Powershell Remoting Script Help

This topic contains 9 replies, has 4 voices, and was last updated by Profile photo of Dave Wyatt Dave Wyatt 1 year, 7 months ago.

  • Author
    Posts
  • #33179
    Profile photo of SatoriSlu
    SatoriSlu
    Participant

    Hello,

    I am having some trouble running a script. I keep receiving the error:
    "The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)"

    Alot of other forums said that this could be a firewall issue, but I don't think that is the case because I can run invoke-commands such as the following below with no errors:

    Invoke-Command -ComputerName WS-IT-50 -ScriptBlock {Get-Process}

    However, when I try to run the following script, which involves getting input from Active Directory, I get that error mentioned above.

    Script:

    import-module activedirectory

    function Get-ComputerInfo {

    BEGIN {}
    PROCESS {

    $computername = $_

    $os = Get-WmiObject Win32_OperatingSystem -computer $computername

    $bios = Get-WmiObject Win32_BIOS -computerName $computername;
    $system = Get-WmiObject Win32_ComputerSystem -computerName $computername;

    $obj = New-Object -TypeName PSObject
    $obj | Add-Member -MemberType NoteProperty -Name ComputerName -Value $computername

    $obj | Add-Member -MemberType NoteProperty -Name osVersion -Value ($os.Version);
    $obj | Add-Member -MemberType NoteProperty -Name OsSerialNumber -Value ($os.SerialNumber);

    $obj | Add-Member -MemberType NoteProperty -Name BiosVersionNumber -Value ($bios.SMBIOSBIOSVersion);
    $obj | Add-Member -MemberType NoteProperty -Name BiosManufacturer -Value ($bios.Manufacturer);

    $obj | Add-Member -MemberType NoteProperty -Name SystemModel -Value ($system.Model);
    $obj | Add-Member -MemberType NoteProperty -Name Owner -Value ($system.PrimaryOwnerName);
    $obj | Add-Member -MemberType NoteProperty -Name SystemMemory -Value ($system.TotalPhysicalMemory);
    $obj | Add-Member -MemberType NoteProperty -Name SystemThermal -Value ($system.ThermalState);

    Write-Output $obj

    }
    END {}
    }

    Get-ADComputer -filter * | Select -expand Name | Get-ComputerInfo

    Just so you know, I am not running Windows Firewall in my environment, I am running Symantec Endpoint Protection. All I have done is run a logon script for all computers in the domain with the following code which allowed me to run invoke-commands but not that script:

    Enable-PSRemoting -Force

    Thank you all for your time and I look forward to your replies!

  • #33180
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Invoke-Command uses a different port than RPC, so firewalls could still be involved. If you're running PowerShell v3 or later on all of your systems, you can try using Get-CimInstance instead of Get-WmiObject. Get-CimInstance, by default, also uses WSMAN (same port as Invoke-Command), so you may have better results that way.

    More likely, though, you're just trying to contact computers that aren't online when you run the script. Odds are that your AD domain contains at least some computer accounts that are either old (for machines that have been turned off or replaced), for laptops that are offline, etc. You can add some Write-Verbose or Write-Debug statements to your script to find out what's in the $computername variable when you encounter the errors, and you can add some error handling to gracefully deal with a situation where a target computer is offline.

  • #33181
    Profile photo of Steven Ayers
    Steven Ayers
    Participant

    This is more how you should be formatting this function:

    import-module activedirectory
    
    function Get-ComputerInfo {
        [CmdletBinding()]
        param (
        [parameter(Mandatory=$true,ValueFromPipeline=$true)][object[]]$InputObject
        )
        
        $computername = $InputObject
        
        $os = Get-WmiObject Win32_OperatingSystem -computer $computername
        
        $bios = Get-WmiObject Win32_BIOS -computerName $computername
        $system = Get-WmiObject Win32_ComputerSystem -computerName $computername
        
