I am trying to use PowerShell Remoting to check some disk sizes from a Server in a remote domain, but the commands I am running are failing to work.
The situation is like this:
The Server in Domain B is running Exchange 2010, and I can run Exchange 2010 Specific commands against it from Server A using this command:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange –ConnectionUri $ConnectionURI -Credential $Credentials -Authentication Basic Import-PSSession $Session
The problem is that I can't run any non Exchange commands against this server using this session, if I try then it says that it can't understand the commands. I've checked and running Get-Command with Invoke-Command and the -Session variable set to my established session only returns Exchange commands.
So I thought i'd try to use Invoke-Command and the relevant ComputerName, Authentication type and Credentials, but this is failing:
Invoke-Command -ScriptBlock {Get-Service} -ComputerName "Servername.destination.com" -Credential $Credentials -Authentication "Basic"
This is the error:
[servername.destination.com] Connecting to remote server failed with the following error message : The WinRM client can not process the request. The authentication mechanism requested by the client is not supported by the server or unencry pted traffic is disabled in the service configuration. Verify the unencrypted traffic setting in the service configurat ion or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the computer nam e as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name a nd password. Possible authentication mechanisms reported by server: Negotiate Kerberos For more information, see th e about_Remote_Troubleshooting Help topic. + CategoryInfo : OpenError: (:) [], PSRemotingTransportException + FullyQualifiedErrorId : PSSessionStateBroken
So I go into the WSMAN config on the Target server and set the relevant settings for allowing Basic Auth and an unencrypted connection:
cd WSMan:\localhost\Service Set-Item AllowUnencrypted $True cd .\Auth Set-Item Basic $True
I also have added the Destination server into the Trusted Hosts of the Source domain server:
cd WSMan:\localhost\Client Set-Item TrustedHosts servername.destination.com
After doing so, the error changes, but it's not very helpful:
PS WSMan:\localhost\Client> Invoke-Command -ScriptBlock {Get-Service} -ComputerName "servername.destination.com" -Creden tial $Credentials -Authentication "Basic" [servername.destination.com] Connecting to remote server failed with the following error message : Access is denied. Fo r more information, see the about_Remote_Troubleshooting Help topic. + CategoryInfo : OpenError: (:) [], PSRemotingTransportException + FullyQualifiedErrorId : PSSessionStateBroken
I have also tried using Domain Admin credentials, via -Credential (Get-Credential), but this is failing with the same problem.
The user I am trying to use is a member of the local Admins users on the server in question, so the permissions should already be set on the PSSessionConfiguration containers.
I would love any further pointers with this! I would just use WMI but it's not enabled through the firewalls at the moment.
Had similar problems recently. Would suggest you carefully check if the user you're connecting with has proper authorizations on the remote machine.
You can review permissions using the following command.
Set-PSSessionConfiguration -ShowSecurityDescriptorUI -Name Microsoft.PowerShell
Found this tip here (updated link, thanks "unbob"):
https://devblogs.microsoft.com/scripting/configure-remote-security-settings-for-windows-powershell/
It fixed it for me.
Running the command prompt or Powershell ISE as an administrator fixed this for me.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With