Search code examples
azurepowershellazure-automation

Azure Automation calling an interal application Rest API on a Hybrid Worker returning a 400 error

I'm trying to build an Azure Automation Runbook to unlock an on-prem AD Account. Once the account is unlocked I want to submit a ticket to our ITSM application that has an API. I am able to create the call on the server in Windows PowerShell and get a return code of 200.

However when I run it from Azure Automation I receive an error code of 400 bad request. Any thoughts as to why I can make the call on the Server with Windows PowerShell but not Azure Automation on the Hybrid Worker?

The module for the Custom_ITSM_API_Module was a homegrown module and works every where I have tried it. It works on my development computer (Windows PowerShell) and on the hybrid worker server (Windows PowerShell) but not when using Azure Automation.

Code: 

Param
([object]$WebhookData) #this parameter name needs to be called WebHookData otherwise the webhook does not work as expected.
$VerbosePreference = 'continue'

Import-Module ActiveDirectory
Import-Module "Custom_ITSM_API_Module"

#region Verify if Runbook is started from Webhook.

# If runbook was called from Webhook, WebhookData will not be null.
if ($WebHookData){

# Collect properties of WebhookData
$WebhookName     =     $WebHookData.WebhookName
$WebhookHeaders  =     $WebHookData.RequestHeader
$WebhookBody     =     $WebHookData.RequestBody

# Collect individual headers. Input converted from JSON.
$From = $WebhookHeaders.From
$RequestData = (ConvertFrom-Json -InputObject $WebhookBody)
Write-Output -InputObject ('Input: {0}' -f $RequestData )
Write-Output ('WebhookBody: {0}' -f $WebhookBody)
Write-Output -InputObject ('Runbook started from webhook {0} by {1}.' -f $WebhookName, $From)

$User = Get-ADUser $RequestData.SamAccountName -Properties *
If($User.SamAccountName.count -ne 1 ){
throw "Found $($User.SamAccountName.count) user(s). Please make sure this user is unique"
}
else{
    Write-Output "Unlocking User"
    Unlock-ADAccount -Identity $User

    $RanByEmployeeID = $RequestData.RanByEmployeeID
    $Runby = Get-ADUser -Filter {EmployeeID -eq $RanByEmployeeID} -Properties EmployeeID
    $Description = "User Unlcoked<br>EmployeeID: $($User.EmployeeID)<br>SamAccountName: $($User.SamAccountName)<br>Unlocked at: $((Get-Date).ToString())"
    Write-Custom_ITSM_API_ModuleTicket -Title "Unlocked User $($User.Name)"-Description $Description

  }
}
else{
   Write-Error -Message 'Runbook was not started from Webhook' -ErrorAction stop
}
Solution

  • The issue I had was actually an issue with our firewall and proxy. These servers were not able to speak to all of the Azure/O365 URLS that were suggested. Once we had all of the URLS white-listed I was able to speak to my internal applications.