Today I need enable PSRemoting on W2008R2 and Win7:
All VMs are in workgroup.
I have setup same administrator account with same pwd on each VMs.
Run Enable-PSRemoting in powershell with administrator role.
However I still faced following errors:
Error 1:
Set-WSManQuickConfig : Access is denied.
Error 2:
[192.168.23.2] Connecting to remote server failed with the following
error message : The WinRM client cannot process th e request. If the
authentication scheme is different from Kerberos, or if the client
computer is not joined to a domain , then HTTPS transport must be used
or the destination machine must be added to the TrustedHosts
configuration setting. Use winrm.cmd to configure TrustedHosts. Note
that computers in the TrustedHosts list might not be authenticated.
You can get more information about that by running the following
command: winrm help config. For more information, see the
about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
Error 3:
Set-WSManQuickConfig : WinRM firewall exception will not work since
one of the network connection types on this machine is set to Public.
Change the network connection type to either Domain or Private and try
again.
For error 3, run this command:
Set-WSManQuickConfig -SkipNetworkProfileCheck
When you connect your network, it gets set to Public, Private, or Domain. If the current profile is set to Public, Set-WSManQuickConfig will fail with that message. You can either change it (if the system will let you) or skip the profile check.
After google, error are fixed with following solution:
Error 1:
Set-WSManQuickConfig : Access is denied.
Solution:
Run following cmd with administrator role.
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
Error 2:
If the authentication scheme is different from Kerberos, or if the
client computer is not joined to a domain , then HTTPS transport must
be used or the destination machine must be added to the TrustedHosts
configuration setting.
Solution:
Run following cmd on your client machine
Set-Item WSMan:\localhost\Client\TrustedHosts *
Error 3:
Set-WSManQuickConfig : WinRM firewall exception will not work since
one of the network connection types on this machine is set to Public.
Change the network connection type to either Domain or Private and try
again.
Solution:
ref: http://blogs.msdn.com/b/powershell/archive/2009/04/03/setting-network-location-to-private.aspx
Run following ps script with adminsitrator role:
#Skip network location setting for pre-Vista operating systems
if([environment]::OSVersion.version.Major -lt 6) { return }
#Skip network location setting if local machine is joined to a domain.
if(1,3,4,5 -contains (Get-WmiObject win32_computersystem).DomainRole) { return }
#Get network connections
$networkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))
$connections = $networkListManager.GetNetworkConnections()
#Set network location to Private for all networks
$connections | % {$_.GetNetwork().SetCategory(1)}
Related
I’m trying to implement PowerShell remoting (for PowerShell script execution on a remote server).
My remote server is running Windows Server 2008 and PowerShell v2.
From an elevated permission PS console, I have executed the following cmdlet:
Enable-PSRemoting
Returned to console:
WinRM already is set up to receive requests on this machine.
WinRM already is set up for remote management on this machine.
From an elevated PowerShell session on the client machine, I executed the following cmdlet:
Enter-PSSession –ComputerName [remote_server_name]
This time, returned to console:
Enter-PSSession : Connecting to remote server [remote_server_name] failed with the following error message :
The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: “winrm quickconfig”. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter_PSSession –ComputerName [remote_server_name]
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : Invalid/argument: ([remote_server_name]:string) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
I executed the “winrm quickconfig” as per the error message suggestion. Once again, returned to console:
WinRM already is set up to receive requests on this machine.
WinRM already is set up for remote management on this machine.
Retrying
Enter-PSSession –ComputerName [remote_server_name]
from the client machine retrurns the same error.
I double checked that the WinRM service is running on the remote server.
The Windows Remote Management (HTTP-In) firewall rule is configured for TCP protocol, local port 5985 and all remote ports.
Even when I execute
Get-Service WinRM –ComputerName [remote_server_name]
from the client machine, we see returned to console, confirming that the WinRM service is indeed running on the remote server:
Status Name DisplayName
------ ---- -----------
Running WinRM Windows Remote Management (WS-Manag…
Execution of the following command on the remote machine
WinRM Enumerate WinRM/Config/Listener
returns to console, demonstrating the correct port is open:
Listener [Source=”GPO”]
Address = *
Port = 5985
Hostname Enabled = true
URLPrefix = wsman
CertificateThumbprint ListeningOn = null
But, execution of
$remoteServer = [test_server_name]
$port = 5985
$connection = New-Object System.Net.Sockets.TcpClient($remoteServer, $port)
if ($connection.Connected) {
Write-Host "Success"
}
else {
Write-Host "Failed"
}
returns the following error message:
New-Object : Exception calling ".ctor" with "2" argument(s): "No connection could be made because the target machine actively refused it [remote_server_ipaddress]:5985"
At line:4 char:15
+ ... onnection = New-Object System.Net.Sockets.TcpClient($ipaddress, $port ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvocationException
+ FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
I have another remote server, running Windows Server 2012 R2 with PowerShell v4. I have enabled PS remoting on this box without issue and can remotely execute PS scripts from the same client.
