Assuming that I can install apps on the remote PC configure the firewall rules and ports, what whould be the easiest and most secure way to fit the following requirements:
I want to send command lines commands to the destination computer from my msbuild script
Would be nice. The destination computer sends echo of its command execution to the client computer
Related
There is a powershell script on a windows server(2016) that runs basic network connectivity test such as ICMP ping Test-Connection/Test-NetConnection cmdlets against couple of windows servers ~3k. The results of those commands are streamed as events to Splunk http event collector. The target windows servers are located within retail stores spread across the country. The event data which is streamed to Splunk has details such as the hostname, status(online/offline), center-number(basically the retail store identifier). The powershell script is scheduled to run every ten minutes. However it taking a long time to complete a single run. As new stores are opened, this is only going to delay the execution of the script. Now it takes ~20 min. to ping 3k servers.
Can Ansible be leveraged to trigger the powershell script by passing the store/center identifier as a parameter? Due to security restrictions, the in-store servers cannot receive ICMP ping/echo request from any machine. The windows server hosting the powershell script is the only machine which can successfully run ICMP ping commands against the server. With ansible, probably we are thinking that the remote powershell script can be launched in a for loop(of all stores) as a async task perhaps.
The powershell script can run a quick server availability test for a store, stream the result and then quit which is more efficient than having it run for nearly 25 min. The only concern is ansible will be making multiple connections to remote WinRM service on a single windows host. The host has 16 Gb of RAM.
Is this a good approach?
I am using a perl script to log onto a remote router running JUNOS and get few information through the NETCONF port.
I am using the following library in order to do this
Net::Netconf::Manager
Net::Netconf::Device
Net::Netconf::Access
The script runs on the routers present on the same network but is failing to log into the routers that are on different networks, where as i am able to log onto the routers manually through Netconf over ssh.
The arguments I am parsing looks fine. Could any one help me resolve why this is happening.
If I need to do any checks in configuration (configuration looks fine to me) prior to running the script.
I'm testing WinRM connection using Command Prompt on my local and remote machine and my question is devided into two parts.
PART I
I tested TCP/IP connectivity by using ping command to ping : IP Address of local computer and remote computer, default gateway and DNS Server and it runs perfectly on both local and remote computer.
But when testing using WinRM commands, I used this command to locate listeners and addresses
winrm e winrm/config/listener
It gives me this output for my local machine
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn =<IP Address>,127.0.0.1, ::1,fe80::100:7f:fffe%13,fe80::803:5e43:50ef:c50%11
But the same command when I run on remote machine gives me an output with everything else the same, except
Listener[Source="GPO"]
.
.
.
ListeningOn=null
I want to configure it to make it listen correctly.
PART II
And when I run these commands one by one on my remote machine
winrm id -r:<machine name>
winrm get winrm/config -r:<machine name>
winrm get wmicimv2/Win32_Service?Name = WinRM -r:<machine name>
It gives a WSMan Fault with an error message as :
The client cannot connect to the destination specified in the request. Verify
that the service on the destination is running and is accepting requests.Consult
the logs and documentation for WS-Management service running on the destination,
most commonly IIs or WinRM. If the destination is the WinRM service, run the
following command on the destination to analyse and configure the WinRM service:
"winrm quickconfig".
Whereas, same commands when I run on my local machine run correctly.
winrm id
winrm get winrm/config
winrm get wmicimv2/Win32_Service?Name = WinRM
At most, all the problems I'm facing is on my remote machine.
What is causing this to happen and how can I configure it to listen and connect successfully?
Thank You.
Part II, I am now able to run these on one of my other remote machines with correct output.
I made some changes in this particular remote machine for which I had posted the question and so, it wouldn't run these commands until I fix the part I but besides that if nothing has been altered it will run just like it does on my other remote machines.
I would still appreciate if someone could help me with part I in which I have to get rid of
Listener[Source=GPO]
..
.
