Merge pull request #8792 from MicrosoftDocs/main

Auto push to live 2025-04-24 10:02:57

Author: Deland-Han

support/power-platform/power-automate/desktop-flows/failed-to-run-powershell-script-error.md

@@ -0,0 +1,59 @@
+---
+title: Failed to Run PowerShell Script Error
+description: Solves an error that occurs when you run the Run PowerShell script action in a desktop flow in Microsoft Power Automate for desktop.
+ms.author: iomavrid
+author: yiannismavridis
+ms.custom: sap:Desktop flows
+ms.date: 04/24/2025
+---
+# "Failed to run PowerShell script" error when running the Run PowerShell script action
+
+This article provides a resolution for an error that occurs when running the [Run PowerShell script](/power-automate/desktop-flows/actions-reference/scripting#runpowershellscript) action in Microsoft Power Automate for desktop.
+
+## Symptoms
+
+During the execution of a desktop flow in Power Automate for desktop, an error occurs when running the **Run PowerShell script** action. This issue might also occur after a recent Windows update.
+
+The error message appears as follows:
+
+```output
+Microsoft.Flow.RPA.Desktop.Modules.SDK.ActionException: Failed to run PowerShell script. ---> System.ComponentModel.Win32Exception: The system cannot find the file specified
+   at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
+   at Microsoft.Flow.RPA.Desktop.Modules.System.Actions.SystemActions.RunPowershellScript(Variant powershellCode, Variant& scriptStandardOutput, Variant& scriptErrorOutput)
+   --- End of inner exception stack trace ---
+   at Microsoft.Flow.RPA.Desktop.Modules.System.Actions.RunPowershellScript.Execute(ActionContext context)
+   at Microsoft.Flow.RPA.Desktop.Robin.Engine.Execution.ActionRunner.Run(IActionStatement statement, Dictionary`2 inputArguments, Dictionary`2 outputArguments)
+```
+
+## Cause
+
+The **Run PowerShell script** action internally starts an instance of `powershell.exe` and provides the script specified in the action's input as an argument for the process. If the system fails to find `powershell.exe`, you might receive the error message.
+
+The most likely cause of this issue is that the **Path** environment variable doesn't include the directory containing the `powershell.exe` executable. To confirm this is the root cause, follow these steps:
+
+1. Open a Command Prompt (CMD) window.
+1. Run `powershell.exe` by typing the command and pressing **Enter**.
+
+If the following message occurs, then the issue lies in the missing path to `powershell.exe` in the **Path** environment variable.
+
+> 'powershell.exe' is not recognized as an internal or external command, operable program or batch file.
+
+## Resolution
+
+To resolve this issue, follow these steps to update the **Path** environment variable to include the directory of the `powershell.exe` executable:
+
+1. Open the Start menu, search for **Environment Variables**, and then select **Edit the system environment variables**.
+
+1. In the **System Properties** window, select **Environment Variables**.
+
+1. Under the **System variables** section, locate and select the **Path** variable, and then select **Edit**.
+
+1. Add the directory path of `powershell.exe` to the list of paths.
+
+   In most cases, the missing path is **C:\WINDOWS\System32\WindowsPowerShell\v1.0\\**.
+
+   To confirm the correct path, open a PowerShell terminal and run the `$PsHome` command.
+
+   Use the displayed path as the value to add to the **Path** variable.
+
+1. Select **OK** to save changes and close all dialogs.

support/power-platform/power-automate/desktop-flows/media/take-screenshot-action-fails-in-unattended-mode/local-security-policy.png

