Cannot move file using invoke command to UNC path

This topic contains 5 replies, has 2 voices, and was last updated by Profile photo of David Zemdegs David Zemdegs 10 months, 2 weeks ago.

  • Author
    Posts
  • #34407
    Profile photo of David Zemdegs
    David Zemdegs
    Participant

    I have the following code:

    Invoke-Command -ComputerName (Get-ADDomainController -filter * | select -ExpandProperty name) -ScriptBlock {
    
    
    move-item 'E:\Maintenance\*.evt' "\\LogServer\SecurityLogs$\$env:computername" -force
    }
    

    When it runs it fails with:
    'The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you'
    What can I do to make this work please?
    Thanks
    David Z

  • #34409
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Well, couple things you might need to try.

    First, you're likely running into the "second hop" problem by attempting to have the remote machines contact \\LogServer. See "Secrets of PowerShell Remoting" for a description of the double-hop stuff.

    Second, you can test that by trying to run:

    Invoke-Command -ComputerName (Get-ADDomainController -filter * | select -ExpandProperty name) -ScriptBlock { Write-Output $env:COMPUTERNAME }

    Just to test that it's not the first hop causing a problem.

  • #34410
    Profile photo of David Zemdegs
    David Zemdegs
    Participant

    Thanks – I ran your script and it works fine – the computer names are displayed. I thought it might be a CredSSP issue but this script worked before xmas and now doesn't work. The only thing that has changed is that the DCs have been restarted. The DCs are all w2k3 with POSH V2 btw (don't ask!).
    Is there any other way to test if it is indeed a double hop issue?

  • #34411
    Profile photo of Don Jones
    Don Jones
    Keymaster

    It almost certainly is. Try moving the files to some other local path. If that works, it's the double-hop.

  • #34412
    Profile photo of David Zemdegs
    David Zemdegs
    Participant

    Well I could put a script on all the domain controllers but that's yuck as I'm trying to replace vbscripts on all DCs that are currently doing the job. Just when I thought WinRM is my friend I see that she has some life issues 🙂

  • #34413
    Profile photo of David Zemdegs
    David Zemdegs
    Participant

    btw – Your chapter "Accessing Remote Computers' has a section called "The Second hop'. In the first paragraph it refers to Figure 2.25. Is this supposed to be 2.34?

You must be logged in to reply to this topic.