ListeningOn=null
when I run the command
winrm e winrm/config/listener
because this is what is causing issues but I'm not sure how to disable/remove Group Policy Settings.
To determine which group policy is configuring your WinRM you can run the following from an administrative command prompt:
gpresult /h result.html & result.html
In the displayed result, locate Windows Components/Windows Remote Management (WinRM)/WinRM Service. The Winning GPO is where you can enable/disable GPO settings. Use GPMC (Group Policy Management Console) to manage the Group Policy.
ListeningOn=null appears when an administrator has incorrectly configured the Group Policy IPv4 filter setting in Allow automatic configuration of listeners usually with an IP or network that does not exist on the affected Server.
To reset IP addresses (ListeningOn), you probably need to re-create the listener (remove the old HTTP listener and create a new one). Please find the example below.
In PowerShell:
Remove-WSManInstance winrm/config/Listener -SelectorSet #{Address="*";Transport="http"}
New-WSManInstance winrm/config/Listener -SelectorSet #{Address="*";Transport="http"}
Here is the syntax for the specific IP address to bind:
New-WSManInstance winrm/config/Listener -SelectorSet #{Address="IP:192.168.100.2";Transport="http"}
In Command Prompt:
winrm delete winrm/config/Listener?Address=*+Transport=HTTP
winrm create winrm/config/Listener?Address=*+Transport=HTTP
Further reading:
Three ways to configure WinRM listeners.
The Windows Remote Manager (WinRM) service does not start.
Related question: Allow PowerShell remoting only from one address.
I had the same issue and found that when the GPO Setting: Allow remote server management through WinRM had an IPv4 filter set to the IP address of my jumphost the winrm e winrm/config/listener command generated the ListeningOn=null issue.
I solved this by setting the Filter to * and sorting the permissions on firewall level instead.
I solved this changing a GPO, exactly as answered Neossian (sorry, no reputation to just add a comment). But "IPv4 filter" must not be empty, nor accepts CIDR notation (that was my huge mistake). As already said by Craneum, uses "*" for listen on any interface or some range of IP addresses your local network devices are connected (as "192.168.0.1-192.168.0.254" or something like that).
DO NOT USE "192.168.0.0/24" notation. Yes, the help section is very clear on that, yet I used the wrong notation.
The thing is that the IP Range you are entering is not the range that has access to the system but defines the IP range that can be used as the WinRM interface by the system. Means you have to specify a range of IP addresses which includes all the client IPs the GPO is affecting.
Ensure that you have a filter (IPv4 and/or IPv6) defined in the "Allow remote server management through WinRM" under [Computer Configuration]/[Policies]/[Administrative Templates]/[Windows Components]/[Windows Remote Management (WinRM)]/[WinRM Service].
I would suggest a filter of "*" for both IPv4 and IPv6 unless you know what you want to filter.
I am working on some start-up (pre-logon) code for Windows 7, and would like to be able to debug it (if only to see how it really works, as Microsoft's documentation is terrible).
My environment is VirtualBox on a Linux host, with three Windows VMs (a Windows 2008 domain controller, a Windows 7 dev machine, and a Windows 7 test machine), and I'd like to be able to debug the startup process of the test machine remotely from the dev machine using a virtual serial connection two virtual machines.
[I have, in another life, debugged Linux kernel drivers in one linux VM from another using VMware workstation on a Windows host so I know that this sort of thing is potentially doable.]
I've seen people using windbg to debug Windows in a VirtualBox VM from the host, but I need to do it from a second guest (because my host is non-Windows). Has anyone figured out how to do that?
Edit:
I had tried the obvious approach before I posted. I created a virtual serial port in each VM configuration and attached them both to the same host pipe, to be created by the dev VM (debugger) and used by the test VM (debugee). I then ran
bcdedit /dbgsettings serial debugport:1 baudrate:115200
bcdedit /debug {current} on
in the test VM and shut it down. Ran windbg in the dev VM selected kernel debugging (on the correct serial port) and restarted the test VM. Some messages appeared about not having any symbols available and the test VM hung.