So, what am I missing? Is there a possibility that there is a compatibility problem between PowerShell versions?
My client PC is running PowerShell 5, my correctly functioning remote server is running PowerShell 4, my failing remote server is running PowerShell 2.
Insights, guidance, advice very welcome. Thanks for looking.
UPDATE:
I've since updated the .Net Framework on bothe test VMs to .Net 4.7.2 and installed PowerShell 4 on the affected VM (same as the correctly functioning box).
Whilst comparing WinRM related registry entries between my working VM and the affected machine, I found the key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Service
On the working VM, I found a 32-bit 'allow-remote-requests', assigned a value of 1. This entry was missing from the affected machine's registry. I added it, rebooted the machine, retried the connection request.
Still, same problem persists.
It appears that your host machine keeps rejecting the client machine.
Try to get the credentials of the host machine by doing this:
$c = Get-Credential
New-CimSession -ComputerName [name] -Credential $c
And then, put in your username and password of the host.
If that still doesn't work, try to manually add your client as an authorized user on your host.
It seems that the IP address the WinRM service is bound to is important, and is somehow tied to IIS IPs (I could be wrong about this). #Komputer's code gives a good clue, in my case running it for "-ComputerName localhost" didn't work but did when I put in the real server name.
Doing
netstat -aon | find "5985"
returned
TCP 192.168.24.82:5985 0.0.0.0:0 LISTENING 4
which verified that WinRM (port 5985) wasn't bound to localhost (127.0.0.1) nor to all IPs (0.0.0.0). (Note that PID of 4 is not the WinRM service but System, I guess that's how it works). This is configured using netsh http (I don't know if there's another way) but since it also seems to influence the IIS bindings, care should be taken. I resolved this by running
netsh http add ipaddress=127.0.0.1
(I also did iisreset, may not be necessary). This essentially made WinRM accessible through localhost, which I guess is what these tools expect. After this, all the WinRM stuff seems to work.
There's a good post with other possible solutions on Robin CM's IT Blog, and I went into more depth (although some of it not relevant to this) in my own blog post.
I'm getting the following message when trying to connect to an SFTP server from PowerShell using psftp:
Error:
psftp.exe : The server's host key is not cached in the registry. You have no guarantee that the server is the computer you think it is.
The server's rsa2 key fingerprint is:ssh-rsa 2048 41289438190410491
Connection abandoned.
PowerShell script:
$Username = "Username"
$Password = "Password"
psftp.exe sftpserver -l $Username -pw $Password -batch -bc -b C:\batch\download.bat
(psftp.exe is stored in c:\windows\system32)
I've SSH into this server from this server before via PuTTY and WinSCP without issue. However, it won't connect when running via PowerShell.
That message is not an error.
Every SSH/SFTP client needs to verify a host key of a server.
Even PuTTY and WinSCP asked you for sure on your first connection to the server to verify a host key.
Though PuTTY and psftp share a host key cache. Are you sure you used PuTTY on the same machine with the same local Windows account?
Anyway, either:
Run psftp once without the -batch switch. Check the host key and confirm if you trust it. psftp will cache the host key and will work from now on.
Or add -hostkey switch with a fingerprint of trusted hostkey to your psftp command in PowerShell script.
See also Respond y(es) to psftp host key prompt (though the highest-scored answer by #vmitchell85 is wrong, see the answer by #GerriePretorius).
After installing Exchange 2013 on Server 2012, apparently successfully I find that Exchange Management Shell run on the Exchange Server fails with the message:
VERBOSE: Connecting to SERVER2012.WARATAH.LOCAL.
New-PSSession : [server2012.waratah.local] Connecting to remote server server2012.waratah.local failed with the
following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that
the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows
access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote
computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Microsoft.Excha ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
gTransportException
+ FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionOpenFailed
WinRM seems OK when I test with command line WinRM QuickConfig
C:\Users\Administrator\Downloads>winrm quickconfig
WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.
I can ping Server2012.waratah.local OK
I've tried removing Microsoft Security Essentials anti-virus to no avail.
