The remote computer are Win-10 VM in a VLAN.
We only have a few ports open in VLAN, including 3389 for Remote Desktop, 5985 & 5986 for powershell.
Remote Desktop works well.
But I couldn't to use powershell to remote debug on those computers,
If I run
Get-WinEvent -LogName System -Credential domain\test_user -ComputerName 10.100.155.1
I get this error
Get-WinEvent : The RPC server is unavailable
If I use invoke-command to execute the same script,
Invoke-Command -ComputerName 10.100.155.1 -Credential domain\test_user -ScriptBlock {Get-WinEvent -LogName System -Credential domain\test_user -ComputerName 10.100.155.1}
I will get another error:
[10.100.155.1] Connecting to remote server 10.100.155.1 failed with the following error message : Access is denied.
I have tried many solutions on internet, unfortunately, none is working. For example, I have checked if the services are running, if the firewall allows remote event management on remote computer, they looks alright.
Any idea where could be wrong?
Your problem is two-fold.
You cannot use WinRM (Invoke-Command) with an IP address. It uses Kerberos and Kerberos requires a DNS name.
You're passing your credentials and computername twice.
This should work without a problem:
$InvokeArgs = #{
ComputerName = 'Computername.domain.com'
Credential = (Get-Credential -Credential domain\test_user)
ScriptBlock = { Get-WinEvent -LogName System }
}
Invoke-Command #InvokeArgs
Access Denied is an Authentication Issue, double check your username and password.
I was working on a similar problem, trying to fetch count of system logons. Here's what worked for me:
$fetchEvents = { Get-WinEvent -FilterHashtable #{
Logname='system'
ProviderName='Microsoft-Windows-Winlogon'
StartTime=(get-date).AddDays(-10)
ID = 7001
} | Format-Table -Property TimeCreated, UserID, ID, MachineName }
Invoke-Command -ComputerName $ServerList -Credential $creds -ScriptBlock $fetchEvents
Related
I would like to pull Security events from two Domain Controllers remotely to audit use of an account and to provide guidance for account lockouts.
Locally on the DC my Powershell works fine provided Powershell is run with Elevated privileges.
Remotely having added the account used to the AD "Builtin" folders security group "Event log readers", i can access events other than Security events remotely. However a line like below does not work for Security Events. Zero events are returned.
$events = Invoke-Command -ComputerName $dc -Credential $cred -scriptblock {Get-WinEvent -LogName Security -FilterXPath "*[System[EventID=4624] and EventData[Data[#Name='TargetUserName']=`'$account`']]"}
Tips appreciated how i get past the need for elevated privileges remotely ?
you can use the paramters ComputerName and Credential with the Cmdlet Get-WinEvent and query the events like this:
$events = Get-WinEvent -ComputerName $dc -Credential $cred -LogName Security -FilterXPath "*[System[EventID=4624] and EventData[Data[#Name='TargetUserName']=`'$account`']]"
or - if you stick to Invoke-Command you have to use $using:account instead of $account within the ScriptBlock (like #Mathias said in the comment) to send that local variable to the remote host
$events = Invoke-Command -ComputerName $dc -Credential $cred -scriptblock {Get-WinEvent -LogName Security -FilterXPath "*[System[EventID=4624] and EventData[Data[#Name='TargetUserName']=`'$using:account`']]"}
I am trying to get the mibinfo for multiple dhcp servers in our infrastructure. My problem is that when i run the command
invoke-command -computername $dhcpserver -credential $Cred -scriptblock{netsh dhcp server show mibinfo}
I get MIBinfo for all the servers, but i don't get the name of the server in the output. So i need a way where i get the output as
Server1
mibinfo
server2
mibinfo
($dhcpserver has the list of all the dhcp servers.)
Is $dhcpserver an array of strings? I didn't know Invoke-Command could do this...
If so, try this:
Foreach ($server in $dhcpserver) {
$mibOutput = invoke-command -computername $server -credential $Cred -scriptblock{netsh dhcp server show mibinfo}
Write-Output "$server $mibOutput"
}
I can run the following command from my desktop out of my HQ domain but I am unable to create a Remote Powershell session.
I have searched many posts and can not determine how to resolve this.
