Unable to restart server after it joins the domain - powershell

Morning guys,
I'm running into an issue where I have a script that joins a Server to a Domain and restarts, intalls it's roles/features, etc and then restarts it again. I don't have an issue with the first restart:
Restart-Computer -ComputerName $IP -Credential $AdminCred -Wait -For PowerShell
but when I try to do the second restart at the end of the script it get the following error
Restart-Computer : The computer is skipped. Fail to retrieve its LastBootUpTime via the WMI service with the
following error message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
The following is the original code I tried
Restart-Computer -ComputerName $HostName -Wait -For PowerShell
Without credentials, as I expect Kerberos to work as the account from the laptop has proper permissions
but I also ran it with -Credential and same error. Then I tried changing $HostName to $IP and still no luck.
I can get around the error, by enclosing the Restart-Computer command into an invoke-command session but then I can't "wait for powershell" unless I set an arbitrary sleep timer for a couple minutes.
Any Ideas are appreciated!

I figured it out. I had to add the -WsmanAuthentication param and specify Kerberos. Final code
Restart-Computer -ComputerName $HostName -WsmanAuthentication Kerberos -Wait -For PowerShell

Related

Powershell invoke-command access is denied error - not a double hop

I am building a new network with Server 2016 and a handful of Windows 10 clients. I have run Enable-PSRemoting successfully on all the clients. From the server I run:
Invoke-Command -ComputerName $computer -Scriptblock {'test'}
which results in
[computer] Connecting to remote server failed with the following error message : Access is denied.
+ CategoryInfo: OpenError: (computer:string) [], PSRemotingTransportException
+ FullyQualifiedErrorId: AccessDenied,PSSessionStateBroken
Because I am only having the remote computer process a string I believe this is not related to the common double hop issue I see in the forums.
I can also run WinRM successfully on the client machines:
Test-WSMan $computer
If anyone has insight into other causes of the access denied error I would greatly appreciate some ideas on where to look.
Thanks.
You need to be in Remote management users group on target machine (if it's local account). This will be enough for Invoke-Command access
I guess it is a permission problem. Try to create PsSession object via
$s = New-PSSession -ComputerName "you_computer_name" -Credential(Get-Credential)
Call Invoke-Command with the beforehand created session object:
Invoke-Command -Session $s -ScriptBlock { Get-Service }
This should return a list of all services of remote machine.
Hope that helps.

Add-Computer adds VM to domain then WMI fails

I am currently trying to add a Windows Server 2016 Vm to our domain using the following command.
Add-Computer -ComputerName $ServerName -NewName $ServerName -LocalCredential $localCreds -Credential $adcreds -DomainName mydomain.net -OUPath $ou -Force
The command creates the AD computer object and renames the server pending its reboot.
However, the cmdlet runs for about 15 minutes then gives us the following error:
Add-Computer : Cannot establish the WMI connection to the computer 'SERVER' with the following error message: The remote procedure call failed. (Exception from HRESULT: 0x800706BE).
We are not experiencing this issue at all with our Windows Server 2012 R2 Build.
Looks like failed authentication. You can try to connect to the remote computer by the following code example:
Net use \$servername\IPC$ /User:Administrator $LocalCreds.GetNetworkcredential().password
After that, try your command again.

Invoke-Command doesn't work but Get-Service does

I'm having a bit an issue invoking a command to remotely turn off services via PowerShell. I'm successful when using
(Get-Service -Name tomee -ComputerName servernamefqdn).Stop()
However when using
Invoke-Command -ComputerName servernamefqdn -Credential $creds -ScriptBlock {
(Get-Service -Name tomee).Stop()
}
I get errors
enter-pssession...winrm cannot process
and
The following error occurred while using Kerberos authentication: Cannot find the computer servernamefqdn.
I'm using my own credentials to pass in invoke. I've already ran the quick config for WinRM and added trusted sites for all. I'm not understanding why the first command works but the invoke command doesn't seem to find the server. The goal is the script will remotely stop services using another account. I read 1 other person having this same issue but no real solution for me. Any ideas?

Powershell remote install/app run

I am going to try and install software remotely onto a server and first i am trying to play around with the invoke-command cmdlet in powerhsell. Below is what I have so far
cls
Exit-PSSession
New-PSSession -ComputerName vm912test
Enter-PSSession -ComputerName vm912test -Credential sceris\pmanca
Invoke-Command -Computername vm912test -ScriptBlock {Start-Process "calc.exe" -wait}
Get-PSSession
However when i run this i see no running tasks in task manager. Does anyone know what i am missing? Once i can get this to work i will expand onto trying to remotely install some software first. I have no issues on communicating with the server and i have remote access/admin access on the box.
I updated with some more code but still receiving the same result that nothing is happening.

invoke command on remote machine is not working using powershell

I ran the below commands on my machine to download data from one server to another server using the invoke command
Enable-PSRemoting -force
Enter-PSSession Server1
invoke-command -computername Server1 -credential:'dom\jack' {c:\temp.ps1 -server serverX -id 4231e429-d238-4e32-a1bb-0ee812cd3124 -download $true}
ERROR is: Failed: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
but when i run the above command on my machine as
c:\temp.ps1 -server serverX -id 4231e429-d238-4e32-a1bb-0ee812cd3124 -download $true
it works as expected.
Is there something i am missing when i execute it remotely....please help me.
thanks
Try this good References:
http://www.ravichaganti.com/blog/?p=1108
http://technet.microsoft.com/en-us/magazine/ff700227.aspx
It might be something to do with the TrustedHosts or Authentication
setting of a client. You can set it like this:WinRM set
winrm/config/client #{TrustedHosts="*"}
Read more about this here:
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2008/02/23/remotely-managing-your-server-core-using-winrm-and-winrs.aspx
I use
powershell.exe -ExecutionPolicy Unrestricted -WindowStyle Hidden -NoLogo
I use this code:
try
{
Invoke-Command -credential $testCred -computer $ServerName -scriptblock {
param([String]$scriptDeploy, [String]$destino) &"$scriptDeploy" 'parametro1' $destino
$ScriptBlockOutput = $Error
} -ArgumentList $RutaRemotaParaScriptDeInstalacion, "$dirRemotoDestino"
"`r`n`r`nOK para script de despliegue"
exit 0;
}
catch
{
"`r`n`r`nError en script de despliegue"
"`r`nError in " + $_.InvocationInfo.ScriptName + " at line: " + $_.InvocationInfo.ScriptLineNumber + ", offset: " + $_.InvocationInfo.OffsetInLine + ".";
exit -1
}
You need to enable remoting on the remote machine. You also need to make sure the firewall/anti virus does not block the remoting ports. These are port 5985 for http, or port 5986 for https.
If both machines on the same domain it's fairly easy to get working. If the machines are on different domains however then it's more complex. There's a registry setting that needs to be changed on the remote server, and you need to pass credentials. Have a read here for more info. There is of course ssl which can also be enabled, but that's another story.
There is a bug in your script.
You should not be executing Enter-PSSession before the Invoke-Command, because the Invoke-Command itself sets up the PSSession.
Use only this:
Invoke-command -computername Server1 -credential:'dom\jack' {c:\temp.ps1 -server serverX -id 4231e429-d238-4e32-a1bb-0ee812cd3124 -download $true}
... Without the Enter-PSSession