I have since found this article: http://www.benjaminhumphrey.co.uk/remote-kernel-debugging-windbg-virtualbox/ which (although that guy is using a Windows host) seems to describe exactly the method I'd tried, but his test VM doesn't hang. The output I get in the wndbg window is the same as his, but stops before the line staring "Windows XP Kernel ..."
I'm now less sure that this problem is related to VirtualBox and more unsure as to whether I'm using windbg correctly. Any help would be appreciated.
Another Edit I have tried attaching the virtual serial port of the Test VM to a host file, and I get some debugging output in the file. I have tried setting the virtual serial ports of the two VMs to point to a host pipe and running a terminal (rather than WinDbg) in the Dev VM, and I get debugging information in the terminal.
I think I've now determined that this is definitely a problem with WinDbg rather than VirtualBox (I'll remove the virtualbox tag and replace it with windbg) but I'm not sure why WinDbg isn't talking.
More information:
I've just upgrade Upgrading to VirtualBox 4.2.4 (not sure whether the version matters) and have looked at this again.
I rebuilt the test VM and was more patient!
It now seems that the test VM is running - and I do eventually get some output in the windbg window - but it takes about 15 minutes for the debuggee OS to boot! This is clearly not useful for day-to-day kernel debugging. I have no idea why this should be so slow ... there is no perceptible slowdown if I run a simple terminal in the dev VM instead of windbg (though, of course, the debug information is then mostly garbage).
Any ideas?
I realize this is one helluva necro, but...
Have you tried setting up the debugee for kernel-mode network debugging? I'm thinking that the slowdown is in a large part because serial is so g.d. slow.
http://msdn.microsoft.com/en-us/library/windows/hardware/hh439346%28v=vs.85%29.aspx
If/when M$ decides to rot away that link, these parts of above article are what you need to do to get this set up:
Setting Up the Target Computer
To set up the target computer, follow these steps:
Verify that the target computer has a supported network adapter.
Connect the supported adapter to a network hub or switch using standard CAT5 or better network cable. Do not use a crossover cable, and do not use a crossover port in your hub or switch.
In an elevated Command Prompt window, enter the following commands, where w.x.y.z is the IP address of the host computer, and n is a port number of your choice:
bcdedit /debug on
bcdedit /dbgsettings net hostip:w.x.y.z port:n
bcdedit will display an automatically generated key. Copy the key and store it on a removable storage device like a USB flash drive. You will need the key when you start a debugging session on the host computer.
Note We strongly recommend that you use an automatically generated key. However, you can create your own key as described later in the Creating Your Own Key section.
If there is more than one network adapter in the target computer, use Device Manager to determine the PCI bus, device, and function numbers for the adapter you want to use for debugging. Then in an elevated Command Prompt window, enter the following command, where b, d, and f are the bus number, device number, and function number of the adapter:
bcdedit /set "{dbgsettings}" busparams b.d.f
Reboot the target computer.
And to connect to it, use the following steps:
Using WinDbg
On the host computer, open WinDbg. On the File menu, choose Kernel Debug. In the Kernel Debugging dialog box, open the Net tab. Enter your port number and key. Click OK.
You can also start a session with WinDbg by opening a Command Prompt window and entering the following command, where n is your port number and Key is the key that was automatically generated by bcdedit when you set up the target computer:
windbg -k net:port=n,key=Key
If you are prompted about allowing WinDbg to access the port through the firewall, allow WinDbg to access the port for all the different network types.
Using KD
On the host computer, open a Command Prompt window. Enter the following command, where n is your port number and Key is the key that was automatically generated by bcdedit when you set up the target computer:
kd -k net:port=n,key=Key
If you are prompted about allowing KD to access the port through the firewall, allow KD to access the port for all the different network types.
I am looking for a single line email notification solution for linux, but one that would not assume that the machine mail agent was already configured properly.
I want to specify the SMTP server from the command.
Preferably, the solution should run on Debian without having to install new tools.