PSWA access denied errror

This topic contains 4 replies, has 3 voices, and was last updated by  Don Jones 2 years, 3 months ago.

  • Author
    Posts
  • #26097

    Windows LiveUser93
    Participant

    Hi

    I am trying to use remove-dnsserverresourcerecord cmdlet but I get permissiondenied.
    here is the cmdlet and error.
    remove-dnsserverresourcerecord -ComputerName "DOMAIN CONTROLLER" -ZoneName "ZONE".com -RRType A -Name "SERVER TO REMOVE"
    Failed to get the zone information for "ZONE" on server "DOMAIN CONTROLLER".
    + CategoryInfo : PermissionDenied: ("SERVER TO REMOVE":root/Microsoft/...rResourceRecord) [Remove-DnsServerResourceRecord], CimException
    + FullyQualifiedErrorId : WIN32 5,Remove-DnsServerResourceRecord

    I was wondering why? If I log onto the server that is running pswa I can run the cmdlet fine.

  • #26098

    Will Anderson
    Keymaster

    Hey there LiveUser. It's a double-hop problem. When you're logged into PSWA, you're actually in a remote PS session. So you're remoted and running a command to a remote DNS server, and it'll fail. Local Session > PSWA > DNSServer

    When you log into the PSWA server directly via RDP, you're eliminating a hop.
    PSWA>DNSServer

    You can actually read up about the double hop problem, and possible solutions, here. https://www.penflip.com/powershellorg/secrets-of-powershell-remoting

  • #26100

    Windows LiveUser93
    Participant

    Thank you for the quick response. This was very helpful.

  • #26103

    Will Anderson
    Keymaster

    Any time! Mind if I mark this as resolved? 🙂

  • #26114

    Don Jones
    Keymaster

You must be logged in to reply to this topic.