"Enable-PSRemoting –force" commnad fails

rated by 0 users
This post has 30 Replies | 3 Followers

Top 100 Contributor
Posts 35
Bader Posted: 02-22-2012 3:19 AM

Hi,

I'm trying to run the "Enable-PSRemoting –force" command in order to enable remote script execution on the Local and Remote machine (Could be a VM).

But I getting the following error message:

I have read the above error message, but I didn't understand what to do.

Can you pleae, expalin to me step by step how to fix the above issue?

Important note: I'm trying to control remotely VMs as explained in the post http://powershell.com/cs/forums/p/8571/14049.aspx#14049.

Regards,

Bader

 

Top 25 Contributor
Posts 341
Top Contributor

One of the networking cards has it's network type set to public. Firewall exceptions do not work with public network type connections (since there are no exceptions for public network).  Change the network connection type to eitehr Domain or Private and try again.

 

Top 100 Contributor
Posts 35

Hi,

 

Thank you very much for the reply,

I'm using the following script in order to add a VM NIC (On HyperV):

Add-VMNIC -vm $vm -VirtualSwitch "MyNet"
How can I set its type to Domain or Private?
Regards,
Bader
Top 10 Contributor
Posts 640

Add-VMNIC only adds the virtual hardware. The public/private setting is in Windows itself, and as far as I know can't currently be configured with PowerShell (not easily in any event). So you'll need to set it within the VM. It isn't a Hyper-V setting.

Top 100 Contributor
Posts 35

Hi,

 

Thank you for your reply,

can you please send me a step-by-step instruction about how to do that manually?

Regards,

Bader

Top 10 Contributor
Posts 640

Well, no :). There's Windows' Help and Microsoft Product Support for that. It's a basic function of the operating system - it's worth taking the time to learn about it. 

There's also Google. Here... that I can help you with: http://bit.ly/yJzofY

Top 100 Contributor
Posts 35
Hi,

Thank you for the reply, I found the problem source.

I used the below script in order to create a seesion between a local machine and the remote one (In my case the VM which I need to control remotely):

Enable-PSRemoting -force
$TestAdminCred1 = New-Object System.Management.Automation.PSCredential -ArgumentList ".\Administrator",$("VMPassword" | ConvertTo-SecureString -AsPlainText -Force)
New-PSSession -ComputerName tempDC1 -Credential $TestAdminCred1
Invoke-Command -ComputerName tempDC1 -FilePath .\tempDC1.ps1

tempDC1.ps1 includes some scripts that are needed to executed on the VM.

The VM username is Administartor and the password is VMPassword.

Can you please explain to me the above error message and to fix it?

Regards,

Bader

Top 10 Contributor
Posts 640

The first error is the important one. The second command didn't work because the New-PSSession command failed.

It's telling you that it was unable to authenticate. Your screen shot doesn't include the entire error message, but it appears as if your machine was unable to contact an authentication server - in a domain environment, that would be an Active Directory domain controller. If you're trying to authenticate to a local machine, then you have to enable an authentication protocol other than Kerberos in WinRM. Read the "about_remote_troubleshooting" help file for information about authenticating WinRM in a non-domain scenario.

Top 100 Contributor
Posts 35

Hi,

Thank you very much for the reply,

I have read that document, but I still have a problem with the credentials. Below is a sample topology of my servers. I have permission to run the script only from MainHost. the MainHost server has a HyperV Manager, so I can see all VMs that belongs to Hyperv54 and HyperV56. Also, I can control that VMs without facing any problem (For example, adding NICs and other operations). But... by trying to control the VM remotely from MainHost using the following script, I get the error message (I attached it in previous post):

$TestAdminCred1 = New-Object System.Management.Automation.PSCredential -ArgumentList "TEMPDC1\Administrators",$("VMPassword" | ConvertTo-SecureString -AsPlainText -Force)
New-PSSession -ComputerName tempDC1 -Credential $TestAdminCred1 

 In the above script, I don't understand how to refer to the required host (HyperV54 or HyperV56).

 

Please, I still need your help regarding this issue.

It is very appreciated to send me the modified script.

Regards,

Bader

Top 10 Contributor
Posts 640

I'm sorry - I don't think I understand what you're trying to do.

A couple of things.

First, create a new credential using Get-Credential, not New-Object. Dunno where you dug up that syntax, but it's unnecessary.

You don't "reference the required host." New-PSSession has no knowledge of virtualization, and it doesn't care. You provide the computer name of the machine you want to establish a session to. New-PSSession will use DNS and Active Directory to locate the machine specified and open a session to it - there's no need to provide its Hyper-V host machine's name. 

In order for Remoting to work using the default settings, both MainHost and tempDC1 must be in the same Active Directory domain. This is because Remoting needs to establish mutual authentication and a secured session. If they are in different domains, then you need to read the "HOW TO ENABLE REMOTING FOR ADMINISTRATORS IN OTHER DOMAINS" section in about_remote_troubleshooting.