@@ -0,0 +1,63 @@
+---
+title: Take Screenshot Action Fails in Unattended Mode
+description: Resolves an error that occurs in the Take screenshot action when you run an unattended desktop flow in Microsoft Power Automate for desktop.
+ms.author: iomavrid
+author: yiannismavridis
+ms.custom: sap:Desktop flows\Unattended flow runtime errors
+ms.date: 04/24/2025
+---
+# Unattended desktop flow run fails with the "Failed to take screenshot" error
+
+This article provides a resolution for an error that occurs in the [Take screenshot](/power-automate/desktop-flows/actions-reference/workstation#takescreenshotbase) action when running an unattended desktop flow in Microsoft Power Automate for desktop.
+
+## Symptoms
+
+The **Take screenshot** action fails with the following error message:
+
+```output
+Microsoft.PowerPlatform.PowerAutomate.Desktop.Actions.SDK.ActionException: Failed to take screenshot. ---> System.ComponentModel.Win32Exception: The handle is invalid
+   at System.Drawing.Graphics.CopyFromScreen(Int32 sourceX, Int32 sourceY, Int32 destinationX, Int32 destinationY, Size blockRegionSize, CopyPixelOperation copyPixelOperation)
+   at System.Drawing.Graphics.CopyFromScreen(Int32 sourceX, Int32 sourceY, Int32 destinationX, Int32 destinationY, Size blockRegionSize)
+   at Microsoft.Flow.RPA.Desktop.Modules.System.Actions.SystemActions.TakeScreenShot(Variant fileName, Variant screenToCapture, Int32 screenCaptureOption, Boolean copyToClipboard, Int32 fileFormat)
+   --- End of inner exception stack trace ---
+   at Microsoft.Flow.RPA.Desktop.Modules.System.Actions.TakeScreenshotBase.Execute(ActionContext context)
+   at Microsoft.Flow.RPA.Desktop.Robin.Engine.Execution.ActionRunner.Run(IActionStatement statement, Dictionary`2 inputArguments, Dictionary`2 outputArguments)
+```
+
+## Cause
+
+The issue occurs due to a specific security policy that impacts how a User Account Control (UAC) window (for administrative privileges) is prompted. This policy prevents the flow from accessing the screen and capturing the screenshot.
+
+## Resolution 1: Locate and allow binaries except for non-Windows ones to run without elevation prompt
+
+To solve this issue:
+
+1. In Local Group Policy Editor, go to **Computer Configuration** > **Windows Settings** > **Security Settings** > **Local Policies** > **Security Options**.
+1. Locate the **User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode** security policy setting.
+1. Set the value to **Prompt for consent for non-Windows binaries**.
+
+   :::image type="content" source="media/take-screenshot-action-fails-in-unattended-mode/local-security-policy.png" alt-text="Screenshot of the User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode setting in the Local Security Policy window." lightbox="media/take-screenshot-action-fails-in-unattended-mode/local-security-policy.png":::
+
+For more information about the best practices, location, values, policy management and security considerations for the security policy setting, see [User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode](/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode).
+
+## Resolution 2: Change the registry key
+
+Modify the registry key to adjust the UAC behavior:
+
+- Hive: **HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System**
+- Registry key name: [ConsentPromptBehaviorAdmin](/windows/security/application-security/application-control/user-account-control/settings-and-configuration?tabs=reg#user-account-control-configuration)
+- Type: DWORD
+- Value: **5**
+
+Options for the **ConsentPromptBehaviorAdmin** key:
+
+- **0** = Elevate without prompting
+- **1** = Prompt for credentials on the secure desktop
+- **2** = Prompt for consent on the secure desktop
+- **3** = Prompt for credentials
+- **4** = Prompt for consent
+- **5** (Default) = Prompt for consent for non-Windows binaries. Set the registry key to this value.
+
+## More information
+
+[User Account Control settings and configuration](/windows/security/application-security/application-control/user-account-control/settings-and-configuration)

support/power-platform/power-automate/desktop-flows/take-screenshot-action-fails-in-unattended-mode.md

@@ -160,6 +160,10 @@
       href: desktop-flows/troubleshoot-excel-errors.md
     - name: Errors when running attended or unattended desktop flows
       href: desktop-flows/troubleshoot-errors-running-attended-or-unattended-desktop-flows.md
+    - name: '"Failed to run PowerShell script" error'
+      href: desktop-flows/failed-to-run-powershell-script-error.md
+    - name: '"Failed to take screenshot" error in unattended desktop flow run'
+      href: desktop-flows/take-screenshot-action-fails-in-unattended-mode.md
     - name: Failed connection between Power Automate components
       href: desktop-flows/failed-connection-between-power-automate-components.md
     - name: Failed license check on a desktop flow run

support/power-platform/power-automate/toc.yml

@@ -57,29 +57,11 @@ For more information, see [Error code 0x569: The user has not been granted the r
 