Any other ideas welcome
machineName have tried executing a script using invoke-command in the following way:
Invoke-command -filepath C:\scripts\GettMembers.ps1 -computername "machinename" -credential $Getcredential
But I am getting the following error :
Connecting to remote server failed with the following error message : The WinRM client cannot process the request because the server name cannot be resolved. For more information, see the about_Remote_Troubleshooting Help topic.
But I was able to add the machine to the trusted hosts of the local machine using the following command :
winrm set winrm/config/client `#{TrustedHosts="machineName"}'
The problem appears to be that "machinename" isn't something your DNS knows how to resolve. This isn't a powershell problem, but rather a system configuration problem.
You can verify this by asking powershell to resolve the machine name with something like this:
$machine = "machinename"
[System.Net.Dns]::GetHostEntry($machine)
If you get an error, that means that you're using a machine name that can't be resolved (ie: windows can't convert "machinename" to an IP address). It's not a matter of trust or permissions, it's that your computer doesn't think "machinename" is a valid machine on your network.
Have you tried using a fully qualified address (eg: machinename.mycompany.com)?
I was getting this error on two servers that were configured for DNS and could ping the target. The resolution was this command:
netsh winhttp reset proxy
Credit to the following blog:
http://directaccessguide.com/2014/03/05/winrm-client-errors-in-remote-access-console/
Just installed Exchange 2016 en had the "The WinRM client cannot process the request because the server name cannot be resolved" problem. Removed winhttp proxy setting and BAM!
I have just installed and configured AppFabric cache cluster with one Host (the local machine). I use SQL as the Provider.
When I launch the Caching Administration Windows PowerShell using Administrator privileges,
I got the following error,
Use-CacheCluster : ErrorCode<ERRCAdmin040>:SubStatus<ES0001>:Failed to connect
to hosts in the cluster
At line:1 char:62
+ Import-Module DistributedCacheAdministration;Use-CacheCluster <<<<
+ CategoryInfo : NotSpecified: (:) [Use-CacheCluster], DataCacheE
xception
+ FullyQualifiedErrorId : Microsoft.ApplicationServer.Caching.DataCacheExc
eption,Microsoft.ApplicationServer.Caching.Commands.UseCacheClusterCommand
When I opened the DCacheAdministration.log it shows as below,
Host XXX is Reachable.,DistributedCache.CacheAdmin,Verbose,2013-5-2 13:54:06.042
Failed to read remote registry key from host XXX: Microsoft.ApplicationServer.Caching.DataCacheException: ErrorCode<ERRCAdmin026>:SubStatus<ES0001>:Remote registry access failed on host XXX. Check if the required permissions are available and the host is not down. ---> System.ComponentModel.Win32Exception: The network path was not found at Microsoft.ApplicationServer.Caching.AdminApi.RemoteRegistry64.OpenRemoteConnection(String hostName) at Microsoft.ApplicationServer.Caching.AdminApi.RemoteRegistry64.OpenConnection(String hostName, String registryPath)at Microsoft.ApplicationServer.Caching.AdminApi.CacheAdmin.GetRemoteRegistryKey(String hostName, Boolean writable)
--- End of inner exception stack trace ---
at Microsoft.ApplicationServer.Caching.AdminApi.CacheAdmin.GetRemoteRegistryKey(String hostName, Boolean writable)
at Microsoft.ApplicationServer.Caching.AdminApi.CacheAdmin.GetServerVersion(String hostName),DistributedCache.CacheAdmin,Error,2013-5-2 13:54:08.053
Remote registry Service has been started. Which accounts needs read permission in regedit.exe? I have provided rights for LOCAL SERVICE (as Remote registry service use this as Logon) and for NETWORK SERVICE (Which i have used as Caching Service Account). Do i have to give any other permissions to make Registry key accessible??
Or what are the other things I need to check?
Please Help
I fixed the same issue by enabling the Remote Registry Services and running it. I think AppFabric tries to connect to the remote server (which is local machine) using domain name to manipulate registry.
What exactly do you see in the HOSTNAME reported in the error message "Failed to read remote registry key from host XXX". Is XXX the machine name of the local machine or FQDN of the machine or is it pointing to a totally different machine ???
If it is pointing to the local machine name or the FQDN of the local machine, then try putting an entry in the HOSTS file for the hostname pointing to 127.0.0.1 and see if that helps. If that doesn't then try restarting Remote Registry service and then run Restart-CacheCluster from the same PowerShell Caching Administration window and see if that helps.
It is FQDN. I tried editing the host file also and alos restarted the service and cachecluster, but resulted in the same issue.
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 <My FQDN>