The error you're getting is indicating that PowerShell can't establish an authentication for TEMPDC1\Administrators. That's likely because MainHost is in a different domain, or in no domain at all, and PowerShell can't locate a domain controller for the TEMPDC1 domain, or TEMPDC1 server. I'm assuming TEMPDC1 is a machine name; if it isn't a domain controller, then TEMPDC1\Administrators is the correct credentials, but you need to read the "HOW TO CONNECT REMOTELY FROM A WORKGROUP-BASED COMPUTER" section of the about_remote_troubleshooting file.

This is purely a question of authentication. MainHost must be able to contact a logon server for whatever credential you provide, and it's telling you that it cannot do so. 

Top 100 Contributor
Posts 35

Hi,

Thank you for the reply,

1) I have read the HOW TO ADD A COMPUTER TO THE TRUSTED HOSTS LIST section, but I still don't understand how should I refere to the required host and to the required VM, I mean, I need to add a VM called 'tempDC1' which belongs to the hyperv56 host to TRUSTED HOSTS LIST.

I used the following commnad:

$TestAdminCred1 = New-Object System.Management.Automation.PSCredential -ArgumentList "TEMPDC1\Administrators",$("VMPassword" | ConvertTo-SecureString -AsPlainText -Force)
set-item wsman:\localhost\Client\TrustedHosts -Credential $TestAdminCred1 -Value tempDC1 -Force

get-item wsman:\localhost\Client\TrustedHosts

And here is the result:

 

2) How can I execute a function (For example, set IP address) on tempDC1 remotely? I'm not asking you about the script itself, but I'm asking you about how to execute it on tempDC1.

Please, I need your help,

 

Regards,

Bader

 

Top 10 Contributor
Posts 640

On tempDC1, run Enable-PSRemoting and ensure the command runs without error.

On your client computer, where you added tempDC1 to the rusted hosts list, run:

Invoke-command -computer tempdc1 -script { whatever }

"whatever" can be any command or script that is present on tempdc1. Any command or function located in a module must be loaded into memory (eg. Import-Module) first.

The fact that tempdc1 is a virtual machine is not relavent. You do not need hyperv56 involved in any way.

On the front page of PowerShell.com, in the side banners, is advertised a free ebook on PowerShell Remoting. If you haven't read that, consider doing so. It's a very good resource, and it's completely free.

Top 25 Contributor
Posts 341
Top Contributor

Don Jones:
First, create a new credential using Get-Credential, not New-Object. Dunno where you dug up that syntax, but it's unnecessary.

The original syntax uses a simple hack to create a credential object without needing to prompt the user. It's a common approach used in testing, etc. In my classroom(s), "P@ssw0rd" is a commonly used password - so why bother to prompt for it when I can just create credential objects.

Now if you are going to make the point that Get-Credential approach is more secure - well yes there is that. But sometimes convenience and ease of use make security less important.

 

Top 100 Contributor
Posts 35

Hi,

Thank you for the reply,

I got the following error message:

 

Below is my script that I'm using on the HyperV host side:

Enable-PSRemoting –force

$TestAdminCred1 = New-Object System.Management.Automation.PSCredential -ArgumentList "TEMPDC1\Administrators",$("VMPassword" | ConvertTo-SecureString -AsPlainText -Force)
set-item wsman:\localhost\Client\TrustedHosts -Credential $TestAdminCred1 -Value tempDC1 -Force

#Set the IP address, MAC address and DNS
function Set-IPAddress { 
param( [string]$networkinterface = "Wired Ethernet Connection 2", 
[string]$ip = "192.168.0.1", 
[string]$mask = "255.255.255.0", 
[string]$dns1 = "127.0.0.1" 

#Start writing code here 
$dns = "127.0.0.1" 
if($dns2){$dns =$dns1} 
$index = (gwmi Win32_NetworkAdapter | where {$_.netconnectionid -eq $networkinterface}).InterfaceIndex 
$NetInterface = Get-WmiObject Win32_NetworkAdapterConfiguration | where {$_.InterfaceIndex -eq $index} 
$NetInterface.EnableStatic($ip, $mask) 
$NetInterface.SetDNSServerSearchOrder($dns) 

 
$TestAdminCred1 = New-Object System.Management.Automation.PSCredential -ArgumentList "TEMPDC1\Administrators",$("VMPassword" | ConvertTo-SecureString -AsPlainText -Force)
invoke-command -computername tempDC1 -Credential $TestAdminCred1 -scriptblock { Set-IPAddress }

 

Can you please, explain to me why I'm getting the above error and how to solve it?

Regards,

Bader

Top 25 Contributor
Posts 341
Top Contributor

The error message suggests it can't find tempDC1 - you might want to resolve that problem first.

Page 1 of 3 (31 items) 1 2 3 Next > | RSS
Copyright 2012 PowerShell.com. All rights reserved.