Cannot move file using invoke command to UNC path

Welcome Forums General PowerShell Q&A Cannot move file using invoke command to UNC path

This topic contains 5 replies, has 2 voices, and was last updated by

 
Participant
2 years, 8 months ago.

  • Author
    Posts
  • #34407

    Participant
    Points: 0
    Rank: Member

    I have the following code:

    Invoke-Command -ComputerName (Get-ADDomainController -filter * | select -ExpandProperty name) -ScriptBlock {
    
    
    move-item 'E:\Maintenance\*.evt' "\\LogServer\SecurityLogs$\$env:computername" -force
    }
    

    When it runs it fails with:
    'The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you'
    What can I do to make this work please?
    Thanks
    David Z

  • #34409

    Keymaster
    Points: 8
    Rank: Member

    Well, couple things you might need to try.

    First, you're likely running into the "second hop" problem by attempting to have the remote machines contact \\LogServer. See "Secrets of PowerShell Remoting" for a description of the double-hop stuff.

    Second, you can test that by trying to run:

    Invoke-Command -ComputerName (Get-ADDomainController -filter * | select -ExpandProperty name) -ScriptBlock { Write-Output $env:COMPUTERNAME }

    Just to test that it's not the first hop causing a problem.

  • #34410

    Participant
    Points: 0
    Rank: Member

    Thanks – I ran your script and it works fine – the computer names are displayed. I thought it might be a CredSSP issue but this script worked before xmas and now doesn't work. The only thing that has changed is that the DCs have been restarted. The DCs are all w2k3 with POSH V2 btw (don't ask!).
    Is there any other way to test if it is indeed a double hop issue?

  • #34411

    Keymaster
    Points: 8
    Rank: Member

    It almost certainly is. Try moving the files to some other local path. If that works, it's the double-hop.

  • #34412

    Participant
    Points: 0
    Rank: Member

    Well I could put a script on all the domain controllers but that's yuck as I'm trying to replace vbscripts on all DCs that are currently doing the job. Just when I thought WinRM is my friend I see that she has some life issues 🙂

  • #34413

    Participant
    Points: 0
    Rank: Member

    btw – Your chapter "Accessing Remote Computers' has a section called "The Second hop'. In the first paragraph it refers to Figure 2.25. Is this supposed to be 2.34?

The topic ‘Cannot move file using invoke command to UNC path’ is closed to new replies.