Author Posts

July 14, 2014 at 1:07 pm

This may be a sharepoint problem, but it seems like a powershell issue so I'm starting here.

I want to use powershell to administer a remote sharepoint 2010 server running on Windows Server 2008R2 (WMF2.0) from my Windows 7 workstation (WMF3.0). If I run these commands on my workstation:

$s = New-PSSession servername.domain.com
Invoke-Command –Session $s –ScriptBlock {Add-PSSnapin Microsoft.SharePoint.PowerShell}
Import-PSSession $s -CommandName Get-SP*
get-spsite -identity "http://projects.domain.com/sites/b01411"

I get the error:

Cannot access the local farm. Verify that the local farm is properly configured, currently available, and that you have
 the appropriate permissions to access the database before trying again.

If I log on to the server using RDP and the same user account, start the Sharepoin Management Shell and run the same get-spsite command, it works just fine. Does anyone have any idea what I'm doing wrong?

Thanks

July 15, 2014 at 11:41 pm

Hello Tim,

I think you're experiencing a double/second-hop problem. You're credentials are not being delegated to a remote server like SQL while using the SharePoint cmdlet. You'll need to look into enabling Kerberos delegation to get this to work in a secure manner. If you search for SharePoint and double-hop you'll get a lot articles recommending to enable CredSSP but please don't follow that advise because you're sacrificing security for convenience. Learn how to get credential delegation via Kerberos working and you'll have learned something for future jobs or assignments.

I hope below article will get you started. Depending on your rights in Active Directory you might need a Domain Admin to setup Kerberos delegation for you.

http://dna-tech.blogspot.co.uk/2013/07/remote-powershell-with-sharepoint-2010.html

Regards,
Daniel

July 16, 2014 at 10:08 am

Thank for the response. I will check out those links. I'm curious why you think it is a double hop problem. I am remoting directly into the SharePoint server. Is the second hop the database server?

July 16, 2014 at 10:57 am

The second hop could be your database server. I don't know your environment of course.

July 28, 2014 at 8:35 pm

Thanks for the input. I've confirmed that I'm getting logged in with Kerberos credentials and that the SharePoint server is authorized for delegation. It seems the PowerShell part is right. I'll look into the SharePoint side of things.

...Tim