Author Posts

March 26, 2017 at 11:49 am

Hello everyone,

I am new to the Powershell forum and new to Powershell itself.
I have already completed few MVA Powershell tutorials and I am learning something new everyday.
I have completed Getting Started with Microsoft PowerShell and Advanced Tools & Scripting with PowerShell 3.0 Jump Start courses. I must say I really loved them. I had no problems with keeping up the pace with the material, but today I wanted to set up few VMs as a testing environment and here is where I got stuck.

First of all I created a Windows 10 machine.
I enabled PSS remoting on it, but I can't get it to work the way I want.

The thing is that if I do:

Invoke-Command -ComputerName TestPC -Credential TestUser -ScriptBlock {Get-Service}

it asks me for a password, I type it in and I get the result I want.
Also when I try to enter a PSSession I do:

EnterPSSession -ComputerName TestPC -Credential TestUser

it asks me for password again and everything is okay, I connect to the machine.

Now the problem is this.. When I watched the MVA courses Jeffrey and Jason were doing something like this:

Get-Service -ComputerName dc,s1,s2

and it didn't ask then for credentials or anything. I get an error that the access is denied if I try to do the same.

I have also installed Windows Server 2012 VM, created a domain, joined the test machines to the domain, tried to connect to the machines, but still access is denied. If I do the first 2 commands with credentials included I can connect.

Can someone please help ?

Thank you

March 26, 2017 at 6:28 pm

Usually you run the commands against remote machines with an account who is an administrator on this remote machines. And of course you run the powershell console with elevated rights.

March 27, 2017 at 5:07 am

Thank you for the fast response Olaf,

but here is the thing.
I connected the machines to a domain and I'm trying to do the:

Get-Service -ComputerName Test1, Test2

and is denies my access.
The computers are connected to a domain and I am trying to do that command on another machine with the Powershell opened with elevated rights as the Domain Administrator.

I guess I am doing something wrong or I am missing something big..

March 27, 2017 at 10:31 am

Is this Domain Administrator you use member of the local group Administrators of the clients you want to access?

March 27, 2017 at 11:32 am

Yes, he is a part of the Administrator group on the machine.
Can't seem to get it to work and I don't know why.
I have seen every tutorial online and yet no success..

Any help would be appreciated..

Thank you

March 27, 2017 at 11:33 am

Get-Service uses DCOM for its remote connectivity. DCOM is blocked by default on Windows server

try

invoke-Command -Scriptblock {get-service} – computername computer1, computer1

The machine on which you run the command AND the remote machines should be in the same domain for the above to work.

can you confirm all machines are in same domain?

March 27, 2017 at 12:07 pm

Hello Richard,

Here is the error I am getting after trying that command.

[desktop-ssikq5b] Connecting to remote server desktop-ssikq5b failed with the following error message :
process the request. The following error with errorcode 0x80090324 occurred while using Kerberos authen
is a time and/or date difference between the client and server.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domai
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configurati
use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For m
information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (desktop-ssikq5b:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : 1398,PSSessionStateBroken

So here is the current configuration:

2 machines. One is Windows Server 2012 R2 and the other is Windows 10 Pro.
The Windows 10 machine is connected on the domain created on Windows Server 2012.

On the Windows 10 machine I have executed the following commands:

Enable-PSRemoting -Force
Set-Item wsman:\localhost\client\trustedhosts *
Restart-Service WinRM

When I do

Test-WsMan desktop-ssikq5b

I get:

wsmid           : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor   : Microsoft Corporation
ProductVersion  : OS: 0.0.0 SP: 0.0 Stack: 3.0

which I understand is correct.

When I open Powershell on the Windows 10 machine and I type

Get-Service -ComputerName DC

it executes without a problem.

When I open Powershell on the Server DC I get the errors I mentioned above.
There must be something that I am missing because when I execute the command from the Windows 10 machine where the Server is the target I execute the commands without a problem and it doesn't work the other way around (Server->Desktop)

March 27, 2017 at 12:21 pm

Found a DNS problem, it is working with the IP adress as I want it to work..

I am going to sort it out, on it now.

Thank you very much for your help !