Develop Reference

WINRM configuration on HTTPS port - windows

I have an issue with WINRM configuration.
Once I changed HTTP port from 5985 to 5986 I cannot create new HTTPS record with the cerfificate as error said "File already exist"
New-WSManInstance : Cannot create a file when that file already exists.
At line:1 char:1
New-WSManInstance winrm/config/Listener -SelectorSet #{Transport='HTT ...
+ CategoryInfo : InvalidOperation: (:) [New-WSManInstance], InvalidOperationException
+ FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.NewWSManInstanceCommand
I tried to get quickconfig winrm, invoke it, but the problem is still this same

Issue has been fixed.
If you are struggling with issue like this, you have to create certificate, set up the HTTP listener to 5986 and then remove it. Then you can add the HTTPS listener without errors "File already exist". If you need both ports just run quickconfig for HTTP

Whats the output of "winrm enumerate winrm/config/Listener" ?
Try deleting the listeners using "Remove-Item -Path WSMan:\localhost\Listener* -Recurse -Force" and then run https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
Then you can choose to delete HTTP listener using "Get-ChildItem -Path WSMan:\localhost\Listener | Where-Object { $_.Keys -contains "Transport=HTTP" } | Remove-Item -Recurse -Force"

Related

When running the following on one of our Windows machine
$name = "My task"
Stop-ScheduledTask -TaskName $name -ErrorAction SilentlyContinue
I get this error:
Stop-ScheduledTask : Cannot connect to CIM server. The system cannot find the file specified.
+ Stop-ScheduledTask -TaskName $name -ErrorAction SilentlyContinue
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (PS_ScheduledTask:String) [Stop-ScheduledTask], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Stop-ScheduledTask
It does not look like a permission issus since it would look more like
Stop-ScheduledTask : Access is denied.
+ [void](Stop-ScheduledTask -TaskName $name -ErrorAction SilentlyContinue)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (PS_ScheduledTask:Root/Microsoft/...p_ScheduledTask) [Stop-Schedul
edTask], CimException
+ FullyQualifiedErrorId : HRESULT 0x80070005,Stop-ScheduledTask
A couple of facts to help:
I'm not running this remotely
Get-ScheduledTask will throw the same CimJob_BrokenCimSession error

Are you an administrator on the system? The error says permission denied (Misread OP)
When troubleshooting, it generally helps if you don't have -erroraction silentlycontinue if you actually want to see what's erroring. Obviously, you don't have it in a try/catch block, so you can see the error, but having the option to suppress errors doesn't make sense here.
More suggestions:
Are you running this command remotely? If you're running it against many servers, check your server list.
What happens if you get all the tasks, e.g. $tasks = get-scheduledtask, then reference the one you want with $tasks | where taskname -like "whatever" | stop-scheduledtask (or its index number in the array, e.g. $tasks[5]).
I didn't get any errors when I ran the preceding command against tasks that weren't running, but perhaps it does return an error in some cases if the task isn't in the running state.

I am trying to automate windows server update instllation for multiple servers. I have installed the module on all servers and also added the hostnames in winrm trust hosts.
All server hostnames are stored in txt file and are looped trought for each loop with different commands from teh PSwindowswupdate module.
$Hostname = Get-Content -Path "C:\TEMP\powershell_patching_script\module\hostnamesallwsus.txt"
Import-Module PSWindowsUpdate
foreach ($i in $Hostname) {
write-host $i
Get-WUHistory -ComputerName $i -last 3
}
Issue is that randomly the loop is failing for some hostnames, with error :
BGxxxxxxx01 #this is the hostname
Get-WUHistory : BGxxxxxxx01: Unknown failure.
At C:\TEMP\powershell_patching_script\Module\History.ps1:10 char:1
+ Get-WUHistory -ComputerName $i -last 3
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (:) [Get-WUHistory], Exception
+ FullyQualifiedErrorId : Unknown,PSWindowsUpdate.GetWUHistory
If I run the command with the hostname instead of variable it is failing again with the same error.
If I run the same but with $ in front of the hostname (even if such varaiable is not defined) the command works!ly appriciated
Get-WUHistory -ComputerName $BGxxxxxxx01 -last 3
Localy executed the commands are also working.
This issue seams to occure on random bases for multiple hostnames form my list.
I am unable find anything helpful regarding this error.
Any help will be highly appriciated!
Thanks in advance!

I found that Invoke-command works.
Just need to put the command in the script block of Invoke-command.

