Need help Enable-PSRemoting

This topic contains 6 replies, has 3 voices, and was last updated by  Will Anderson 1 week, 2 days ago.

  • Author
    Posts
  • #85394

    Akhtar Nawaz
    Participant

    Hi Guys.

    I have 78 servers in domain where i have to uninstall SCCM agent manually. So i wrote a script which works fine, and luckily 62 server are done. here is my script,

    $computer= Get-Content C:\SCCM\computer.txt
    $session =New-PSSession -ComputerName $computer
    $scriptBlock= { C:\windows\ccmsetup\ccmsetup.exe /uninstall}
    Invoke-Command -Session $session -ScriptBlock $scriptBlock

    However, for few servers (probably 10) the script generate error as follows –

    New-PSSession : [MachineName] Connecting to remote server MachieName failed with the following error message : The client canno
    t connect to the destination specified in the request. Verify that the service on the destination is running and is acceptin
    g requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS o
    r WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the
    WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
    At C:\SCCM\SCCMUninstall.ps1:2 char:11
    + $session =New-PSSession -ComputerName $computer
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTran
    sportException
    + FullyQualifiedErrorId : CannotConnect,PSSessionOpenFailed
    Invoke-Command : Cannot validate argument on parameter 'Session'. The argument is null or empty. Provide an argument that is
    not null or empty, and then try the command again.
    At C:\SCCM\SCCMUninstall.ps1:4 char:25
    + Invoke-Command -Session $session -ScriptBlock $scriptBlock
    + ~~~~~~~~
    + CategoryInfo : InvalidData: (:) [Invoke-Command], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommand

    I have already checked and WinRM service is running at destination.
    Important point – if i login to machine "MachineName" and execute (Enable-PSRemoting -force) then i'm able to execute my script over remote connection.

    My questions – How can i execute (Enable-PSRemoting -force) at the start of my script?

    Note- I've just started learning powershell scripting, please excuse me for anything found stupid in my note.

    Thanks,
    Akhtar Nawaz

  • #85405

    Will Anderson
    Keymaster

    Hi there Akhtar. What OS is running on these machines? Are they perhaps in a DMZ or segregated environment? Also, select one of the machines and try these commands:

    Get-WMIObject -Class Win32_Service -ComputerName

    and then

    Get-CIMInstance -ClassName Win32_Service -ComputerName

    Let me know if one or both fail.

    • #85516

      Akhtar Nawaz
      Participant

      Hi Will,

      Thanks for response,
      Machine OS version is Server 2008 R2 SP1. These machines are not in DMZ domain (but not 100% sure, I will verify it).

      Here is the results of your commands-
      1st command ran successfully. but 2nd one (Get-CIMInstance -ClassName Win32_Service -ComputerName) failed. Here is the error message-

      PS C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup> Get-CIMInstance -ClassName Win32_Service -ComputerName MachineName
      Get-CIMInstance : The WS-Management service cannot process the request. A DMTF resource URI was used to access a non-D
      MTF class. Try again using a non-DMTF resource URI.
      At line:1 char:1
      + Get-CIMInstance -ClassName Win32_Service -ComputerName MachineName
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : NotSpecified: (root\cimv2:Win32_Service:String) [Get-CimInstance], CimException
      + FullyQualifiedErrorId : HRESULT 0x80338139,Microsoft.Management.Infrastructure.CimCmdlets.GetCimInstanceCommand
      + PSComputerName : MachineName

      Thanks,
      Akhtar Nawaz

    • #85849

      postanote
      Participant

      You cannot use all of PoSH Remoting until you enable it.
      There are several cmdlet which can you use without enable PoSH Remoting at all. See this article on that topic.

      'technet.microsoft.com/en-us/library/ff699046.aspx'

      Yet, all-in-all, you need to execute on each system the Enable-PSRemoting -Force command before running scripts leveraging PoSH Remoting.

      BTW, you can do this via GPO to all systems in the domain.

      'powershellpr0mpt.com/2015/08/03/configuring-powershell-remoting-through-gpo'

      Or

      'gallery.technet.microsoft.com/scriptcenter/Enable-PSRemoting-Remotely-6cedfcb0'

      Or

      'blogs.technet.microsoft.com/heyscriptingguy/2011/11/16/configure-powershell-remoting-and-use-remote-commands'
      if you need to turn on Windows PowerShell remoting on an entire organizational unit, domain, or forest, it is better to use Group Policy.

  • #85552

    Will Anderson
    Keymaster

    OK. So you're on PowerShell 2.0. Can you verify that Enable-PSRemoting was attempted while running as Administrator? Also, can you verify that you have firewall rules in Windows Firewall enabled to allow 5895?

    Try RDP'ing to one of the broken machines and opening a PSSession to one of your verified working machines. See if you get the same result. You can also try a Get-NetTCPConnection from a working machine to the broken one for port 5985 and see what the result is.

    Don wrote up a really good eBook for a lot of this as well. The troubleshooting section is pretty thorough.

    https://devops-collective-inc.gitbooks.io/secrets-of-powershell-remoting/content/manuscript/diagnostics-and-troubleshooting.html

    • #85864

      Akhtar Nawaz
      Participant

      Hi Will,

      Yes, i inititade PS as an admin and then Enable-PSremoting was attempted. i found firewall enabled, then i dissabled it. I don't see any issue at now.I think this is because of PORT, not sure yet. I will check with other couple of machine and will share the update. but thanks again because i can continue my work.

      Thanks alot!

    • #86066

      Will Anderson
      Keymaster

      Hi there Akhtar,

      You can configure the firewall ports to allow HTTP traffic over 5985 and it should work with the firewall enabled.

You must be logged in to reply to this topic.