Powershell Remoting Help

This topic contains 7 replies, has 3 voices, and was last updated by Profile photo of Caki Caki 1 month ago.

  • Author
    Posts
  • #67281
    Profile photo of Caki
    Caki
    Participant

    Hello everyone,

    I am new to the Powershell forum and new to Powershell itself.
    I have already completed few MVA Powershell tutorials and I am learning something new everyday.
    I have completed Getting Started with Microsoft PowerShell and Advanced Tools & Scripting with PowerShell 3.0 Jump Start courses. I must say I really loved them. I had no problems with keeping up the pace with the material, but today I wanted to set up few VMs as a testing environment and here is where I got stuck.

    First of all I created a Windows 10 machine.
    I enabled PSS remoting on it, but I can't get it to work the way I want.

    The thing is that if I do:

    Invoke-Command -ComputerName TestPC -Credential TestUser -ScriptBlock {Get-Service}

    it asks me for a password, I type it in and I get the result I want.
    Also when I try to enter a PSSession I do:

    EnterPSSession -ComputerName TestPC -Credential TestUser

    it asks me for password again and everything is okay, I connect to the machine.

    Now the problem is this.. When I watched the MVA courses Jeffrey and Jason were doing something like this:

    Get-Service -ComputerName dc,s1,s2

    and it didn't ask then for credentials or anything. I get an error that the access is denied if I try to do the same.

    I have also installed Windows Server 2012 VM, created a domain, joined the test machines to the domain, tried to connect to the machines, but still access is denied. If I do the first 2 commands with credentials included I can connect.

    Can someone please help ?

    Thank you

  • #67297
    Profile photo of Olaf Soyk
    Olaf Soyk
    Participant

    Usually you run the commands against remote machines with an account who is an administrator on this remote machines. And of course you run the powershell console with elevated rights.

    • #67308
      Profile photo of Caki
      Caki
      Participant

      Thank you for the fast response Olaf,

      but here is the thing.
      I connected the machines to a domain and I'm trying to do the:

      Get-Service -ComputerName Test1, Test2

      and is denies my access.
      The computers are connected to a domain and I am trying to do that command on another machine with the Powershell opened with elevated rights as the Domain Administrator.

      I guess I am doing something wrong or I am missing something big..

    • #67333
      Profile photo of Olaf Soyk
      Olaf Soyk
      Participant

      Is this Domain Administrator you use member of the local group Administrators of the clients you want to access?

    • #67344
      Profile photo of Caki
      Caki
      Participant

      Yes, he is a part of the Administrator group on the machine.
      Can't seem to get it to work and I don't know why.
      I have seen every tutorial online and yet no success..

      Any help would be appreciated..

      Thank you

  • #67345
    Profile photo of Richard Siddaway
    Richard Siddaway
    Moderator

    Get-Service uses DCOM for its remote connectivity. DCOM is blocked by default on Windows server

    try

    invoke-Command -Scriptblock {get-service} – computername computer1, computer1

    The machine on which you run the command AND the remote machines should be in the same domain for the above to work.

    can you confirm all machines are in same domain?

    • #67359
      Profile photo of Caki
      Caki
      Participant

      Hello Richard,

      Here is the error I am getting after trying that command.

      [desktop-ssikq5b] Connecting to remote server desktop-ssikq5b failed with the following error message :
      process the request. The following error with errorcode 0x80090324 occurred while using Kerberos authen
      is a time and/or date difference between the client and server.
       Possible causes are:
        -The user name or password specified are invalid.
        -Kerberos is used when no authentication method and no user name are specified.
        -Kerberos accepts domain user names, but not local user names.
        -The Service Principal Name (SPN) for the remote computer name and port does not exist.
        -The client and remote computers are in different domains and there is no trust between the two domai
       After checking for the above issues, try the following:
        -Check the Event Viewer for events related to authentication.
        -Change the authentication method; add the destination computer to the WinRM TrustedHosts configurati
      use HTTPS transport.
       Note that computers in the TrustedHosts list might not be authenticated.
         -For more information about WinRM configuration, run the following command: winrm help config. For m
      information, see the about_Remote_Troubleshooting Help topic.
          + CategoryInfo          : OpenError: (desktop-ssikq5b:String) [], PSRemotingTransportException
          + FullyQualifiedErrorId : 1398,PSSessionStateBroken

      So here is the current configuration:

      2 machines. One is Windows Server 2012 R2 and the other is Windows 10 Pro.
      The Windows 10 machine is connected on the domain created on Windows Server 2012.

      On the Windows 10 machine I have executed the following commands:

      Enable-PSRemoting -Force
      Set-Item wsman:\localhost\client\trustedhosts *
      Restart-Service WinRM
      

      When I do

      Test-WsMan desktop-ssikq5b

      I get:

      wsmid           : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
      ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
      ProductVendor   : Microsoft Corporation
      ProductVersion  : OS: 0.0.0 SP: 0.0 Stack: 3.0

      which I understand is correct.

      When I open Powershell on the Windows 10 machine and I type

      Get-Service -ComputerName DC

      it executes without a problem.

      When I open Powershell on the Server DC I get the errors I mentioned above.
      There must be something that I am missing because when I execute the command from the Windows 10 machine where the Server is the target I execute the commands without a problem and it doesn't work the other way around (Server->Desktop)

  • #67368
    Profile photo of Caki
    Caki
    Participant

    Found a DNS problem, it is working with the IP adress as I want it to work..

    I am going to sort it out, on it now.

    Thank you very much for your help !

You must be logged in to reply to this topic.