Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1901
Views
0
Helpful
6
Replies

GetPhone AXL API in PowerShell http error 500

danielmcgovern23187
Level 1
Level 1

‎02-01-2021 10:12 AM

I have been working a pretty simple PowerShell script to retrieve phone data on a given device. I thought this was going to be simple but I have been hitting allot of errors when I try to run this script.

 

if ($null -eq $cred ){ Get-Credential}

Function Get-Phone
{
    param([Parameter(Mandatory)][string]$Phone)


    $request = @"
   <soapenv:Header/>
   <soapenv:Body>
      <ns:getPhone sequence="?">
         <name>$phone</name>
      </ns:getPhone>
   </soapenv:Body>
</soapenv:Envelope>
"@


    #$User = "administrator"
    #$Pass = "ciscopsdt"
    #$Pair = "$($User):$($Pass)"
    $EncodePair = "YWRtaW5pc3RyYXRvcjpjaXNjb3BzZHQ="
    $BasicAuth = "Basic $EncodePair"

    $Headers = 
    @{
        SoapAction="CUCM:DB ver=12.5 getPhone";
        Authorization="$BasicAuth";
        ContentType="text/xml;charset=UTF-8";
        
    }


    $Result = Invoke-WebRequest -Headers $Headers -Body $request -URi https://10.10.20.1:8443/axl/ -Method Post -Credential $cred -SkipCertificateCheck

    $XmlContent = [xml]$Result.Content
    return $XmlContent.Envelope.Body.getPhone



#Function Get-Phone

Get-Phone -Phone "BOTUSER012"
 
I went ahead and I left in some of the commented out stuff in so you can see where I was troubleshooting. When I was first running this script I didn't have the authorization header defined since I thought the (Get-Credential) would suffice and I was receiving and http 401 "No authorization provided" So I went ahead and defined this way:
 
    $User = "administrator"
    $Pass = "ciscopsdt"
    $Pair = "$($User):$($Pass)"
    $EncodePair = "[System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($Pair))"
    $BasicAuth = "Basic $EncodePair"
 
When I run it like this I get a blank http 401 error so I assumed it was the way the $User:$Pass was being encoded, So I just hard-coded the Base64string as you see above $EncodePair which solves the 401 errors but now I am receiving a blank http 500. This is all being done with the Collaboration 12.5 Sandbox and the environmental variables that allows AXL API has all been configured correctly.
Labels:
0 Helpful
6 Replies 6

stephan.steiner
Spotlight
Spotlight

‎02-01-2021 12:40 PM

Can you see what's being sent "over the wire"? Either on your end, or debug level AXL logs that you extract from RTMT.

Here's a working request from my lab

POST https://chdevcucm105.nxodev.intra/axl/ HTTP/1.1
Host: chdevcucm105.nxodev.intra
Authorization: Basic noneofyerbiz
Connection: close
Content-Type: text/xml; charset=utf-8
SOAPAction: CUCM:DB ver=11.5 getPhone
Content-Length: 247

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/11.5"><soapenv:Header/><soapenv:Body><ns:getPhone sequence="0"> <name>CSFMTRA</name></ns:getPhone></soapenv:Body></soapenv:Envelope>

BTW... sequence you can leave out, it's optional. It's mean to correlate request/response.

0 Helpful

danielmcgovern23187
Level 1
Level 1
In response to stephan.steiner

‎02-01-2021 01:35 PM

Hey Stephan,

 

Thanks for your input with your suggestion I am getting a a different http 500 error "The server encountered an internal error that prevented it from fulfilling this request." I am using Soap UI to build the request and it is working as intended when I perform the query from Soap UI but when i am trying to port that over into a powershell request I am getting stumped with all kinds of errors. But thank you for your assistance.

0 Helpful

dstaudt
Cisco Employee
Cisco Employee
In response to danielmcgovern23187

‎02-01-2021 01:51 PM

It might be helpful (if you can figure out how) to get the output of the actual HTTP+XML sent out on the wire...maybe compare to a working request built with SoapUI?

