Sharepoint 2010 Remote Admin

This topic contains 5 replies, has 2 voices, and was last updated by Profile photo of Tim Evans Tim Evans 2 years, 4 months ago.

  • Author
    Posts
  • #17114
    Profile photo of Tim Evans
    Tim Evans
    Participant

    This may be a sharepoint problem, but it seems like a powershell issue so I'm starting here.

    I want to use powershell to administer a remote sharepoint 2010 server running on Windows Server 2008R2 (WMF2.0) from my Windows 7 workstation (WMF3.0). If I run these commands on my workstation:

    $s = New-PSSession servername.domain.com
    Invoke-Command –Session $s –ScriptBlock {Add-PSSnapin Microsoft.SharePoint.PowerShell}
    Import-PSSession $s -CommandName Get-SP*
    get-spsite -identity "http://projects.domain.com/sites/b01411"

    I get the error:

    Cannot access the local farm. Verify that the local farm is properly configured, currently available, and that you have
     the appropriate permissions to access the database before trying again.

    If I log on to the server using RDP and the same user account, start the Sharepoin Management Shell and run the same get-spsite command, it works just fine. Does anyone have any idea what I'm doing wrong?

    Thanks

  • #17161
    Profile photo of Daniel Krebs
    Daniel Krebs
    Participant

    Hello Tim,

    I think you're experiencing a double/second-hop problem. You're credentials are not being delegated to a remote server like SQL while using the SharePoint cmdlet. You'll need to look into enabling Kerberos delegation to get this to work in a secure manner. If you search for SharePoint and double-hop you'll get a lot articles recommending to enable CredSSP but please don't follow that advise because you're sacrificing security for convenience. Learn how to get credential delegation via Kerberos working and you'll have learned something for future jobs or assignments.

    I hope below article will get you started. Depending on your rights in Active Directory you might need a Domain Admin to setup Kerberos delegation for you.

    http://dna-tech.blogspot.co.uk/2013/07/remote-powershell-with-sharepoint-2010.html

    Regards,
    Daniel

  • #17163
    Profile photo of Daniel Krebs
    Daniel Krebs
    Participant

    One more article which might help:
    http://preview.tinyurl.com/o7klsas

  • #17201
    Profile photo of Tim Evans
    Tim Evans
    Participant

    Thank for the response. I will check out those links. I'm curious why you think it is a double hop problem. I am remoting directly into the SharePoint server. Is the second hop the database server?

  • #17204
    Profile photo of Daniel Krebs
    Daniel Krebs
    Participant

    The second hop could be your database server. I don't know your environment of course.

  • #17547
    Profile photo of Tim Evans
    Tim Evans
    Participant

    Thanks for the input. I've confirmed that I'm getting logged in with Kerberos credentials and that the SharePoint server is authorized for delegation. It seems the PowerShell part is right. I'll look into the SharePoint side of things.

    ...Tim

You must be logged in to reply to this topic.