Update DNS record on DC for non domain computer

This topic contains 0 replies, has 1 voice, and was last updated by Profile photo of Forums Archives Forums Archives 5 years, 5 months ago.

  • Author
    Posts
  • #6267

    by Tadziz at 2013-01-30 07:43:25

    Hello,
    So i have this inventory]
    A – domain controler
    B – non domain computer
    VPN – vpn software i use to connect to domain netwok
    powershell_vpn.exe – powershell script converted to exe witch start VPN

    My problem.
    when i run powershell_vpn.exe and connect to domain network i receive this error:
    "[DC.domain.com] Connecting to remote server failed with the following error message: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination , most commonly IIS or WinRm. If the destination is the WinRM service , run the following command on the destination to analyze and configure the WinRM service: "winrm quick config"

    Powershell code
    #Password for remote login
    $password = ConvertTo-SecureString -AsPlainText "password" -Force
    $credentials = new-object -TypeName System.Management.Automation.PSCredential -argumentlist "domain.com\John",$password

    #VPN software location
    $vpn = "C:\Program Files\ShrewSoft\VPN Client\"
    Set-Location $vpn

    #start VPN software
    .\ipsecc.exe -r "vpn.pcf"

    Start-Sleep -s 30

    #Get IP address of the ShrewSoft VPN adapter
    Get-WmiObject Win32_NetworkAdapterConfiguration| Where {$_.DNSDomain -eq “domain.com” -and $_.ServiceName -eq "vnet"} | select IPAddress > C:\info.txt
    $adapter = Get-Content -Path C:\info.txt | Select-Object -Last 1
    $adapter = $adapter.Substring(0,15)

    #new IP address
    $ip = $adapter
    $ip = $ip -replace "{", ""
    $ip = $ip -replace "}", ""

    #get hostname
    $hostname = "$env:computername"

    #DNS server info
    $DNSServer = "DC.domain.com"
    $DNSZone = "domain.com"

    #Start PSSession to DNS server
    New-PSSession -UseSSL -ComputerName $DNSServer -ConfigurationName Microsoft.Powershell -Credential $credentials
    $session = Get-PSSession

    #DNS record name
    $recordName = $hostname

    #DNS record type
    $recordType = "A"

    #IP from Shrew Soft VPN adapter to create a new DNS record
    $recordAddress = $ip

    # Now we execute DELETE command
    Invoke-Command -Session $session `
    {param($DNSServer,$DNSZone,$recordName,$recordType) dnscmd $DNSServer /RecordDelete $DNSZone $recordName $recordType /f} -ArgumentList $DNSServer,$DNSZone,$recordName,$recordType

    # Now we execute ADD command
    Invoke-Command -Session $session `
    {param($DNSServer,$DNSZone,$recordName,$recordType,$recordAddress) dnscmd $DNSServer /RecordAdd $DNSZone $recordName $recordType $recordAddress} -ArgumentList $DNSServer,$DNSZone,$recordName,$recordType,$recordAddress

    #EXIT and REMOVE PSSession
    Exit-PSSession
    Remove-PSSession $session

    What i have tryied?
    checked if winrm quickonfig is configured on DC.domain.com computer
    Turned off firewall, to make sure it does not couse this problem.
    on Dc.domain.com computer i have created powershell configuration "Set-PSSessionConfiguration -Name ActiveDirectory -ShowSecurityDescriptorUI" and set full permissions to John user
    John user is a member of DNSAdmins DNS Proxy and WinRM groups on DC.domain.com computer

    My question]
    Why i get this error ?
    Do i need to give additional permissions to John user ?

    Thanks,
    Tadas

    by DonJ at 2013-01-31 08:56:38

    So, did you run Enable-PSRemoting on the DC? Set-WsManQuickConfig isn't sufficient.

    Simply running Set-PSSessionConfiguration also may not be sufficient. That'll create an endpoint, but the default configuration may not be what you need. Can you test this using the default session configuration, so that we can determine if remoting is working or not?

    I don't think this is a permissions thing. The error for that is different. This is one machine not finding the other. Try to just do a normal Enter-PSSession to the default configuration – does that work?

    by Tadziz at 2013-01-31 23:29:57

    Yes, i run enable-PSRemoting on DC. I found a solution for my problem. I added John user to Domain Administrator group, and now i can use get-wmiobject to get static DNS record and update it with new IP address. So the code look like this
    #VPN software location
    $vpn = "C:\Program Files\ShrewSoft\VPN Client\"
    Set-Location $vpn

    #start VPN software
    .\ipsecc.exe -r "login.pcf"

    #autologin
    $password = ConvertTo-SecureString -AsPlainText "password" -Force
    $credentials = new-object -TypeName System.Management.Automation.PSCredential -argumentlist "domain.com\John",$password

    Start-Sleep -s 30

    Get-WmiObject Win32_NetworkAdapterConfiguration| Where {$_.DNSDomain -eq “domain.com” -and $_.ServiceName -eq "vnet"} | select IPAddress > C:\info.txt
    $adapter = Get-Content -Path C:\info.txt | Select-Object -Last 1
    $adapter = $adapter.Substring(0,15)

    #new IP address
    $ip = $adapter
    $ip = $ip -replace "{", ""
    $ip = $ip -replace "}", ""

    #get hostname and add domain.com because the computer do not belong to domain controler group

    $hostname = $env:computername + "domain.com"

    #Get information
    $dns = Get-WmiObject -ComputerName dc.domain.com -Namespace "root\MicrosoftDNS" -Class MicrosoftDNS_AType -Filter "OwnerName = '$hostname'" -Credential $credentials
    #modify host dns record
    $modifiedDNS = $dns.Modify($dns.TTL, $ip)

    Thank you for help 🙂 we can mark this as SOLVED for now, because i will still try to find how to solve my problem when using PSSessions.

You must be logged in to reply to this topic.