This is a PS1 sample I had in my folder - might be helpful:

[System.Net.ServicePointManager]::Expect100Continue = $false

$os = Get-WmiObject win32_operatingsystem

$body = @'
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/10.5">
   <soapenv:Header/>
   <soapenv:Body>
      <ns:listServiceParameter>
         <searchCriteria>
            <processNodeName>%</processNodeName>
         </searchCriteria>
         <returnedTags>
            <processNodeName/>
            <name/>
            <service/>
            <value/>
            <valueType/>
         </returnedTags>
      </ns:listServiceParameter>
   </soapenv:Body>
</soapenv:Envelope>
'@

$pwd = ConvertTo-SecureString "ciscopsdt" -AsPlainText -Force
$cred = New-Object Management.Automation.PSCredential ('Administrator', $pwd)

$Result = Invoke-RestMethod -Method Post `
-ContentType "text/xml" -Body $body `
-Credential $cred `
-Uri https://ds-ucm105.cisco.com:8443/axl/

$Result.Save('this.txt')
Get-Content('this.txt')
0 Helpful

danielmcgovern23187
Level 1
Level 1
In response to dstaudt

‎02-03-2021 10:27 AM

So after doing more testing I found it is a problem is within the devnet environment. I made some changes to my original script to look like this:

$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("SOAPAction""CUCM:DB ver=12.5 getPhone")
$headers.Add("Content-Type""text/xml")
$headers.Add("Acc""text/*")
$headers.Add("Authorization""Basic YWRtaW5pc3RyYXRvcjpjaXNjb3BzZHQ=")

`n    <soapenv:Header/>
`n    <soapenv:Body>
`n        <ns:getPhone>
`n            <name>BOTUSER011</name>
`n        </ns:getPhone>
`n    </soapenv:Body>
`n</soapenv:Envelope>"
 
$response = Invoke-RestMethod 'https://hq-cucm-pub.abc.inc:8443/axl/ ' -Method 'POST' -Headers $headers -Body $body
$response | ConvertTo-Xml | Write-Output
 
When I send this request to the CUCM, I receive this error:
 
The remote certificate is invalid according to the validation procedure.
 
The way around this I thought was -SkipCertificateCheck and this what is introducing the http 500 error. 
 
Why I made the change to from IP address to the hostname was because I was receiving the invalid certificate message. I open up the SSL cert and I notice the CN was using "hq-cucm-pub.abc.inc". Here is the certificate below and it might seem the cert is expired.
 
Version: V3 Subject: L=Galway, ST=Galway, CN=hq-cucm-pub.abc.inc, OU=Devnet, O=sandbox, C=IE Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5  Validity: [From: Thu May 15 11:08:13 CDT 2014, To: Tue May 14 11:08:12 CDT 2019]
0 Helpful

stephan.steiner
Spotlight
Spotlight
In response to danielmcgovern23187

‎02-03-2021 01:14 PM

You should be able to bypass certificate validation. Here's how you normally do that in a script

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ;

That is for Powershell running on .NET. Not sure it also works if you have a powershell running on .NET core - in my C# code on .NET core I have to go another route.

Here's a few more links on certificate issues in PowerShell: rest - Invoke-RestMethod - Ignore Self Signed Certs - Stack Overflow

0 Helpful

danielmcgovern23187
Level 1
Level 1
In response to stephan.steiner

‎02-03-2021 03:11 PM - edited ‎02-03-2021 03:30 PM

So now I am recieving a different error message entirely. 

 

I am getting an Undeclated namespace prefix "soapenv". I was able to to use 

 

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ;

and that seemed to fix the untrusted cert issue. 

 

So i fiddled with the xml and Now i have zero errors. But

 

This is the output"

xml          Envelope

---          --------

version="1.0 Envelope

0 Helpful
Customers Also Viewed These Support Documents