Is there a way to use Powershell to remote onto one machine (let's called it hub) and then from within that session remote onto another (a "spoke")? I need to connect to the hub touchdown server in our VPN before I can connect on to another machine.
Or is there another way to proxy the session via the hub machine?
From within the session to the HUB I can create the new PSSession, but I get an error when trying to enter it:
[HUB]: PS C:\Users\idlemind\Documents> New-PSSession remotehost.domain.com -Credential idlemind#domain.com
Id Name ComputerName State ConfigurationName Availability
-- ---- ------------ ----- ----------------- ------------
1 Session1 remotehost.d... Opened Microsoft.PowerShell Available
[HUB]: PS C:\Users\idlemind\Documents> Enter-PSSession 1
Enter-PSSession : You are currently in a Windows PowerShell PSSession and cannot use the Enter-PSSession cmdlet to enter another PSSession.
+ CategoryInfo : InvalidArgument: (:) [Enter-PSSession], ArgumentException
+ FullyQualifiedErrorId : RemoteHostDoesNotSupportPushRunspace,Microsoft.PowerShell.Commands.EnterPSSessionCommand
You'd need to enable Multihop Remoting on Hub.
Enable-WSManCredSSP –Role Client –DelegateComputer spoke
And this on Spoke. Enable-WSManCredSSP –Role Server
Please read
http://blogs.technet.com/b/heyscriptingguy/archive/2013/04/04/enabling-multihop-remoting.aspx
http://technet.microsoft.com/en-us/magazine/jj853299.aspx
http://blogs.msdn.com/b/clustering/archive/2009/06/25/9803001.aspx
Since your runnig a 2012 server, I'd investigate installing Powershell Web Access on that 'Hub' machine. It will give you very fine-grained access control, and act as a "gateway" to remote sessions on other machines once your are connected to it.
Related
I tried the Enable-PSRemoting in powershell, Windows 10 Pro, configured in Azure VM.
But the command fails with the following error :
WinRM has been updated to receive requests.
WinRM service type changed successfully.
WinRM service started.
Set-WSManQuickConfig : <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2150859113"
Machine="localhost"><f:Message><f:ProviderFault provider="Config provider"
path="%systemroot%\system32\WsmSvc.dll"><f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"
Code="2150859113" Machine="Roshin"><f:Message>WinRM firewall exception will not work since one of the network
connection types on this machine is set to Public. Change the network connection type to either Domain or Private and
try again. </f:Message></f:WSManFault></f:ProviderFault></f:Message></f:WSManFault>
At line:116 char:17
+ Set-WSManQuickConfig -force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Set-WSManQuickConfig], InvalidOperationException
+ FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.SetWSManQuickConfigCommand
Can someone help to mitigate this?
I just missed the statment in the error :
WinRM firewall exception will not work since one of the network
connection types on this machine is set to Public. Change the network connection type to either Domain or Private and
try again.
Turning the network to Private from public did the job
i have an problem with my script, plz help :3
This script is supposed to get all Server Hostnames from our Server OU. And than get the Used and Free Space of the Servers But when i try to get the server list with the "Get-AdComputer" cmdlet i get errors.
$servers = Get-ADComputer -Filter * -SearchBase "OU=SomeOU, DC=SomeDomain, DC=SomeDomain, DC=SomeDomain" | Select-Object Name
$allDisks = foreach ($server in $servers)
{
Get-WmiObject Win32_LogicalDisk -ComputerName $server -Filter DriveType=3 |
Select-Object #{'Name'='ComputerName'; 'Expression'={$server}},
DeviceID,
#{'Name'='Size'; 'Expression'={[math]::truncate($_.size / 1GB)}},
#{'Name'='Freespace'; 'Expression'={[math]::truncate($_.freespace / 1GB)}}
}
$allDisks |Export-Csv C:\Servers.csv -NoTypeInformation
when i run this i get:
Get-WmiObject : Der RPC-Server ist nicht verfügbar.
In Zeile:5 Zeichen:5
+ Get-WmiObject Win32_LogicalDisk -ComputerName $server -Filter Dri ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], COMException
+ FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
i also should add, that if i only run the thing from the first line i get an clean list of all of our servers.
As the error states that RPC server is not available for the one of the servers that you are trying to query. There can be multiple reasons as per the PS Blog:
The remote computer is blocked by the firewall.
Solution: Open the Group Policy Object Editor snap-in (gpedit.msc) to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization. OpenComputer Configuration, open Administrative Templates, open Network, open Network Connections, open Windows Firewall, and then open either Domain Profile or Standard Profile, depending on which profile you want to configure. Enable the following exception: “Allow Remote Administration Exception” and “Allow File and Printer Sharing Exception“.
