Enable-PSRemoting command failing in powershell, Azure VM - windows

I tried the Enable-PSRemoting in powershell, Windows 10 Pro, configured in Azure VM.
But the command fails with the following error :
WinRM has been updated to receive requests.
WinRM service type changed successfully.
WinRM service started.
Set-WSManQuickConfig : <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2150859113"
Machine="localhost"><f:Message><f:ProviderFault provider="Config provider"
path="%systemroot%\system32\WsmSvc.dll"><f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"
Code="2150859113" Machine="Roshin"><f:Message>WinRM firewall exception will not work since one of the network
connection types on this machine is set to Public. Change the network connection type to either Domain or Private and
try again. </f:Message></f:WSManFault></f:ProviderFault></f:Message></f:WSManFault>
At line:116 char:17
+ Set-WSManQuickConfig -force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Set-WSManQuickConfig], InvalidOperationException
+ FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.SetWSManQuickConfigCommand
Can someone help to mitigate this?

I just missed the statment in the error :
WinRM firewall exception will not work since one of the network
connection types on this machine is set to Public. Change the network connection type to either Domain or Private and
try again.
Turning the network to Private from public did the job

Related

Unable to start PSSession

I am trying to start a new remote session, using Powershell, to a server that is part of a dev domain. There is no trust between these two servers.
[XX-XXX-DB1.didevtest.local] Connecting to remote server
XX-XXX-DB1.didevtest.local failed with the following error message :
WinRM cannot complete the operation. Verify that the specified
computer name is valid, that the computer is accessible over the
network, and that a firewall exception for the WinRM service is
enabled and allows access from this computer. By default, the WinRM
firewall exception for public profiles limits access to remote
computers within the same local subnet. For more information, see the
about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (XX-XXX-DB1.didevtest.local:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken
I have enabled WinRM using Enable-PSRemoting and also added my local PC as a trusted system on the remote system using
Set-item wsman:localhost\client\trustedhosts -value.
If I use the IP address of the remote server, I get following error:
New-PSSession : [XXX.XX.X.X] Connecting to remote server
XXX.XX.X.Xfailed with the following error message : The WinRM client
cannot process the request. Default authentication may be used with an
IP address under the following conditions: the transport is HTTPS or
the destination is in the TrustedHosts list, and explicit credentials
are provided. Use winrm.cmd to configure TrustedHosts. Note that
computers in the TrustedHosts list might not be authenticated. For
more information on how to set TrustedHosts run the following command:
winrm help config. For more information, see the
about_Remote_Troubleshooting Help topic. At line:2 char:16
+ ... motesession=New-PSSession -ComputerName "XXX.XX.X.X" -Credential $cre ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession],
PSRemotingTransportException
+ FullyQualifiedErrorId : CannotUseIPAddress,PSSessionOpenFailed Enter-PSSession : Cannot validate argument on parameter 'Session'. The
argument is null or empty. Provide an argument that is not null or
empty, and then try the command again. At line:3 char:26
+ Enter-PSSession -Session $remotesession
+ ~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Enter-PSSession], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.EnterPSSessionCommand
Add the remote machine to your TrustedHosts list :
Set-Item WSMan:\localhost\Client\TrustedHosts -Value $ip -force

Mount-DiskImage giving Access Denied when running through remote session

I have two VM's(Windows server 2008 r2) with ip
172.17.178.10
and
172.17.178.11
.
I have created a folder named
"share"
on vm with ip 172.17.178.10 that has an iso.
I logined into vm with ip 172.17.178.11 and run the following command
"Mount-DiskImage \\172.17.178.10\share\xyz.iso"
.It mounted successfully i can see the Drive in my computer.
Now i logined into 172.17.178.10 and took a remote session using powershell command
Enter-PSSession -ComputerName 172.17.178.11 -Credential Administrator
.
Now when i run the command
"Mount-DiskImage \\172.17.178.10\share\xyz.iso"
.
I get the following error:
MOUNT-DISKIMAGE : Access is denied.
+ CategoryInfo : PermissionDenied: (MSFT_DiskImage:ROOT/Microsoft/.../MSFT_DiskImage) [Mount-DiskImage],
CimException
+ FullyQualifiedErrorId : HRESULT 0x80070005,Mount-DiskImage
I have provided full permissions to the
share
folder.
The issue here is that powershell remoting will not allow for a second-hop authentication unless credssp is enabled. Basically what happens is that when when authenticate to the server you are remoting to it only verifies that you have access to it, it does not actually store your credentials for security reasons, so it is not able to connect to any other server in your environment. I've attached some links below with info on setting up CredSSP, which will allow you to perform second-hop remoting once it is configured.
https://support.microsoft.com/en-us/kb/951608
https://technet.microsoft.com/en-us/library/hh849872.aspx
you could also probably set your share/NTFS permissions to allow everyone read permissions but I have not tested that.

