TKordas · August 25, 2023, 3:00pm

Yeah I have the Dell API and is all set.

And yeah I was wondering about that. When I choose take action on it it pops up with the API key and a little text box to write something in. I would write “API Key” click ok and then it would move to the same thing but with the KeySecret. And same thing I would just write in “KeySecret”.

Not sure if theres anything more I need to do with that?

But even when I run this it doesnt create the XML file on my machine. Ive only been pushing it to my laptop before trying to deploy to any others. So im wondering if I need to change anything int he script?

JasonWalker · August 25, 2023, 3:03pm

You’re…entering the literal strings “API Key” and “KeySecret”?

Those should be replaced with the actual values, that are specific for you. They are similar to a username and password that is allowed to access your Dell Support account.

TKordas · August 25, 2023, 3:05pm

As I said im very new to this lol, still trying to learn.

So when I click “Take Action” on the Fixlet an Action Parameter pop up appears and already has the API Key in grey and below that has a little text box to type in. Not sure if I even need to type anything into it?

JasonWalker · August 25, 2023, 3:08pm

Those are input dialogs, they need input from you.

The Fixlet Description has a link to the Dell Tech direct website. You need to log on there with your Dell account and generate an API key and API secret, and then enter those values in the input dialogs when you run the action.

Rony · August 25, 2023, 3:08pm

On the pop up, you need to paste the long API key string. It is a long alphanumeric string you will find in TechDirect. The Key Secret or password is a similar string. Login to TechDirect and manage API keys. Click on the arrow next to the key and you will see the API Key (Secret). It will first be displayed in all asterisks until you click “show”. Those would be the 2 strings you need to add to the action when running.

TKordas · August 25, 2023, 3:11pm

Yeah I have those. They are in the script itself.

action parameter query "ApiKey" with description "API Key in here"
action parameter query "KeySecret" with description "Key Secret in here"

Do I need to leave those out of the script itself and input them in the pop up?

Rony · August 25, 2023, 3:13pm

You shouldn’t have to modify anything in the script or task unless you want to change locations, run policy, etc. Simply paste the first portion of the info from Dell when it asks for the API Key and paste the second portion in the parenthesis for the secret when running.

Rony · August 25, 2023, 3:21pm

One more thing to keep in mind from my experience, the API call will sometimes fail. It works for most but I have not been able to figure out why it fails on a small group of my devices. The most common thing we can see is they are much older. The OS doesn’t matter and they are on the same network as many others that work fine. I mention this so you can test on a larger group as well just in case you happen to be testing on one that is failing and very old as we have experienced.

TKordas · August 28, 2023, 4:58pm

What did you enter for the Success Criteria to confirm the XML was created? If you still have that?

Rony · August 28, 2023, 6:53pm

We added a relevance statement to check the file exists as well as it is a certain age so it doesn’t continue running indefinitely. We have this task running in a baseline as part of our policies. We primarily care about the ship date but the analysis captures other data from the XML such as the warranty type, length and if still valid. You will also have to set the success criteria to “This action will be considered successful when the applicability relevance evaluates to false.”

not exist file "C:\ProgramData\Dell\BigFixDellWarranty.xml" OR (modification time of file "C:\ProgramData\Dell\BigFixDellWarranty.xml") < (now - 180 *day)