 ### Error code 0x6BF or 0xC002001C
 
-> The remote procedure call failed and did not execute.
-
-Here's an example from the *netsetup.log* file:
-
-```output
-mm/dd/yyyy hh:mm:ss:ms NetpGetLsaHandle: LsaOpenPolicy on \\<DC name>.<domain>.<tld> failed: 0xc002001c
-mm/dd/yyyy hh:mm:ss:ms NetpGetLsaPrimaryDomain: status: 0xc002001c
-mm/dd/yyyy hh:mm:ss:ms NetpJoinDomain: initiaing a rollback due to earlier errors
-mm/dd/yyyy hh:mm:ss:ms NetpJoinDomain: status of disconnecting from '\\<DC name>.<domain>.<tld>': 0x0
-mm/dd/yyyy hh:mm:ss:ms NetpDoDomainJoin: status: 0x6bf
-```
-
-This error occurs when a network device (router, firewall, or VPN device) rejects network packets between the client being joined and the DC.
-
-Make sure of the following items:
-
-- Verify the connectivity between the client being joined and the target DC over the required ports and protocols.
-- Disable bind time feature negotiation.
-- Disable TCP Chimney Offload and IP offload.
+For more information, see [Status code 0x6bf or 0xc002001c: The remote procedure call failed and did not execute](status-code-0x6bf-0xc002001c.md).
 
 ### Error code 0x6D9
 
-See [Domain join error 0x6D9 "There are no more endpoints available from the endpoint mapper"](./domain-join-error-0x6d9-there-are-no-more-endpoints-available-from-the-endpoint-mapper.md) for troubleshooting guide. 
+See [Domain join error 0x6D9 "There are no more endpoints available from the endpoint mapper"](./domain-join-error-0x6d9-there-are-no-more-endpoints-available-from-the-endpoint-mapper.md) for troubleshooting guide.
 
 ### Error code 0xa8b
 
@@ -91,50 +73,7 @@ For more information, see [Domain join error 0x40 "The specified network name is
 
 ### Error code 0x54b
 
-:::image type="content" source="media/active-directory-domain-join-troubleshooting-guidance/error-0x54b-message.png" alt-text="Screenshot of the dialog box showing the error message for error code 0x54b.":::
-
-Here's an example of the error message:
-
-> Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.
->
-> The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "<domain_name>":
->
-> The error was: "This operation returned because the timeout period expired."
-> (error code 0x000005B4 ERROR_TIMEOUT)
->
-> The query was for the SRV record for <srv_record>
->
-> The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:
->
-> <ip_address>
->
-> Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.
-
-Here's an example from the *netsetup.log* file:
-
-```output
-mm/dd/yyyy hh:mm:ss:ms NetpValidateName: checking to see if '<domain_name>' is valid as type 3 name
-mm/dd/yyyy hh:mm:ss:ms NetpCheckDomainNameIsValid for <domain_name> returned 0x54b, last error is 0x0
-mm/dd/yyyy hh:mm:ss:ms NetpCheckDomainNameIsValid [ Exists ] for '<domain_name>' returned 0x54b
-```
-
-To resolve the 0x54b error, follow these steps:
-
-- Check the network connectivity between the client and the Domain controller.
-- Verify if the Preferred DNS Server is the correct DNS Server.
-- Run `nltest /dsgetdc` (DC Discovery) to verify if you can discover a DC.
-  
-  For example:
-
-  ```console
-  nltest /dsgetdc:<domain_name> /force
-  ```
-
-  Expected Output:
-
-  :::image type="content" source="media/active-directory-domain-join-troubleshooting-guidance/nltest-output.png" alt-text="Screenshot that shows the nltest command output.":::
-
-- Run `DCDiag /v` on the closest domain controller and verify if SRV records are registered. For example: `_ldap._tcp.dc._msdcs.<domain_name>.com`.
+For more information, see [Domain join error code 0x54b](error-code-0x54b.md).
 
 ### Error code 0x0000232A
 

support/windows-server/active-directory/active-directory-domain-join-troubleshooting-guidance.md