I've been pulling my hair out over this one. Somewhere along the line, it seems some old port mappings have been left in my windows server 2016 docker server and it is impossible to remove them. This is the command I'm trying to run and the error:
PS C:\Users\...\Desktop> Get-NetNatStaticMapping | Remove-NetNatStaticMapping
Confirm
Are you sure you want to perform this action?
Performing operation Delete on Target H54d664a6-523c-4452-b137-d66701623488;20;0 PolicyStore Local
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): a
Remove-NetNatStaticMapping : The requested operation is not supported.
At line:1 char:27
+ Get-NetNatStaticMapping | Remove-NetNatStaticMapping
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (MSFT_NetNatStat...b4d01327e;6...):root/StandardCi...atStaticMapping)
[Remove-NetNatStaticMapping], CimException
+ FullyQualifiedErrorId : Windows System Error 50,Remove-NetNatStaticMapping
Remove-NetNatStaticMapping : The requested operation is not supported.
At line:1 char:27
+ Get-NetNatStaticMapping | Remove-NetNatStaticMapping
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (MSFT_NetNatStat...701623488;2...):root/StandardCi...atStaticMapping)
[Remove-NetNatStaticMapping], CimException
+ FullyQualifiedErrorId : Windows System Error 50,Remove-NetNatStaticMapping
The below command shows the two port mappings...
PS C:\Users\...\Desktop> Get-NetNatStaticMapping
StaticMappingID : 20
NatName : H54d664a6-523c-4452-b137-d66701623488
Protocol : TCP
RemoteExternalIPAddressPrefix : 0.0.0.0/0
ExternalIPAddress : 0.0.0.0
ExternalPort : 443
InternalIPAddress : 172.20.95.205
InternalPort : 443
InternalRoutingDomainId : {00000000-0000-0000-0000-000000000000}
Active : False
StaticMappingID : 6
NatName : H68dfe202-0efd-480b-b78a-53ab4d01327e
Protocol : TCP
RemoteExternalIPAddressPrefix : 0.0.0.0/0
ExternalIPAddress : 0.0.0.0
ExternalPort : 443
InternalIPAddress : 172.31.142.210
InternalPort : 443
InternalRoutingDomainId : {00000000-0000-0000-0000-000000000000}
Active : False
I automated the uninstall and reinstall of docker on windows server 2016 and have tried all the usual tricks.
Below are the commands I'm using to uninstall docker on the airgapped server:
docker rm -f $(docker ps --all --quiet)
docker system prune --all --volumes -f
Stop-Service docker -Verbose
Stop-Service hns -Verbose
Get-ContainerNetwork | Remove-ContainerNetwork
Get-NetNat | Remove-NetNat -Confirm:$false
Get-VMSwitch -name nat | Remove-VMSwitch -Confirm:$false
Remove-Item -Path "C:\ProgramData\Docker" -Recurse -Force
Remove-WindowsFeature -Name Containers -Verbose
Remove-WindowsFeature -Name Hyper-V -Verbose
Remove-Item C:\ProgramData\Microsoft\Windows\HNS\hns.data -Force
Even still I'm unable to remove the port mappings, and later when trying to run another docker image with port 443 forwarded to the container, I'm given the error:
failed to create endpoint
container_name on network nat: HNS failed with error : The object already exists.
I'm starting to think my only option is to restore the server to a point in time earlier this week.
Any help is greatly appreciated!

In order to get past the issue...delete the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a20-9b1a-11d4-9123-0050047759bc}
After deleting the key, the I would get empty results from the commands:
Get-NetNat
Get-NetNatStaticMapping
For reference the answer came from a discussion on a blog post here:
https://www.thomasmaurer.ch/2016/05/set-up-a-hyper-v-virtual-switch-using-a-nat-network/
In this comment:
i was able to solve the “Invalid Operation”-Error. Actually, the Mircosoft Consultant that i share my office with, was able to track this down ;-)
To remove the NetNat, that i couldn´t remove with the powershell-command, i had to delete the following registry-key:
HKLM\System\CurrentControlSet\Control\NSI{eb004a20-…..7759bc}\6\….
The key was the same on two different machines, so this might be always the same GUID.
After deletion, the NetNat was gone and i was finally able to create a new one. This then worked as expected.
Best regards,
Sebastian

I am very new to PowerShell. I am using Windows 7 and PowerShell 5.
What I am trying to do is:
display all the network adapters for a system.
Disable all of them
Enable all of them
I am using this code to display all the network adapters:
$wmi = get-wmiobject win32_networkadapter
This displays all the network adapters and their status.
But the problem is that, I am not able to disable all pf the network adapters together using this command.
$wmi.disable()
This statement gives me the error:
Method invocation failed because [Selected.System.Management.ManagementObject] does not contain a method named 'disable'.
At line:1 char:1
+ $wmi.disable()
+ ~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (disable:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
Is there any alternative way to display all the network adapters and disable or enable all of them together ?
Thanks in advance!

It's because you're calling .disable() on the collection of network adapters and this method only exists for a single network adpater.
Try this:
$wmi = get-wmiobject win32_networkadapter
$wmi | Foreach-Object {
Write-Host "Disabling: $($_.name)"
$_.disable()
}

Having seen examples of BITS being used to transfer files from http addresses as well as regular windows file shares, I thought I'd test pulling and pushing to/from ftp. I used the below powershell commands:
Start-BitsTransfer `
-Source ftp://username:password#ftp.somewhere.com/file.zip `
-Destination c:\temp\file.zip
Start-BitsTransfer `
-Source c:\temp\file2.zip `
-Destination ftp://username:password#ftp.somewhere.com/file2.zip
In both cases I got the error:
Start-BitsTransfer : Cannot find drive. A drive with the name 'ftp' does not exist.
At c:\temp\bits2ftp.ps1:3 char:1
+ Start-BitsTransfer `
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (ftp:String) [Start-BitsTransfer], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : DriveNotFound,Microsoft.BackgroundIntelligentTransfer.Management.NewBitsTransferCommand
As such, I assume this isn't possible... however thought I'd post on here in case there is a way to do this (e.g. does it work on certain ftp servers)?
Also posting on here since I've seen no mention of anyone attempting this before, so thought I'd provide a Google hit for the next person to wonder.

So far as I can tell, FTP is not currently supported.
HTTP and HTTPS Download Server Requirements: http://msdn.microsoft.com/en-us/library/aa362846(v=vs.85).aspx
HTTP and HTTPS Upload Server (IIS) Requirements: http://msdn.microsoft.com/en-us/library/aa363130(v=vs.85).aspx