Sharepoint 2010 Remote Admin

This topic contains 5 replies, has 2 voices, and was last updated by  Tim Evans 3 years, 10 months ago.

  • Author
  • #17114

    Tim Evans

    This may be a sharepoint problem, but it seems like a powershell issue so I'm starting here.

    I want to use powershell to administer a remote sharepoint 2010 server running on Windows Server 2008R2 (WMF2.0) from my Windows 7 workstation (WMF3.0). If I run these commands on my workstation:

    $s = New-PSSession
    Invoke-Command –Session $s –ScriptBlock {Add-PSSnapin Microsoft.SharePoint.PowerShell}
    Import-PSSession $s -CommandName Get-SP*
    get-spsite -identity ""

    I get the error:

    Cannot access the local farm. Verify that the local farm is properly configured, currently available, and that you have
     the appropriate permissions to access the database before trying again.

    If I log on to the server using RDP and the same user account, start the Sharepoin Management Shell and run the same get-spsite command, it works just fine. Does anyone have any idea what I'm doing wrong?


  • #17161

    Daniel Krebs

    Hello Tim,

    I think you're experiencing a double/second-hop problem. You're credentials are not being delegated to a remote server like SQL while using the SharePoint cmdlet. You'll need to look into enabling Kerberos delegation to get this to work in a secure manner. If you search for SharePoint and double-hop you'll get a lot articles recommending to enable CredSSP but please don't follow that advise because you're sacrificing security for convenience. Learn how to get credential delegation via Kerberos working and you'll have learned something for future jobs or assignments.

    I hope below article will get you started. Depending on your rights in Active Directory you might need a Domain Admin to setup Kerberos delegation for you.


  • #17163

    Daniel Krebs

    One more article which might help:

  • #17201

    Tim Evans

    Thank for the response. I will check out those links. I'm curious why you think it is a double hop problem. I am remoting directly into the SharePoint server. Is the second hop the database server?

  • #17204

    Daniel Krebs

    The second hop could be your database server. I don't know your environment of course.

  • #17547

    Tim Evans

    Thanks for the input. I've confirmed that I'm getting logged in with Kerberos credentials and that the SharePoint server is authorized for delegation. It seems the PowerShell part is right. I'll look into the SharePoint side of things.


You must be logged in to reply to this topic.