Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I created a Windows VM on Windows Azure with winrm over SSL set.
But, I can't connect it using a powershell script.
When I'm running the following:
Enter-PSSession -ConnectionUri https://myniceapp.cloudapp.net:5986
-Credential "hostname/username"
-SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck)
I'm getting a prompt asking for password and after I type it I manage to connect.
But, when I try to automate it, it always returns with "Access is denied"
$securePassword = ConvertTo-SecureString -AsPlainText -Force "password"
$cred = New-Object System.Management.Automation.PSCredential "hostname/username", $securePassword
Enter-PSSession -ConnectionUri https://myniceapp.cloudapp.net:5986 -Credential $mycreds -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck)
Any ideas?
Edit
The full error looks like this:
Enter-PSSession : Connecting to remote server myniceaspp.cloudapp.net failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession -ConnectionUri https://myniceaspp.cloudapp ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (https:// myniceaspp...udapp.net:5986/:Uri) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
Had similar problems recently. Would suggest you carefully check if the user you're connecting with has proper authorizations on the remote machine.
You can review permissions using the following command.
Set-PSSessionConfiguration -ShowSecurityDescriptorUI -Name Microsoft.PowerShell
Found this tip here:
http://blogs.technet.com/b/heyscriptingguy/archive/2010/11/17/configure-remote-security-settings-for-windows-powershell.aspx
It fixed it for me.
Related
I'm trying to build a script where i'm using delegated admin rights. And what I have working is this.
$ConnectionUri = "https://ps.outlook.com/powershell-liveid?DelegatedOrg=$TenantDefaultDomainName"
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $ConnectionUri -Credential $Office365Credentials -Authentication Basic -AllowRedirection
Import-PSSession $Session -AllowClobber
And this is great and connects just fine but my impression is that it's the old way of doing it as some cmdlets just plain don't work with delegation. An example being that I wanted to get the name of the calendar of a user and tried to do so using
Get-MailboxFolderStatistics -Identity $user -FolderScope Calendar
But I get an error on proxy command saying delegated user should be null. So instead I wanted to try using the new cmdlet but could barely find any information about delegation, following the reference here: https://learn.microsoft.com/en-us/powershell/module/exchange/connect-exchangeonline?view=exchange-ps
I came up with this syntax but it doesn't work at all.
Connect-ExchangeOnline -DelegatedOrganization $TenantDefaultDomainName -Credential $MyOffice365PartnerCredentials
Here's the error i'm getting.
New-ExoPSSession : One or more errors occurred.
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\2.0.4\netFramework\ExchangeOnlineManagement.psm1:475 char
:30
+ ... PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-ExoPSSession], AggregateException
+ FullyQualifiedErrorId : System.AggregateException,Microsoft.Exchange.Management.ExoPowershellSnapin.NewExoPSSession
I opened an issue on GitHub seeing as this couldn't be the intended behaviour and #chrisda came to my rescue with the response
"this is a shot in the dark, but try using the -UserPrincipalName parameter with Connect-ExchangeOnline:"
Connect-ExchangeOnline -DelegatedOrganization $TenantDefaultDomainName -UserPrincipalName <MyOffice365PartnerUPN>
Mysteriously this works and while using connect-exchangeonline you can use all the normal commands like get-mailboxfolderstatistics that don't work with the old partner method I mentioned first in my question. Hope this helps someone other than me, there is no reference for any of this in the MS documentation or any other place on the internet that I could find.
Reference: https://github.com/MicrosoftDocs/office-docs-powershell/issues/7458
I had this error when there was MFA enabled on the account.
The error:
New-PSSession : [{Public IP of my remote server}] Connecting to remote server
{Public IP of my remote server} failed with the following error message :
Access is denied. For more information, see the about_Remote_Troubleshooting
Help topic.
At C:\Scripts\Test.ps1:24 char:12
+ $Session = New-PSSession -Computer $target -Authentication Credssp -C ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
The "about_Remote_Troubleshooting" seems to be referring to this post which I've tried to follow along, but without luck.
I have a scripting server (Server A) that I'm trying to have manage a remote DC with a different hosting company.