Not able to get instance-id from powershell in EC2 windows machin

I can able to get the instance-id from AWS EC2 windows machine's IE browser using the URL http://169.254.169.254/latest/meta-data/instance-id
In the same machine when I use Powershell command
Invoke-WebRequest http://169.254.169.254/latest/meta-data/instance-id
then I am getting below error
Invoke-WebRequest : Network Error (tcp_error) A communication error occurred: "Operation timed out" The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time. For assistance, contact your network support team. At line:1 char:1
+ Invoke-WebRequest http://169.254.169.254/latest/meta-data/instance-id
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
Note: Invoke-WebRequest http://google.com is working and giving the response from PowerShell cmd.
Please anyone clarify what is this error.
What exactly does this need to do? Download data from the URL? I've never seen such a think before, but I would THINK you could use the System.Web.Uri class to do it, like so:
$var = New-Object System.Web.Uri
$var.Download("http://169.254.169.154/latest/meta-data/instance-id")
Does something like that work?

Powershell Session to one remote host then on to another

Is there a way to use Powershell to remote onto one machine (let's called it hub) and then from within that session remote onto another (a "spoke")? I need to connect to the hub touchdown server in our VPN before I can connect on to another machine.
Or is there another way to proxy the session via the hub machine?
From within the session to the HUB I can create the new PSSession, but I get an error when trying to enter it:
[HUB]: PS C:\Users\idlemind\Documents> New-PSSession remotehost.domain.com -Credential idlemind#domain.com
Id Name ComputerName State ConfigurationName Availability
-- ---- ------------ ----- ----------------- ------------
1 Session1 remotehost.d... Opened Microsoft.PowerShell Available
[HUB]: PS C:\Users\idlemind\Documents> Enter-PSSession 1
Enter-PSSession : You are currently in a Windows PowerShell PSSession and cannot use the Enter-PSSession cmdlet to enter another PSSession.
+ CategoryInfo : InvalidArgument: (:) [Enter-PSSession], ArgumentException
+ FullyQualifiedErrorId : RemoteHostDoesNotSupportPushRunspace,Microsoft.PowerShell.Commands.EnterPSSessionCommand
You'd need to enable Multihop Remoting on Hub.
Enable-WSManCredSSP –Role Client –DelegateComputer spoke
And this on Spoke. Enable-WSManCredSSP –Role Server
Please read
http://blogs.technet.com/b/heyscriptingguy/archive/2013/04/04/enabling-multihop-remoting.aspx
http://technet.microsoft.com/en-us/magazine/jj853299.aspx
http://blogs.msdn.com/b/clustering/archive/2009/06/25/9803001.aspx
Since your runnig a 2012 server, I'd investigate installing Powershell Web Access on that 'Hub' machine. It will give you very fine-grained access control, and act as a "gateway" to remote sessions on other machines once your are connected to it.

PowerShell: error executing command using Invoke-Command?

I'm trying to execute the following statement on remoter server:
Invoke-Command -ComputerName server1 -ScriptBlock {Get-Process}
but I get an error message:
[server1] Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the serv
ice on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS
or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more
information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
What is the reason for this and how to fix it?
There is 2 basical reason:
1) remote computer has not Powershell installed
2) PSremoting is not enabled on remote PC (to enable it read my comment in you answer)

Resources