Hostname or IP address is wrong or the remote computer is shut down.
Solution: Verify correct hostname or IP address.
The “TCP/IP NetBIOS Helper” service isn’t running.
Solution: Verify that “TCP/IP NetBIOS Helper” is running and set to auto start after restart.
The “Remote Procedure Call (RPC)” service is not running on the remote computer.
Solution: Verify that “Remote Procedure Call (RPC)” is running and set to auto start after restart.
The “Windows Management Instrumentation” service is not running on the remote computer.
Solution: Verify that “Windows Management Instrumentation” is running and set to auto start after restart
So, I dont think there is any code issue there. Kindly check the network firwwall and server side. Also apply a try/catch block and capture the exact server name in the loop to see which server is that causing the issue.
I'm working on a script which will install the windows failover cluster from a remote server
Remote server is hosting windows server 2016.
Cluster contains 2 Nodes Node1 and Node 2 of Windows server 2019
I ran below cmdlet from the remote server and when the node OS was Win 2016 then it created the failover cluster fine without any error, but when the node OS was Windows Server 2019 and the remote server from where I'm running the cmdlet OS is 2016 then I get below error
New-Cluster -Name "newcluster" -Node "win201906","win201905" -StaticAddress "10.0.3.22"
The clustered role was not successfully created. For more information view the report file below.
Report file location: C:\windows\cluster\Reports\Create Cluster Wizard winclus2021 on 2020.08.06 At 19.32.37.htm
New-Cluster : An error occurred while performing the operation.
An error occurred while creating the cluster 'winclus2021'.
An error occurred creating cluster 'winclus2021'.
The parameter is incorrect
file containing the error is generic
As an alternative I thought of running the new-cluster command on the node itself using invoke-command but it gives the error message
Invoke-Command -ComputerName Servername {
New-Cluster -Name $using:Clustername -Node $using:Clusternodes -StaticAddress $using:Clusip
}
There was an error adding node 'win201906' to the cluster
You do not have administrative privileges on the server 'win201906.constosonet.com'.
Attempted to perform an unauthorized operation.
At line:2 char:9
+ Invoke-Command -ComputerName $Reports[0].Servername {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (:) [New-Cluster], ClusterCmdletException
+ FullyQualifiedErrorId : UnauthorizedAccess,Microsoft.FailoverClusters.PowerShell.NewClusterCommand
+ PSComputerName : win201905
Above permission error incorrect as I'm running the cmdlet using domain joined account which is local admin on both the nodes. And I've logged in with that same account on that remote server.
Can you please suggest a better way of creating cluster from a remote server? as both of the above method seems to be difficult to achieve
Couldn't connect to a remote machine because of my password?
My problem here :
I can connect remotely with the normal method like "mstsc", so my user and password are working fine.
I do not understand why the password didn't work on powershell.
Could you help me for that please?
WinRM is enable on the remote machine.
Add your full command to the post for review.
You should run your powershell session as an account that has proper access to the server.
enter-pssession -computername "your PC Name" is the command.
Powershell version will matter here to the device you are trying to connect to needs to be on powershell 3.0
I have two VM's(Windows server 2008 r2) with ip
172.17.178.10
and
172.17.178.11
.
I have created a folder named
"share"
on vm with ip 172.17.178.10 that has an iso.
I logined into vm with ip 172.17.178.11 and run the following command
"Mount-DiskImage \\172.17.178.10\share\xyz.iso"
.It mounted successfully i can see the Drive in my computer.
Now i logined into 172.17.178.10 and took a remote session using powershell command
Enter-PSSession -ComputerName 172.17.178.11 -Credential Administrator
.
Now when i run the command
"Mount-DiskImage \\172.17.178.10\share\xyz.iso"
.
I get the following error:
MOUNT-DISKIMAGE : Access is denied.
+ CategoryInfo : PermissionDenied: (MSFT_DiskImage:ROOT/Microsoft/.../MSFT_DiskImage) [Mount-DiskImage],
CimException
+ FullyQualifiedErrorId : HRESULT 0x80070005,Mount-DiskImage
I have provided full permissions to the
share
folder.
The issue here is that powershell remoting will not allow for a second-hop authentication unless credssp is enabled. Basically what happens is that when when authenticate to the server you are remoting to it only verifies that you have access to it, it does not actually store your credentials for security reasons, so it is not able to connect to any other server in your environment. I've attached some links below with info on setting up CredSSP, which will allow you to perform second-hop remoting once it is configured.
https://support.microsoft.com/en-us/kb/951608
https://technet.microsoft.com/en-us/library/hh849872.aspx
you could also probably set your share/NTFS permissions to allow everyone read permissions but I have not tested that.