Restart IIS on remote machine using Powershell - powershell

I have a TFSserver and a QAserver. I am using autodeployment using TFS and have a powershell script that do the requirement.
But I have a issue in restarting the QA server IIS from the same power shell script.
i am doing the following set of commands for restarting the IIS.
/*struser is in the administrator group of the QAserver
$cred = New-Object System.Management.Automation.PSCredential ("$QAserver$struser", $password )
$session = new-pssession $oceane_server -Auth Negotiate -Credential $cred
/* Some deployment script */
invoke-command -session $session -ScriptBlock {iisreset /stop}
Following error appears :
Access denied, you must be an administrator of the remote computer to use this
command. Either have your account added to the administrator local group of
the remote computer or to the domain administrator global group.
I could not find the solution for this. Any help would be appreciable.

The quick work around is to open all the ports of your server and run iisreset [MACHINENAME] /stop.
For powershell remoting, I use credssp because it allows the double-hop. Also, did you set your execution policy to bypass?
Set-ExecutionPolicy Bypass

Related

How to execute powershell script from server1 for deploying wsp in server2

I am trying to remotely deploy wsp file present in server2 by running a powershell script in server1.
I am able to successfully log in to the server2 through server1 using the below command:
$password = ConvertTo-SecureString "password" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("username",$password)
but I am not able to deploy the wsp file. This is the code that I tried:
Enter-PSSession -ComputerName server2 -Credential $cred
Add-PSSnapin Microsoft.Sharepoint.Powershell –EA 0
Update-SPSolution -Identity TechSoup.Web.wsp -LiteralPath "C:\Program Files ...Debug\Some.wsp" -GacDeployment
I have also tried to put the above code in a script, save it and run the script remotely.
This is the error that I am getting. I believe it is because I don't have admin privileges, I can say this because when I run the deployment code from server2 as admin, the wsp file is getting deployed. So, how can I get admin privileges remotely. The user has the admin privileges, all I need to do is run it with elevated privileges(like right-click and run as admin, but programatically)
Update-SPSolution : Cannot access the local farm. Verify that the
local farm is properly configured, currently available, and that you
have the appropriate permissions to access the database before trying
again
EDIT
I have tried the below script code in admin mode in powershell:
$password = ConvertTo-SecureString "serverpassword" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("userName",$password)
Enable-PSRemoting
Enable-WSmanCredSSP -Role Server
winrm set winrm/config/winrs '#{MaxShellsPerUser="25"}'
winrm set winrm/config/winrs '#{MaxMemoryPerShellMB="600"}'
Enter-PSSession -ComputerName Server2 -Credential $cred -Authentication credssp
However, I keep getting this error:
Enter-PSSession : Connecting to remote server Server2 failed
with the following error message : The WinRM client cannot process
the request. CredSSP authentication is currently disabled in the
client configuration. Change the client configuration and try the
request again. CredSSP authentication must also be enabled in the
server configuration. Also, Group Policy must be edited to allow
credential delegation to the target computer. Use gpedit.msc and look
at the following policy: Computer Configuration -> Administrative
Templates -> System -> Credentials Delegation -> Allow Delegating
Fresh Credentials. Verify that it is enabled and configured with an
SPN appropriate for the target computer. For example, for a target
computer name "myserver.domain.com", the SPN can be one of the
following: WSMAN/myserver.domain.com or WSMAN/*.domain.com For more
information, see the about_Remote_Troubleshooting Help topic
No matter what I try, I get this error. I have tried these techniques:
Allowed Delegating fresh credentials as well as NTLM fresh credentials in GPEdit.
I have tried the script present in This link
I have added user privileges in compmgmt.msc at
Remote Desktop Users
WinRMRemoteWMIUsers__
WSS_ADMIN_WPG
Remote Management Users
Can anyone suggest any thing ??
In order to run SharePoint commands remotely please follow the steps outlined in: Remote PowerShell to Manage SharePoint on-premises
Essentially, after enabling remoting, you have to enable CredSSP access in order for your credentials to be sent to the remote and local computer in order for you to run elevated commands.
On the server:
Enable-PSRemoting
Enable-WSmanCredSSP -Role Server
winrm set winrm/config/winrs '#{MaxShellsPerUser="25"}'
winrm set winrm/config/winrs '#{MaxMemoryPerShellMB="600"}'
And on the client:
Enable-PSRemoting
Enable-WSmanCredSSP -Role Client -DelegateComputer "server2.contoso.com"
Then on the client you can enter the session:
Enter-PSSession -ComputerName server2 -Credential $cred -Authentication Credssp