        $obj = New-Object -TypeName PSObject
        $obj | Add-Member -MemberType NoteProperty -Name ComputerName -Value $computername
        
        $obj | Add-Member -MemberType NoteProperty -Name osVersion -Value ($os.Version);
        $obj | Add-Member -MemberType NoteProperty -Name OsSerialNumber -Value ($os.SerialNumber);
        
        $obj | Add-Member -MemberType NoteProperty -Name BiosVersionNumber -Value ($bios.SMBIOSBIOSVersion);
        $obj | Add-Member -MemberType NoteProperty -Name BiosManufacturer -Value ($bios.Manufacturer);
        
        $obj | Add-Member -MemberType NoteProperty -Name SystemModel -Value ($system.Model);
        $obj | Add-Member -MemberType NoteProperty -Name Owner -Value ($system.PrimaryOwnerName);
        $obj | Add-Member -MemberType NoteProperty -Name SystemMemory -Value ($system.TotalPhysicalMemory);
        $obj | Add-Member -MemberType NoteProperty -Name SystemThermal -Value ($system.ThermalState);
        
        Write-Output $obj
    }
    
    Get-ADComputer -filter * | Select -expand Name | Get-ComputerInfo
    
  • #33182
    Profile photo of SatoriSlu
    SatoriSlu
    Participant

    David,

    I did not realize that Invoke-Command uses a different port. If that is the case, then it seems most likely to be that I must open up port 5985 on the firewall to allow winRM.

    Steven.

    Thank you for the formatting tip, I will change the function now.

  • #33183
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    If Invoke-Command works, then 5985 is already open 🙂 RPC uses many different ports (including a dynamic range). It's very unfriendly to firewalls, which is one of the things that led to Microsoft adopting WSMAN later on.

  • #33184
    Profile photo of SatoriSlu
    SatoriSlu
    Participant

    Damn, well that sucks. I'm assuming there is a list of these ports somewhere. It now seems I have either allow all those ports or update everyone to v3 of Powershell. Right now, everyone is on v2.

  • #33223
    Profile photo of Stuart Fleck
    Stuart Fleck
    Participant

    In my environment, I get that error for a number of reasons. One as Dave Wyatt has pointed out is that the asset is powered off. The other reasons that I see in my environment are:

    1. if you have preboot authentication and the asset is not completely past the preboot screen.
    2. if you asset is hung after applying patches or an install (this typically happens to a few machines during the application of patches around "Patch Tuesday"
    3. The last and more prevalent reason is that WMI is hosed on that asset and needs to be repaired.

    I do have to say that i have begun to replace all my Get-WMIObject with Get-CimInstance and am very pleased.

  • #33270
    Profile photo of SatoriSlu
    SatoriSlu
    Participant

    Hello Stuart

    I actually now believe there could be some other cause.

    Just as a test, I turned off Network Threat Protection on Symantec for a specific client I was encountering this error with. I attempted to run the command again on it and I STILL encountered this RPC error.

    I ensured the PC had winRM running, DCOM, and RPC service all running.

    Not sure what to make of this.

    Best,
    Steven

  • #33271
    Profile photo of SatoriSlu
    SatoriSlu
    Participant

    Just to clarify. I can also enter-pssession with these machines as well. The only time I encounter an error is when I try to run this script or attempt to run a command like

    Get-WmiObject Win32_Bios -ComputerName blahlbah

    It then throws up the RPC server is unavailable error.

    I'd like to change to use the Get-CimInstance, but all my machines in the domain are v2. I don't know the easiest method to update all of them to v4.

  • #33283
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Still sounds like a straightforward firewall problem to me. RPC ports are being blocked, WinRM port is allowed. I suppose, in a pinch, you might just try this:

    Invoke-Command -ComputerName blahblah { Get-WmiObject Win32_Bios }
    

    It's possible that you may run into a "second hop" issue there, even though Get-WmiObject is targeting the local computer; needs to be tested.

You must be logged in to reply to this topic.