Remote registry query - powershell

I am trying to get a registry value from a remote machine but everything I have tried did not work.
Both machines are running windows 7 x64, they are on the same domain, firewall off, powershell 4.0
when I run :
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine", "APPS-EUAUTO1")
$key = $reg.OpenSubkey('SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion')
Write-Host $key.GetValue('InstallDate')
i get
Exception calling "OpenRemoteBaseKey" with "2" argument(s): "The network path was not found.
"
At C:\Users\User\Desktop\test.ps1:1 char:1
+ $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine", "APPS-EU ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : IOException
I know nothing of .Net and I have only played with PowerShell for the last month.
I have also tried the module PSRemoteRegistry and when I am using Get-RegValue I get the same error message (I think it is using the same thing)

Assuming you can ping APPS-EUAUTO1(and it resolves to correct IP) and firewall is off.. make sure Remote Registry service is running on your APPS-EUAUTO1

Related

Copy-Item throws Null reference exception

I am trying to copy a file from Guest Linux VM to Host Hyper V windows machine.
I am using powershell to copy the file from guest vm(linux) to Host(windows).
Write-Host "$session, $TestLogPath, $destLogs" #all variables are valid and not null
Copy-Item -FromSession $session -Path $TestLogPath/Test.txt -Destination $destLogs
I get the following error while doing that:
Object reference not set to an instance of an object.
+ CategoryInfo : NotSpecified: (:) [Copy-Item], NullReferenceException
+ FullyQualifiedErrorId : System.NullReferenceException,Microsoft.PowerShell.Commands.CopyItemCommand
+ PSComputerName : 10.218.10.13
I am not sure what this error is since the desired file is copied successfully from Linux VM to Windows Host.
Any one has any idea why this error is shown despite file copied successfully from Linux VM to Host machine.

Powershell posh-ssh and cisco

I am having some issues getting command to work with posh-ssh and Cisco gear.
Commands are pretty simple;
New-SSHSession -ComputerName 10.10.101.240 -Port 22
Will connect fine, and will give me an ID.
I then try
Invoke-SSHCommand -SessionId 0 -Command "show version"
but I always get
Exception calling "EndExecute" with "1" argument(s): "An established connection was aborted by the server."
At C:\Program Files\WindowsPowerShell\Modules\Posh-SSH\2.0.2\Posh-SSH.psm1:266 char:25
+ $Output = $_.cmd.EndExecute($_.Async)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : SshConnectionException
I have tried different hosts and different PCs.
I can, however, use $sshsession.write() and $sshsession.read() and I can talk to the switch fine.
Can anyone point out what I am doing wrong here?

PowerShell Double Hop Issue

I’m trying to run a PowerShell script on SYSTEM1, which executes robocopy on SYSTEM2, copying files to SYSTEM3,4,5,etc.
SYSTEM1 and SYSTEM2 are on the same domain, but SYSTEM2 is not behind a firewall (hence the need to run robocopy from SYSTEM2 and not SYSTEM1).
SYSTEM3,4,5 are on different domains than SYSTEM2, as well as different domains than each other.
I set the script up like this (it uses the net use command to prompt the user for credentials for the different domains):
Foreach($server in $servers) {
$command = {
param($cred, $server);
$error.clear();
# Stored credentials in local variables
$user = $cred.GetNetworkCredential().username
$pass = $cred.GetNetworkCredential().password
#establish connection from SYSTEM2-> $server
net use \\$server\c$\Deployments /delete
net use \\$server\c$\Deployments /USER:$user $pass
# Check to see if C:\Deployments exists on server, and if not create it.
if ((Test-Path \\$server\c$\Deployments) -eq $FALSE) {
$c = {
New-Item \\$server\c$\Deployments -type directory
}
$ws = Invoke-Command -ComputerName $server -Credential $cred -ScriptBlock $c
}
# Copy over the deployment packages
$dest = "\\$server\Deployments\$DeploymentDate\$CurrentDirectoryName"
robocopy $CurrentDirectoryPath $dest /W:20 /R:15 /e /XF CopyPackage.ps1
# Delete connection from SYSTEM2 -> $server
net use \\$server\c$\Deployments /delete
However, the net use command returns an error after the credentials are entered:
The network connection could not be found.
+ CategoryInfo : NotSpecified: (The network con...d not be found.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : SYSTEM2
More help is available by typing NET HELPMSG 2250.
System error 55 has occurred.
+ CategoryInfo : NotSpecified: (System error 55 has occurred.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : SYSTEM2
The specified network resource or device is no longer available.
[SYSTEM3] Connecting to remote server failed with the following error message : WinRM cannot process the request. The
following error occured while using Kerberos authentication: There are currently no logon servers available to service
the logon request.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
+ PSComputerName : SYSTEM2
The network connection could not be found.
+ CategoryInfo : NotSpecified: (The network con...d not be found.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : SYSTEM2
More help is available by typing NET HELPMSG 2250.
I’ve read this could be a “double-hop” issue (as detailed here), but I’m not sure how to edit the script to use CredSSP instead of Kerberos (or if this is even the problem).
Any ideas?
Posting this solution in case someone is still having an issue with a simple resolution to DoubleHop without using CredSSP.
Try this out:
https://www.powershellgallery.com/packages/Invoke-PSSession
It Invokes a PSSession, then Registers a PSSessionConfiguration with the Credentials that you provided. Basically providing the credentials for that DoubleHop
Then use Invoke-Command with that new PSSession. It should have the required privileges to do what you need.