DISCLAIMER: Since I've been failing miserably so far, I'm trying to set my configuration to be as wide-open as possible (AKA: temporarily unsecure), so that I can just see it working and then work backwards, tightening my security - as much as I can given that I'm being tasked with CredSSP in the first place... Also, I'm way over my head in this and very new to Powershell. With that in mind...
Configuration I've done on Server A:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value * -Force
Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB -Value 0 -Force
Enable-PSRemoting
Set-ExecutionPolicy Unrestricted
Enable-WSManCredSSP –Role Client –DelegateComputer *
Configuration I've done on Server B:
Enable-PSRemoting
Enable-WSManCredSSP –Role Server
And for kicks, on both machines, I've run gpedit and went under Local Computer Policy → Computer Configuration → Administrative Templates → System → Credentials Delegation... enabled "Allow delegating fresh credentials" and "Allow delegating fresh credentials with NTLM-only server authentication" and added * and wsman/* to the servers list (and a few other possible combinations of IP or computer names for good measure).
So, I can send remote commands to Server B without CredSSP:
This works:
$cred = New-Object System.Management.Automation.PSCredential $username, $securePassword
Invoke-Command -ComputerName $target -Credential $cred -ScriptBlock {
Write-Host $env:computername | Select-Object
}
(Outputs name of Server B)
But if I pass that same $cred into a New-PSSession with CredSSP, that is where the error above occurs.
$Session = New-PSSession -Computer $target -Authentication Credssp -Credential $cred
Server A is able to use CredSSP with a different Domain Controller (in the same network/hosting company). Every article I've gone through seems to lead me to believe that what I've done should work in both cases... What am I missing?
I have one exchange server and a windows 7 machine.
W.R.T remote execution
Server - Exchange Server (Win server 2012)
Client - Win 7 machine
I want to run scripts which are present in client machine on remote machine (exchange/ win server 2012). But these are failing with error cmdlets not found.
So to check quickly i tried to invoke normal powershell cmdlets as well as exchange cmdlets and found that only exchange cmdlets are failing. However if i run same cmdlet on server (exchange) it gives me expected output.
Questions
Won't exchange cmdlets work in remote powershell ?
I tried with different session type having exchange server as connection URL but facing errors there as well.
Attached below sample test outputs.
Help me how to proceed further !!
On remote client (Win 7 machine)
PS C:\Users\Administrator> invoke-command -Session $session -ScriptBlock { ls }
returns:
Directory: C:\Users\Administrator\Documents
Mode LastWriteTime Length Name PSComputerName
---- ------------- ------ ---- --------------
d----- 12/2/2018 12:10 PM WindowsPowerShell 10.76.68.251
But the Exchange cmdlets do not work
PS C:\Users\Administrator> invoke-command -Session $session -ScriptBlock { Get-Mailbox }
The term 'Get-Mailbox' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
the spelling of the name, or if a path was included, verify that the path is correct and try again.
+ CategoryInfo : ObjectNotFound: (Get-Mailbox:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
+ PSComputerName : 10.76.68.251
Server - Exchange / Server 2012
PS C:\Users\Administrator\Downloads\custom scripts> Get-Mailbox
Name Alias ServerName ProhibitSendQuota
---- ----- ---------- -----------------
Administrator Administrator win-j1uti0rc7qp Unlimited
DiscoverySearchMailbox... DiscoverySearchMa... win-j1uti0rc7qp 50 GB (53,687,091,200 bytes)
Test with Exchange Server URL in Connection URI
Test 1
PS C:\Users\Administrator> $session1 = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://10.76.68.251/PowerShell/ -Authentication Kerberos -Credential $credential
Error:
New-PSSession : [10.76.68.251] Connecting to remote server 10.76.68.251 failed with the following error message : The
WinRM client cannot process the request. Kerberos authentication cannot be used when the destination is an IP address.
Specify a DNS or NetBIOS destination or specify Basic or Negotiate authentication. For more information, see the
about_Remote_Troubleshooting Help topic.