$TargetServer = 'RemoteComputer'
Get-WmiObject -Namespace "root\cimv2" -Class Win32_Process -Impersonation 3 -Credential RemoteDomain\username -ComputerName $TargetServer
Need this to work, please note that if i am logged into a management server in the remote domain the command works with my default nt permissions.:
$TargetServerSession = New-PSSession -Credential RemoteDomain\username -ComputerName $TargetServer
What's the Error you are getting? Maybe it's a credential thing, I kind of miss the get-credential part.
YourUser needs local Admin rights on the remote machine and you need to provide a password for the session.
You enter a PSSession by doing this:
# * Define name of remote machine
$TargetServer = "RemoteComputer"
# * Get a password prompt for the user 'YourUser' and store the creds
$Cred = (Get-Credential YourDomain\YourUser)
# * Create a PSSession for the Remote Computer using the Credentials you just provided
$PSSession = new-pssession -Computer $TargetServer -Credential $Cred
# * Enter the session
Enter-PSSession $PSSession
If this code is not working, then we need more infos.
I have the following PowerShell script.
Code:
$User = "DOMAIN\user"
$PWord = ConvertTo-SecureString -String "somePassword" -AsPlainText -Force
$Credential = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $User, $PWord
$query=...
Get-WmiObject -Computer 192.168.172.10 -Class Win32_ComputerSystem -ErrorAction Stop # Fails
Get-WinEvent -FilterXML $query -ComputerName 192.168.172.10 -Credential $Credential -ea stop # Works
Situation: I'm on a AD server with an IP like 192.168.1.1 and executing my script. [AD has access rights for all subnets and there is no firewall blocking access]
Issue: I want to query the following computer: server1 with ip 192.168.172.10 then this:
Get-WmiObject -Computer 192.168.172.10 -Class Win32_ComputerSystem -ErrorAction Stop # Fails
fails with an "RPC-Server is unavailable" error but this:
Get-WmiObject -Computer server1 -Class Win32_ComputerSystem -ErrorAction Stop # Works
works and this works too:
Get-WinEvent -FilterXML $query -ComputerName 192.168.172.10 -Credential $Credential -ea stop # Works
The server is in the same domain like the AD and Windows Firewall is for testing purposes disabled.
And a different server "server2" with ip 192.168.172.11 is working both ways with FQDN and ip.
Does anyone have an idea why in some cases (5 out of hundrets) the Get-WmiObject fails with ip but works with FQDN?
I searched about similar issues but all are about WinRM and are using commands like Invoke-Command. For sure WinRM first needs to be configured right in that case, but as far as I understood Get-WmIObject does not need WinRM. (I have not done any configuration tasks on all the computers).
The issue what you are facing is because of the reverse DNS records.
In your case, you might have multiple RDNS records for the same IP, causing the problem to be intermittent.
Check your reverse lookup zone and the the corresponding PTR records.
That should solve your issue.
Hope it helps.
I want to start/stop apache and mysql services on remote machine by using powershell version 2.0 (Windows Server 2008). I found syntax for remote execution as follow:
(Get-WmiObject -Computer myCompName Win32_Service -Filter "Name='myServiceName'").InvokeMethod("Stop-Service",$null)
But I have to provide credentials (DOMAIN_NAME\USERNANE and PASSWORD) also for this exceution. I am new to powershell and need help for correct syntax (example will be easy to understand and implement).
Get-WMIObject accepts the -Credential parameter. You shouldn't be keeping your credentials in plain text in your script, so you'll want to prompt for them.
$creds = get-credential;
(Get-WmiObject -Computer myCompName Win32_Service -Filter "Name='myServiceName'" -credential $creds).InvokeMethod("Stop-Service",$null)
If you have PSRemoting enabled on the remote system, you can do this without WMI.
$creds = get-credential;
Invoke-Command -computername myCompName -credential $creds -scriptblock {(get-service -name myServiceName).Stop()};
Update based on comments
Since you're running this as a scheduled job, you should not be storing or prompting for credentials at all. Configured the scheduled job itself (via Scheduled Tasks) to run under the required user account, then either of the following should work:
# Your original code
(Get-WmiObject -Computer myCompName Win32_Service -Filter "Name='myServiceName'").InvokeMethod("Stop-Service",$null)
# If you have remoting enabled
Invoke-Command -computername myCompName -scriptblock {(get-service -name myServiceName).Stop()};