Remote Powershell Access denied for certain dll's execution for Sharepoint 2013

I am attempting to automate a sharepoint 2013 deployment via remote powershell from the build server. Everything executes as expected except when having anything to do with some class in sharepoint dll's such as (Microsoft.SharePoint.Publishing, Microsoft.SharePoint.Publishing.Navigation.WebNavigationSettings)
If I run the same script locally under the same credentials it runs fine.
I have considered the below:
The user has full admin right on both machines
Disabled UAC on the remote server
Followed the required Remote Powershell steps in thig post (http://social.technet.microsoft.com/Forums/sharepoint/en-US/09b60466-5432-48c9-aedd-1af343e957de/user-cannot-be-found-when-using-invokecommand-newspsite-on-sharepoint)
I set powershell to run as admin by defualt via the registry (New-Item -Path "Registry::HKEY_CLASSES_ROOT\Microsoft.PowershellScript.1\Shell\runas\command" -Force -Name '' -Value '"c:\windows\system32\windowspowershell\v1.0\powershell.exe" -noexit "%1"')
Script Code:
#Set the radio buttons value
$settings = New-Object Microsoft.SharePoint.Publishing.Navigation.WebNavigationSettings (,$rootWeb)
$settings.GlobalNavigation.Source = [Microsoft.SharePoint.Publishing.Navigation.StandardNavigationSource]::PortalProvider
#Set the radio buttons value
$settings.CurrentNavigation.Source = [Microsoft.SharePoint.Publishing.Navigation.StandardNavigationSource]::PortalProvider
write-host "I am here.........................."
$settings.Update()
#Set the Publishing Web
$SPPubWeb = [Microsoft.SharePoint.Publishing.PublishingWeb]::GetPublishingWeb($rootWeb)
#Global Navigation Settings
$SPPubWeb.Navigation.InheritGlobal = $false
$SPPubWeb.Navigation.GlobalIncludePages = $false
The Remote Powershell output is as below:
I am here..........................
Exception calling "Update" with "0" argument(s): "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : UnauthorizedAccessException
+ PSComputerName : Contoso-DEVSP
Exception setting "GlobalIncludePages": "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
+ CategoryInfo : NotSpecified: (:) [], SetValueInvocationException
+ FullyQualifiedErrorId : ExceptionWhenSetting
+ PSComputerName : Contoso-DEVSP
Many thanks in advance
You need to check CredSSP authentication. Remote PowerShell execution with SharePoint fails as the second hop translates the credentials to system credentials. If the task involves querying or updating DB server, it will fail as SYSTEM account will not have access the remote PowerShell on SQL Server. You need to enable CredSSP.
Check this blog post I wrote a while ago. This is not specific to SharePoint but it should apply to your scenario as well.
http://www.ravichaganti.com/blog/?p=1230

Powershell stop-service error: cannot find any service with service name

I'm working on a script to deploy vendor software to a large environment. The first step is to stop the services in question. The script executes fine in our test environment, but I'm not an admin in the production environment so I'm convinced it's a permissions issue. I can't get admin rights to the prod environment so I need to try to find out anything that I may need to set to grant permissions to stop services remotely. I'm issuing the following command to stop services:
Stop-Service -InputObject $(Get-Service -Computer $destination.Server -Name ("moca."+$destEnv))
When I run the script I get:
Cannot find any service with service name 'moca.WMSPRD'.
+ CategoryInfo : ObjectNotFound: (moca.WMSPRD:String) [Get-Service], ServiceCommandException
+ FullyQualifiedErrorId : NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.GetServiceCommand
Cannot validate argument on parameter 'InputObject'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
+ CategoryInfo : InvalidData: (:) [Stop-Service], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.StopServiceCommand
The service definitely exists and if I rdp into the target box and issue the stop-service command locally it will execute. So there is something preventing me from stopping the service remotely. Any ideas?
Edit:
A coworker suggested using WMI so tried replacing the Stop-Service line with:
(Get-WmiObject -computer $destination.Server Win32_Service -Filter ("Name='moca."+$destEnv+"'")).InvokeMethod("StopService",$null)
and I get:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
+ CategoryInfo : NotSpecified: (:) [Get-WmiObject], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
If you know the exact service name you can try this
(Get-WmiObject -computerName $_.name Win32_Service -Filter "Name='moca'").StopService()
Here im assuming that the service name is moca
Is DCOM working on the remote computer? I know how to do it with remote powershell, which uses wsman:
invoke-command comp001 { stop-service adobearmservice }