At line:1 char:13
+ $session1 = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri h ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo: OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : -2144108277,PSSessionOpenFailed
Test 2
PS C:\Users\Administrator> $session1 = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://10.76.68.251/PowerShell/ -Credential $credential
Error:
New-PSSession : [10.76.68.251] Connecting to remote server 10.76.68.251 failed with the following error message : The
WinRM client cannot process the request. It cannot determine the content type of the HTTP response from the
destination computer. The content type is absent or invalid. For more information, see the
about_Remote_Troubleshooting Help topic.
At line:1 char:13
+ $session1 = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri h ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession],PSRemotingTransportException
+ FullyQualifiedErrorId : -2144108297,PSSessionOpenFailed
Yes, they do, this is a common practice, but what you are doing is not complete enough.
PSRemoting must properly be enabled.
You must pass the
credentials of an account that is an admin on the box and admin in
Exchange
You have to use PSRemoting to do this and that is well documented by Microsoft for not only Exchange on prom but for Exchange Online.
Connect to Exchange servers using remote PowerShell
Connect-O365 1.5.4
If you are using the PowerShell ISE, you can take either of these approaches, just remember to hit that Refresh button on the Commands tabs to see the cmdlets reflected.
How To–Load Exchange Management Shell into PowerShell ISE
Adding Exchange Shell items to PowerShell ISE
$psISE.CurrentPowerShellTab.AddOnsMenu.SubMenus.Add(
"Connect to Exchange # Contoso", {
$ExSession= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exserver.contoso.com/PowerShell/ -Authentication Kerberos
Import-PSSession $ExSession
},
"Control+Alt+1"
)
$psISE.CurrentPowerShellTab.AddOnsMenu.SubMenus.Add(
"Connect to Exchange On-Premise", {
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
. $env:ExchangeInstallPath\bin\RemoteExchange.ps1
Connect-ExchangeServer –auto
},
"Control+Alt+2"
)
$psISE.CurrentPowerShellTab.AddOnsMenu.SubMenus.Add(
"Connect to Exchange Online", {
$o365Cred= Get-Credential
$o365Session= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $o365Cred -Authentication Basic -AllowRedirection
Import-PSSession $o365Session
},
"Control+Alt+3"
)
If you are using the console host, just remove all the ISE stuff.
$ExSession= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exserver.contoso.com/PowerShell/ -Authentication Kerberos
Import-PSSession $ExSession
I tried running the following script to connect to an exchange server but I get the below error. Is anything wrong with the script? Are there any changes to be done from the server end?
Get-ExecutionPolicy
Set-ExecutionPolicy RemoteSigned
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://mail.company.tld/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Error:
New-PSSession : [mail.deloitte.ca] Connecting to remote server mail.deloitte.ca failed with the following error message : The WinRM client sent a request to an HTTP
server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support the WS-Management protocol.
For more information, see the about_Remote_Troubleshooting Help topic.
At line:4 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : URLNotAvailable,PSSessionOpenFailed
Have you checked PowerShellVirtualDirectory as mentioned in this document? It mentions exact same issue.
Assuming your ConnectionUri is correct, most likely PowerShell remoting is not enabled on the target CAS server. You can enable it by running this on the CAS server directly:
Enable-PSRemoting
You may also need to configure the PowerShell virtual directory with:
Set-PowerShellVirtualDirectory "[ServerName]\POWERSHELL (default web site)" -BasicAuthentication $true
I am trying to connect to my O365 Exchange Online but getting WinRM error messages when doing so.
$user = "user#domain.co.uk"
$cred = Get-Credential -Credential $user
$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $cred -Authentication "Basic" -AllowRedirection
when running that I get the following error message:
> New-PSSession : [outlook.office365.com] Connecting to remote server
> outlook.office365.com failed with the following error message : The
> WinRM client cannot process the request. Basic authentication is
> currently disabled in the client configuration. Change the client
> configuration and try the request again. For more information, see the
> about_Remote_Troubleshooting Help topic. At line:1 char:20
> + $exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -Connecti ...
> + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession],
> PSRemotingTransportException
> + FullyQualifiedErrorId : -2144108321,PSSessionOpenFailed
I have looked online around WinRM and basic authentication.
I have enabled basic authentication through GPO but this hasn't done much.
Any information would be great.
Thanks
Looks to me like you have MFA enabled for the admin account - disable that. Cheers.