cannot enable PS Remoting - Access Denied

Welcome Forums General PowerShell Q&A cannot enable PS Remoting - Access Denied

This topic contains 3 replies, has 2 voices, and was last updated by

 
Participant
3 weeks, 6 days ago.

  • Author
    Posts
  • #112547

    Participant
    Points: 0
    Rank: Member

    Hi All,

    I have a Windows Server 2016 server running ADFS. I need to enable PS remoting on the servers however when I try to enable it I get the below error. I am running PowerShell as an Domain Administrator and have the required permissions

    PS C:\Windows\system32> Enable-PSRemoting -Force
    remove-item : Access is denied.
    At line:69 char:21
    + ...                   remove-item -path "$securityIDPath" -recurse -force
    +                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Remove-Item], InvalidOperationException
    + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.RemoveItemCommand
    
    

    I cannot find what is the reason I am getting this error makes no sense to me.

    any help would be appreciated.

    thanks again

    Regards

    Shihan

  • #112549

    Participant
    Points: 37
    PublishedHelping Hand
    Rank: Member

    Is this a new server install, any other Windows role on the box does not matter?

    If this is Ws21 or 2012R2, then PS Remoting is enabled by default.

    As for this error... Agreed it makes zero sense, unless something else is running on the box and thinks it should executed, and thus getting in the way of your effort.

    Before trying to enable PS remoting:

    • Shutdown and cold start the box
    • Check the WinRM state on the box
    • test to see if it is already enabled / configured
    wimrm quickconfig
    Test-WSMan
    

    https://social.technet.microsoft.com/wiki/contents/articles/19677.winrm-survival-guide.aspx

    • #112553

      Participant
      Points: 0
      Rank: Member

      Hi Postanote,

      thank you for the reply. The only role that is installed is ADFS. I have tried completely shutting down the server and rebooting it to no avail.

      I have checked Winrm and tested results below

      
      PS C:\Windows\system32> winrm quickconfig
      WinRM service is already running on this machine.
      WinRM is already set up for remote management on this computer.
      
      PS C:\Windows\system32> Test-WSMan
      
      wsmid           : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
      ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
      ProductVendor   : Microsoft Corporation
      ProductVersion  : OS: 0.0.0 SP: 0.0 Stack: 3.0
      
      

      I think its something related to ADFS

      on this blog post I have seen someone else have the same issue but, no clear indication on how to remediate it

      https://blogs.technet.microsoft.com/rmilne/2017/05/26/psremoting-for-office-365-ad-fs-configuration/

      any ideas

      thanks again

       

  • #112562

    Participant
    Points: 0
    Rank: Member

    Hi All,

    After various troubleshooting, i have concluded that this is due to ADFS 4.0 been installed. I have verified this by removing the ADFS server role and then attempting to Enable PowerShell Remoting with success.

    however after re-installation of the ADFS 4.0 (server 2016) role i cannot enable PowerShell Remoting again.

    I am not going to say its a bug as I am not 100% if this is by design or some sort of  restriction. But it does cause an issue if you need to update the ADFS Farm Behavior Level to 2016 in a migration from ADFS 3.0 (2012) as it uses PowerShell Remoting to perform the upgrade on all secondary ADFS servers

    My workaround was rather straight forward as I only had 2 ADFS servers so I removed the secondary server from the ADFS farm and Removed the ADFS Server Role, Upgraded the FBL to 2016 then re added the Secondary ADFS server.

    Thanks for all your help

    Regards

    Shihan

     

You must be logged in to reply to this topic.