PSRemoting Ports

Welcome Forums General PowerShell Q&A PSRemoting Ports

Viewing 5 reply threads
  • Author
    Posts
    • #221319
      Participant
      Topics: 23
      Replies: 48
      Points: 285
      Helping Hand
      Rank: Contributor

      Hello Team,

      I am struggling to find a proper answer about PSRemoting, hope you can help me.

      I want to connect a non trusted domain controller using PSremoting. I’ll authenticate in that domain controller with a user from that remote domain only. Firewall devices are exists in the network. Which ports need to be open for communication?

      As per document I have opened 5985 port at firewall and at client have added the domain in trusted host list, also added IP details in host file as there is no DNS. I am able to establish connection (verified using netsh) but authentication is getting failed saying invalid username or password. Could you please guide me further? (Credential is correct).

      I want to execute cmdlets like get-aduser, gpo, replicationmetadata etc through PSremoting session. I want to open only those ports those are really required. Your guide may help me a lot.

      Thanks.

      Roy.

    • #221409
      Participant
      Topics: 12
      Replies: 519
      Points: 1,194
      Helping Hand
      Rank: Community Hero

      5986 for WASMAN over HTTPS is required for untrusted domains
      Also see https://powershell.org/2012/08/ebook-secrets-of-powershell-remoting/

    • #221457
      Participant
      Topics: 23
      Replies: 48
      Points: 285
      Helping Hand
      Rank: Contributor

      5986 for WASMAN over HTTPS is required for untrusted domains

      Thats okay. But I think, kerberos or NTLM ports need to be opend for authentication, but not getting confirmation from anywhere.

      Could you confirm that 5985/6 can perform the authentication?

      Going through the book as well, but nothing found about it. I am using trusted host, so 5986 will not be applicable for me.

      Anyway, please let me know if you have any update.

      Regards,

      Roy.

    • #221502
      Participant
      Topics: 3
      Replies: 324
      Points: 1,056
      Helping Hand
      Rank: Community Hero

      I can confirm 5986 is what I’ve been able to connect to a different domain using credential from that domain. Simply allowed that one port from our wan ip. I’m not sure it’s required like Sam said, but I couldn’t imagine anyone wanting to use unencrypted traffic. Good luck

    • #222264
      Participant
      Topics: 6
      Replies: 93
      Points: 427
      Helping Hand
      Rank: Contributor

      I wonder if you can use the old trick where if the username and PW are identical on both systems? As in you login on system A with a username and password that also exist on the remote system? M$ seems to think the domain is irrelevant.

    • #222330
      Participant
      Topics: 23
      Replies: 48
      Points: 285
      Helping Hand
      Rank: Contributor

      I wonder if you can use the old trick where if the username and PW are identical on both systems? As in you login on system A with a username and password that also exist on the remote system? M$ seems to think the domain is irrelevant.

      This trick will not work for me. Can’t make such changes. Only way I need to test as Doug mentioned.

Viewing 5 reply threads
  • You must be logged in to reply to this topic.