@@ -0,0 +1,163 @@
+---
+title: Domain Join Error Code 0x54b
+description: Provides troubleshooting steps for resolving error code 0x54b when you join a workgroup computer to a domain.
+ms.date: 04/23/2025
+manager: dcscontentpm
+audience: itpro
+ms.topic: troubleshooting
+ms.reviewer: eriw,dennhu,herbertm
+ms.custom:
+- sap:active directory\on-premises active directory domain join
+- pcy:WinComm Directory Services
+---
+# Domain join error code 0x54b
+
+This article provides troubleshooting steps for resolving error code 0x54b when you join a workgroup computer to a domain.
+
+## Symptoms
+
+When you join a workgroup computer to a domain, you receive the following error message:
+
+> **Error code 0x54b**
+>
+> Computer Name/Domain Changes
+>
+> An Active Directory Domain Controller (AD DC) for the domain "\<NetBIOS\\_name>" could not be contacted.
+>
+> Ensure that the domain name is typed correctly.
+>
+> If the name is correct, click Details for troubleshooting information.
+>
+> Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.
+>
+> The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "\<domain\_name>":
+>
+> The error was: "This operation returned because the timeout period expired." (error code 0x000005B4 ERROR\_TIMEOUT)
+>
+> The query was for the SRV record for \<srv\_record>
+>
+> The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:  
+> \<ip\_address>
+>
+> Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.
+
+Here's an example from the **netsetup.log** file:
+
+```output
+NetpValidateName: checking to see if '<domain_name>' is valid as type 3 name
+NetpCheckDomainNameIsValid for <domain_name> returned 0x54b, last error is 0x0
+NetpCheckDomainNameIsValid [ Exists ] for '<domain_name>' returned 0x54b
+```
+
+## Cause
+
+Error code 0x54b means "ERROR\_NO\_SUCH\_DOMAIN." This error code indicates the specified domain can't be contacted, pointing to issues locating domain controllers (DCs).
+
+* Domain Name System (DNS) times out and resolution fails when attempting to reach DCs.
+* Network connectivity to DCs is blocked on TCP port 135, 389, 445, or RPC dynamic ports.
+
+## Troubleshooting steps
+
+To resolve the 0x54b error, follow these steps:
+
+### Step 1: Check the network connectivity between the client and the DC
+
+| Server port     | Service             |
+| --------------- | ------------------- |
+| TCP 135         | RPC Endpoint Mapper |
+| TCP 49152-65535 | RPC Dynamic Ports   |
+| TCP 445         | SMB                 |
+| UDP/TCP 389     | LDAP                |
+
+* Refer to the list of required ports in [How to configure a firewall for Active Directory domains and trusts](config-firewall-for-ad-domains-and-trusts.md).
+
+* Use the `Test-NetConnection` command to test the connection between DCs:
+
+  ```powershell
+  Test-NetConnection <IP\_address\_of\_the\_DC> -Port 389
+
+  ComputerName: <computer_name>
+  RemoteAddress: <remote_address>
+  RemotePort: 389
+  InterfaceAlias: Ethernet 2
+  SourceAddress: <source_address>
+  TcpTestSucceeded : True
+  ```
+
+  It indicates that the LDAP port TCP 389 is open between the client and the DC.
+
+* [PortQry Command Line Port Scanner Version 2.0](https://www.microsoft.com/download/details.aspx?id=17148) can also be used to identify if a port (TCP/UDP) is blocked on DCs. Here's an example syntax:
+
+  ```console
+  portqry -n <problem_server> -e 135
+  portqry -n <problem_server> -e 445
+  portqry -n <problem_server> -e 389
+  portqry -n <problem_server> -p UDP -e 389
+  portqry -n <problem_server> -r 49152:65535
+  ```
+
+  Port query output examples:
+
+  * When the connection to TCP port 135 on a DC is blocked, the following message is displayed:
+
+    ```console
+    portqry -n <dc_name> -e 135
+
+    Querying target system called:
+
+     <dc_name>
+
+    Attempting to resolve name to IP address...
+
+    Name resolved to <ip_address>
+
+    querying...
+
+    TCP port 135 (epmap service):FILTERED
+    ```
+
+  * When the connection to TCP port 389 on a DC is successful, the following message is displayed:
+
+    ```console
+    portqry -n <dc_name> -e 389
+
+    Querying target system called:
+
+     <dc_name>
+
+    Attempting to resolve name to IP address...
+
+    Name resolved to 192.168.1.2
+
+    querying...
+
+    TCP port 389 (ldap service): LISTENING
+    ```
+
+* Collect network monitor traces when reproducing the issue to confirm if there's any network connectivity issue, if necessary.
+
+### Step 2: Verify if the preferred DNS server is the correct DNS server
+
+### Step 3: Verify if the DC can be discovered
+
+Run `nltest /dsgetdc` (DC Discovery) to verify if you can discover a DC. For example:
+
+```console
+nltest /dsgetdc:<domain_name> /force
+
+           DC: \\<dc_address>
+      Address: \\<dc_address>
+     Dom Guid: <dom_guid>
+     Dom Name: <dom_name>
+  Forest Name: <foreast_name>
+ Dc Site name: Default-First-site-Name
+Our Site Name: Default-First-site-Name
+        Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS DS_8 DS_9 DS_10 KEYLIST
+The command completed successfully
+```
+
+### Step 4: Verify if SRV records are registered
+
+Run `DCDiag /v` on the closest DC and verify if SRV records are registered. For example:
+
+`_ldap._tcp.dc._msdcs.<domain_name>.com.`