From fb2f17196343b4e19a373c383843c816638ba456 Mon Sep 17 00:00:00 2001 From: Samhitha Mallannagari Date: Tue, 25 Nov 2025 20:48:51 +0530 Subject: [PATCH 1/2] Prevent logging into remote session without credentials to overcome double hopon authentication issue --- .../StackHCI.Autorest/custom/stackhci.ps1 | 35 ++++++++++++------- src/StackHCI/StackHCI/ChangeLog.md | 1 + 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/src/StackHCI/StackHCI.Autorest/custom/stackhci.ps1 b/src/StackHCI/StackHCI.Autorest/custom/stackhci.ps1 index 499c0e60824e..c9880368e45d 100644 --- a/src/StackHCI/StackHCI.Autorest/custom/stackhci.ps1 +++ b/src/StackHCI/StackHCI.Autorest/custom/stackhci.ps1 @@ -500,13 +500,22 @@ function Confirm-UserAcknowledgmentToUpgradeOS { [Microsoft.Azure.PowerShell.Cmdlets.StackHCI.DoNotExportAttribute()] [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'High')] param( - [Parameter(Mandatory=$true)] + [Parameter(Mandatory=$false)] [System.Management.Automation.Runspaces.PSSession] $ClusterNodeSession ) $osVersionDetectoid = { $displayVersion = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").DisplayVersion; $buildNumber = (Get-CimInstance -ClassName CIM_OperatingSystem).BuildNumber; New-Object -TypeName PSObject -Property @{'DisplayVersion'=$displayVersion; 'BuildNumber'=$buildNumber} } - $osVersionInfo = Invoke-Command -Session $clusterNodeSession -ScriptBlock $osVersionDetectoid + + if ($ClusterNodeSession) + { + $osVersionInfo = Invoke-Command -Session $ClusterNodeSession -ScriptBlock $osVersionDetectoid + } + else + { + $osVersionInfo = & $osVersionDetectoid + } + $isOSVersion22H2 = ([Int]::Parse($osVersionInfo.BuildNumber) -le $22H2BuildNumber) $doNotAbort = $true @@ -6042,7 +6051,7 @@ param( try { - $_, $_, $clusterNodeSession, $_ = Get-SetupLoggingDetails + $_, $_, $clusterNodeSession, $_ = Get-SetupLoggingDetails -newSession $false Confirm-UserAcknowledgmentToUpgradeOS -ClusterNodeSession $clusterNodeSession $LogFilePrefix = "AddAzStackHCIVMAttestation" @@ -6238,7 +6247,7 @@ param( try { - $_, $_, $clusterNodeSession, $_ = Get-SetupLoggingDetails + $_, $_, $clusterNodeSession, $_ = Get-SetupLoggingDetails -newSession $false Confirm-UserAcknowledgmentToUpgradeOS -ClusterNodeSession $clusterNodeSession $LogFilePrefix = "RemoveAzStackHCIVMAttestation" @@ -6366,7 +6375,7 @@ param( { try { - $_, $_, $clusterNodeSession, $_ = Get-SetupLoggingDetails + $_, $_, $clusterNodeSession, $_ = Get-SetupLoggingDetails -newSession $false Confirm-UserAcknowledgmentToUpgradeOS -ClusterNodeSession $clusterNodeSession $getImdsOutputList = [System.Collections.ArrayList]::new() @@ -6533,7 +6542,7 @@ function Invoke-DeploymentModuleDownload{ $retryCount = 3 try { - $_, $IsClusterRegistered, $clusterNodeSession, $_ = Get-SetupLoggingDetails + $_, $IsClusterRegistered, $clusterNodeSession, $_ = Get-SetupLoggingDetails -newSession $false Setup-Logging -LogFilePrefix "AzStackHCIRemoteSupport" -DebugEnabled ($DebugPreference -ne "SilentlyContinue") -ClusterNodeSession $clusterNodeSession -IsClusterRegistered $IsClusterRegistered | Out-Null if ($Null -ne $clusterNodeSession) @@ -6572,7 +6581,7 @@ function Install-DeployModule { $ModuleName ) - $_, $IsClusterRegistered, $clusterNodeSession, $_ = Get-SetupLoggingDetails + $_, $IsClusterRegistered, $clusterNodeSession, $_ = Get-SetupLoggingDetails -newSession $false Setup-Logging -LogFilePrefix "AzStackHCIRemoteSupportInstallModule" -DebugEnabled ($DebugPreference -ne "SilentlyContinue") -ClusterNodeSession $clusterNodeSession -IsClusterRegistered $IsClusterRegistered | Out-Null if ($Null -ne $clusterNodeSession) @@ -6612,7 +6621,7 @@ function Install-AzStackHCIRemoteSupport{ [OutputType([Boolean])] param() - $_, $IsClusterRegistered, $clusterNodeSession, $_ = Get-SetupLoggingDetails + $_, $IsClusterRegistered, $clusterNodeSession, $_ = Get-SetupLoggingDetails -newSession $false Confirm-UserAcknowledgmentToUpgradeOS -ClusterNodeSession $clusterNodeSession @@ -6652,7 +6661,7 @@ function Remove-AzStackHCIRemoteSupport{ [OutputType([Boolean])] param() - $_, $IsClusterRegistered, $clusterNodeSession, $_ = Get-SetupLoggingDetails + $_, $IsClusterRegistered, $clusterNodeSession, $_ = Get-SetupLoggingDetails -newSession $false Confirm-UserAcknowledgmentToUpgradeOS -ClusterNodeSession $clusterNodeSession Setup-Logging -LogFilePrefix "AzStackHCIRemoteSupportRemove" -DebugEnabled ($DebugPreference -ne "SilentlyContinue") -ClusterNodeSession $clusterNodeSession -IsClusterRegistered $IsClusterRegistered | Out-Null if ($Null -ne $clusterNodeSession) @@ -6720,7 +6729,7 @@ function Enable-AzStackHCIRemoteSupport{ $AgreeToRemoteSupportConsent ) - $_, $_, $clusterNodeSession, $_ = Get-SetupLoggingDetails + $_, $_, $clusterNodeSession, $_ = Get-SetupLoggingDetails -newSession $false Confirm-UserAcknowledgmentToUpgradeOS -ClusterNodeSession $clusterNodeSession if ($AgreeToRemoteSupportConsent -ne $true) @@ -6767,7 +6776,7 @@ function Disable-AzStackHCIRemoteSupport{ [OutputType([Boolean])] param() - $_, $_, $clusterNodeSession, $_ = Get-SetupLoggingDetails + $_, $_, $clusterNodeSession, $_ = Get-SetupLoggingDetails -newSession $false Confirm-UserAcknowledgmentToUpgradeOS -ClusterNodeSession $clusterNodeSession $agentInstallType = (Get-ItemProperty -Path "HKLM:\SYSTEM\Software\Microsoft\AzureStack\Observability\RemoteSupport" -ErrorAction SilentlyContinue).InstallType @@ -6815,7 +6824,7 @@ function Get-AzStackHCIRemoteSupportAccess{ $IncludeExpired ) - $_, $_, $clusterNodeSession, $_ = Get-SetupLoggingDetails + $_, $_, $clusterNodeSession, $_ = Get-SetupLoggingDetails -newSession $false Confirm-UserAcknowledgmentToUpgradeOS -ClusterNodeSession $clusterNodeSession $agentInstallType = (Get-ItemProperty -Path "HKLM:\SYSTEM\Software\Microsoft\AzureStack\Observability\RemoteSupport" -ErrorAction SilentlyContinue).InstallType @@ -6917,7 +6926,7 @@ function Get-AzStackHCIRemoteSupportSessionHistory{ $FromDate = (Get-Date).AddDays(-7) ) - $_, $_, $clusterNodeSession, $_ = Get-SetupLoggingDetails + $_, $_, $clusterNodeSession, $_ = Get-SetupLoggingDetails -newSession $false Confirm-UserAcknowledgmentToUpgradeOS -ClusterNodeSession $clusterNodeSession $agentInstallType = (Get-ItemProperty -Path "HKLM:\SYSTEM\Software\Microsoft\AzureStack\Observability\RemoteSupport" -ErrorAction SilentlyContinue).InstallType diff --git a/src/StackHCI/StackHCI/ChangeLog.md b/src/StackHCI/StackHCI/ChangeLog.md index 685d51011cef..8715945cb484 100644 --- a/src/StackHCI/StackHCI/ChangeLog.md +++ b/src/StackHCI/StackHCI/ChangeLog.md @@ -18,6 +18,7 @@ - Additional information about change #1 --> ## Upcoming Release +* Prevention of DoubleHopOn Authentication issue. ## Version 2.6.2 * Preannounced breaking changes. Please refer to https://go.microsoft.com/fwlink/?linkid=2333229 From 1f13ef5dcf959d6bd23bd32469a1a44e16afd015 Mon Sep 17 00:00:00 2001 From: Samhitha-Microsoft Date: Tue, 25 Nov 2025 21:02:17 +0530 Subject: [PATCH 2/2] Update src/StackHCI/StackHCI/ChangeLog.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- src/StackHCI/StackHCI/ChangeLog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/StackHCI/StackHCI/ChangeLog.md b/src/StackHCI/StackHCI/ChangeLog.md index 8715945cb484..64c1e3c114bd 100644 --- a/src/StackHCI/StackHCI/ChangeLog.md +++ b/src/StackHCI/StackHCI/ChangeLog.md @@ -18,7 +18,7 @@ - Additional information about change #1 --> ## Upcoming Release -* Prevention of DoubleHopOn Authentication issue. +* Resolved double hop authentication issue. ## Version 2.6.2 * Preannounced breaking changes. Please refer to https://go.microsoft.com/fwlink/?linkid=2333229