I'm trying to use invoke-command from a Windows 2019 server (server A) to another Windows server (server B). I know WinRM is configured on server B because I am able to successfully use invoke-command from my workstation to server B. However when I try the same exact command with the same credentials from server A to server B it fails with the below error message. It fails so quickly that it seems like it's not even trying to reach out over the network.
Things I have tried so far:
Set trusted hosts on both servers using winrm s winrm/config/client #{TrustedHosts="*"}
Did a packet trace on our router to ensure packets on 5985 were allowed
Disabled the firewall on server A
Ran "winrm quickconfig" on both servers
The command I'm using to test is invoke-command -computername "server B" {1}.
I'm able to successfully ping server B from server A.
Any thoughts on what could possibly be causing this?
Related
I have been learning some network and system administration and encountered a puzzling problem.
SETUP:
I setup a small local offline network with a Windows Server 2019 and a Ubuntu server hosting gitea. In the Windows Server I have assigned a static IP of 169.254.0.2 and installed DNS and DHCP roles. In the Ubuntu server I have assigned a static IP of 169.254.0.3.
DNS has been configured with a primary zone funlab.abc. I created a single A record for gitea.funlab.abc. to point to 169.254.0.3. DHCP has been configured to lease addresses from 169.254.0.100 to 169.254.255.254. Subnet mask is 255.255.0.0.
PROBLEM:
With this setup, I successfully got client machines to connect to the local LAN network, transparently get a dynamic IP address, and access gitea.funlab.abc through the browser.
But in windows 10 client machines, I am unable to run ping gitea.funlab.abc in command prompt. I get an error message :
Ping request could not find host gitea.funlab.abc. Please check the name and try again
Git clone/push operations involving the URL gitea.funlab.abc also does not work.
However I can run ping -4 gitea.funlab.abc successfully. Git clone/push operations can also work if I replace the URL with the static IP. nslookup gitea.funlab.abc works correctly as well.
QUESTION:
Why is this happening? What did I misconfigure such that ping and git commands do not work?
Turns out ping and git commands works just fine when I change the IP address to 192.168.X.X. I guess windows treat the 169.254.X.X addresses differently.
Is it possible to check if a remote server is up, without connecting to it?
Basically, telnet ip.ad.dre.ss port works, but will connect to the server. Is there an equivalent command, that will just check is the server is up, without establishing a connection with it?
I would like to check it in a bash script.
If your server is a remote server you can not check without connecting to the server. You can only check that by log into the Operating System where that server is running and then you have to use ps -ef | grep [p]rocessName
For a local server ss --listening will list all listening processes.
for a remote server you could connect using ssh and run ss, or test the listening socket(s) directly using nmap
`
I'm new to Windows Azure Server configurations, and I'm trying to configure the FTP Connection. But when I access the Server with FileZilla it doesn't work. What am I doing wrong here?
I'm using IIS with FTP Server Roles installed.
Following is the error log from FileZilla
Status: Resolving address of AZR-SRV-map01.cloudapp.net
Status: Connecting to 52.187.64.207:990...
Status: Connection established, initializing TLS...
Status: Verifying certificate...
Status: TLS connection established, waiting for welcome message...
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I.
Command: PASV
Response: 227 Entering Passive Mode (52,187,64,207,195,237).
Command: LIST
Response: 150 Opening BINARY mode data connection.
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing
Status: Disconnected from server
I also tried the following steps in configuring the FTP Connection...
Here the endpoints have being configured from the Azure Portal.
This is how I published the FTP Site
Configured the FTP Firewall Support with the Azure Server Public IP
And enabled the firewall outbound and inbound rules..
After completing all the steps, I restarted the Microsoft FTP Service, but the problem still exists.
For now, we can't configure a active mode FTP on Azure VM. we should configure data channel port range in FTP Firewall Support, FTP work in passive mode. For example, we can use 10000-10010 ports as the data channel port range. Also, we should add ports to VM's endpoints and add then to VM's firewall inbound rules.
By the way, although the windows firewall seems to allow all traffic that’s required, we also need to enable stateful FTP filtering on the firewall:
netsh advfirewall set global StatefulFtp enable
Then restart the FTP windows service and we should be up and running:
net stop ftpsvc
net start ftpsvc
Here a case similar as you, please refer to it.
I am trying to connect teamcity server running in Ubuntu, from windows but its not working.
I changed firewall settings and opened up port 9090 and 8111.
I got these logs from windows agent
Call http://my.domain.com:8111/RPC2 buildServer.registerAgent3:
org.apache.xmlrpc.XmlRpcException:
jetbrains.buildServer.CannotPingAgentException: Unable to ping agent .
Check firewall and/or try to specify 'ownAddress' in the agent
configuration. Details: Agent '' cannot be accessed by any of the
addresses: [183.83.50.68, 192.168.1.146], (port 9090)
It means that TeamCity server can't access TeamCity agent by the specified addresses and port.
Ensure that your agent IP address is 183.83.50.68 and that incoming connections to the 9090 port are not blocked by not only firewall, but also by antivirus or similar software.
Or you can update to the TeamCity 9.1 or later - in these versions server doesn't have to be able to connect to the agent, only agent-to-server connection is necessary.
I am using CHEF 12 and trying to bootstrap an EC2 instance (Win server 2012 R2) from my workstation. However, I am getting the below error.
> Waiting for remote response before
> bootstrap.....................ERROR: No response received from remote
> node after 2.08 minutes, giving up. ERROR: Network Error: No
> connection could be made because the target machine actively refused
> it. - connect(2) (http://52.76.1.57:5985) Check your knife
> configuration and network settings
I have two CHEF servers (Hosted as well as on-premises); I have tried bootstraping the EC2 instance using each of these, but get the same result.
Chef bootstrap command issued via power-shell:
PS ~\chef-repo> knife bootstrap windows winrm 52.76.1.57 --winrm-user Administrator --winrm-password '******' --node-name node_145 --run-list 'recipe[ie::esc],recipe[install_iis]'
As far as I researched, it is because I am not able to establish a WINRM connection from my workstation to the Ec2 instance. I am however able to connect to another Win 2012 server within my office network and bootstrap successfully.
have already logged in remotely to the EC2 instance and run winrm quickconfig from powershell.
have set the Administrator password to a desired one.
Have opened inbound firewall rule for WIndows remote management on ports 5985 and 5986
Set up setcurity group and allowed inbound Custom TCP rule for ports 5985 and 5986 on AWS
you took all the necessary steps for this, would it be possible that you are getting filtered by a firewall (e.g company firewall)?
fyi, I managed to bootstrap a machine with the following steps:
# configure winrm for using knife winrm
winrm set winrm/config/service/auth '#{Basic="true"}'
winrm set winrm/config/service '#{AllowUnencrypted="true"}'
set-item WSMan:\localhost\Client\allowunencrypted $true
#turn off firewall
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
EDIT: to sum up below comments, the problem was the company firewall that was blocking the traffic
Windows 2012 R2 introcuced changes within WinRM security, which rendered some of old articles / readme examples explaining usage of knife-ec and knife-windows unusable.
This article http://blog.coderinserepeat.com/2015/07/15/chef-knife-ec2-and-knife-windows/ pretty much sums up how to deal with this in recent versions of knife plugins.