Using invoke-command scriptblock with exchange management shell

I've written some scripts to automate some user add and user modifications functions. But there is one last piece to the puzzle I can't figure out.
I need to run some commands in exchange management shell on the exchange server from a local powershell session, like an invoke-command scriptblock.
Is this possible?
Will adding Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
to the beginning of my script block accomplish this?
As for this...
Will adding Add-PSSnapin
Microsoft.Exchange.Management.PowerShell.SnapIn
You can't do this natively, without installing the EMC directly on your host.
Secondly, there is no real reason to. You can use PSRemoting to proxy the Exchange cmdlets to your host. The cmdlets are only available during the session
This process is the same whether you are using Exchange on-prem or Exchange online, though Exchange Online points to the O365 URI.
This has been documented in several places via the MS provided docs as noted here:
Connect to Exchange servers using remote PowerShell
Connect to a remote Exchange server
1.On your local computer, open Windows PowerShell, and run the following command:
$UserCredential = Get-Credential
In the Windows PowerShell Credential Request dialog box that opens, enter your user principal name (UPN) (for example, chris#contoso.com) and password, and then click OK.
2.Replace with the fully qualified domain name of your Exchange server (for example, mailbox01.contoso.com) and run the following command:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<ServerFQDN>/PowerShell/ -Authentication Kerberos -Credential $UserCredential
Note: The ConnectionUri value is http, not https.
3.Run the following command:
Import-PSSession $Session -DisableNameChecking
https://learn.microsoft.com/en-us/powershell/exchange/exchange-server/connect-to-exchange-servers-using-remote-powershell?view=exchange-ps
Remote PowerShell in Exchange 2013
1.On your local computer, open Windows PowerShell and execute the following command:
$UserCredential = Get-Credential
2.After entering the credentials prompted when you executed the above command, execute the following:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<FQDN of Exchange 2013 Client Access server>/PowerShell/ -Authentication Kerberos -Credential $UserCredential
3.Finally, import the session established above with the following:
Import-PSSession $Session
https://blogs.technet.microsoft.com/nathanscott/2015/06/14/remote-powershell-in-exchange-2013/
Yes you can, some commands have to be run locally, below is an example. You can do the same with Exchange.
Invoke-Command -ComputerName $srv -ScriptBlock{Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell;
Get-EngineUpdateInformation}

Get 'Access denied' on Invoke-Command for administrator

I have follow issue: I trying to run remote command on my server (windows server 2012 r2) via powershell command, powershell script looks follow
$password = ConvertTo-SecureString $pass -AsPlainText -Force
$credentials = New-Object System.Management.Automation.PsCredential($deployadmin,$password)
$scriptBlock1 = {Get-NetAdapter}
Invoke-Command -computername $server -Credential $credentials -scriptblock $scriptBlock1
and I've get an error 'Access is denied'
I've tryied to run on server Enable-PSRemoting for allow remote connection.
I use credential for user that is Administrator on that server.
Strange thing, that this command is succeeds for credentials of another user on this server, those user is also Administrator.
What I'm missing ?
Thank for any advice
Update:
command Test-WSMan $server is succeeds
try command winrm quickconfigthe system suggested setting up a remote access, after the configuration, the Invoke-Command command was executed without errors
I would be grateful if anyone would explain this behavior
Fun!
When you execute winrm quickconfig the following happens:
Starts the WinRM service
Set the WinRM service type to auto start
Create a listener to accept requests on any IP address
Enable firewall exception for WS-Management traffic (for http only)
This article has additional detail.

Remote scripting credentials

I've a strange problem that I can't understand. Maybe someone will be able to explain it to me.
I'm trying to automate the installation of an app for SharePoint in a multitenant environment. I run the scripts on a remote machine like this:
$session = New-PSSession -Name "Install App Session" -Authentication Credssp -Credential $InstallAccountCredentials -ComputerName $frontend
$installAppScriptPath = Join-Path $currentScriptPath "\SharePoint\InstallApp.ps1"
$job = Invoke-Command -Session $session -FilePath $installAppScriptPath -ArgumentList $customerUrl, $env:COMPUTERNAME -AsJob
Wait-Job $job
Inside the InstallApp.ps1 I invoke the Import-SPAppPackage command but I get an "Access denied.
You do not have permission to perform this action or access this resource." error. However, if I login to the machine with exactly the same credentials that are used as $InstallAccountCredentials and start the script, everything is working perfectly fine. The account that is used for running this script is an tenant admin account.
Is there something I miss in invoking the command?
PowerShell remote doesn't work for a significant portion of the SharePoint cmdlets. Use the client object model instead - you can invoke those methods from PowerShell as needed.

PowerShell remote call. Access is denied

In order to automate test releases, I need access to remote computer in other domain group.
What I've done on remote computer:
run Enable-PSRemoting
set TrustedHosts "*"
added https listener with self-signed certificate
opened 5985 and 5986 ports
So now scripts are running successfuly via PowerShell console.
But when I'm trying to run remote script via TeamCity agent I've been receiving following error:
Connecting to remote server failed with the following error message :
Access is denied. For more information, see the
about_Remote_Troubleshooting Help topic.
TeamCity agent service is running with Local System rights.
Session initialization
$password = ConvertTo-SecureString $appServerPwd -AsPlainText -Force
$appCred = New-Object System.Management.Automation.PsCredential($appServerUser,$password)
$rs = New-PSSession -ComputerName $appServer -Credential $appCred -UseSSL -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck) -Authentication Negotiate
Also when I'm trying to make remote call to domain computer via TeamCity everything works.
Do you have any idea how to solve this issue ?
Dima
I've found the problem, as soon I changed "Local System" user to Administrator user on TeamCity agent service, everything started to work.
So the issues was in rights (starting PSSesion) between "Local System" and Administrator.