Run PS script on remote server

I have a script that checks a service on a remote server if the server is in my domain. I need the script to check the same service in a remote domain and I have not been able to get it to work.

Below is what I have. It works within my domain with out the -credential and -pw entries.

$serviceName = "Task Scheduler";
$serviceStatus = (get-service "$serviceName" -computername Trans -credential Trans\username -pw password).Status;

if ($serviceStatus -ne "Running") {
    Send-MailMessage -From 'TaskScheduler@mycompany.com' -To 'me@mycompany.com' `
  -SmtpServer 'mail.mycompany.com' `
  -Subject 'The Task Scheduler Service is Not Running' `
  -Body  $("The Task Scheduler Service is Not Running:   Status is $serviceStatus `n`
             Please Check the service and restart if necessary. Sent  From server2")`
}
LVL 1
jimmylew52Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

piattndCommented:
What error message do you get when you try to run this against the server in the separate domain?
0
jimmylew52Author Commented:
Get-Service : A parameter cannot be found that matches parameter name 'credenti
al'.
At C:\MonitorFolder\TaskScheduler.ps1:2 char:80
+ $serviceStatus = (get-service "$serviceName" -computername Trans -credenti
al <<<<  Trans\username -pw password).Status;
    + CategoryInfo          : InvalidArgument: (:) [Get-Service], ParameterBin
   dingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Comm
   ands.GetServiceCommand
0
piattndCommented:
What operating system and what powershell version is installed on your PC and the target PC?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

jimmylew52Author Commented:
running from 2003 r2 svr and target is 2008 r2 svr.  Firewall is off on both.
0
piattndCommented:
The powershell get-service command does not support the passing of credentials.  You need to use the WMI object to get the service that way.  This URL explains how to do that.

http://www.signalwarrant.com/2012/08/13/get-service-info-remotely-using-alternate-admin-credentials-powershell/
0
piattndCommented:
Link to MSDN with Get-Service supported commands:

http://technet.microsoft.com/en-us/library/hh849804.aspx

Notice the parameter list does not have a section for credentials.
0
jimmylew52Author Commented:
The link supplied always asks for a password. I do not find any information on adding the password. \\Tried the following but Kerberos does not support local logins so it did not work.

$password = ConvertTo-SecureString "password" -AsPlainText -Force
$cred= New-Object System.Management.Automation.PSCredential ("Trans\userID", $password)
Enter-PSSession -computer Trans -Credential $cred
Get-WMIObject Win32_Service | Where { $_.Name -eq "Task Schedular" }

Still looking for the answer.
0
piattndCommented:
So are you accessing the remote system with a local account relevant to that system or a domain account for the domain the target computer is in?

It should work by doing something similar to this:

$user = "administrator"
$password = "password"

$cred = New-Object System.Management.Automation.PSCredential -ArgumentList $user, $password

Link to TechNet article explaining this (look at scenario 2):

http://gallery.technet.microsoft.com/scriptcenter/Execute-PowerShell-Script-38881dce
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
No, that last code will not work. The password needs to be provided as SecureString, as used in http:#a39534060 .
0
jimmylew52Author Commented:
I keep getting rejected due to kerberos if I use trans\username.  If i use username with out the trans\ in front of it I get rejected due to bad username or bad password.

[trans] Connecting to remote server failed with the following error message
: Logon failure: unknown user name or bad password. For more information, see t
he about_Remote_Troubleshooting Help topic.

Enter-PSSession : Connecting to remote server failed with the following error m
essage : WinRM cannot process the request. The following error occured while us
ing Kerberos authentication: There are currently no logon servers available to
service the logon request.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specifie
d.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does
not exist.
  -The client and remote computers are in different domains and there is no tru
st between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
You can use a (remote) domain account, or have to switch authentication to negotiate; the latter requires to set the TrustedHosts:
set-item WSMan:\localhost\Client\TrustedHosts "Trans"
restart-service winRM
$cred =  New-Object Management.Automation.PSCredential ("Trans\userID", (ConvertTo-SecureString "password" -AsPlainText -Force))
Enter-PSSession Trans -Cred $cred -Authentication Negotiate
Get-WMIObject Win32_Service -Filter {Name = 'winRM'}

Open in new window

However, I've been able to run the remote WMI query directly without changing the authentication:
$cred =  New-Object Management.Automation.PSCredential ("Trans\userID", (ConvertTo-SecureString "password" -AsPlainText -Force))
Get-WMIObject Win32_Service -Filter {Name = 'winRM'} -Computer Trans -Cred $cred

Open in new window

Both were tested from a domain controller to a member PC, but using local (non-domain) credentials as in the example.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jimmylew52Author Commented:
The remote server is not in a domain.  I still get the same "Access Denied" error.

Get-WmiObject : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESS
DENIED))
At C:\MonitorFolder\TaskScheduler.ps1:2 char:14
+ Get-WMIObject <<<<  Win32_Service -Filter {Name = 'Task Scheduler'} -Computer
 Trans -Cred $cred
    + CategoryInfo          : NotSpecified: (:) [Get-WmiObject], UnauthorizedA
   ccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow
   erShell.Commands.GetWmiObjectCommand
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Did the PsSession approach work at least?

The WMI method uses a different Remoting mechanism, and should work no matter if you are in a domain or not, or want to connect to a domain or not.
0
jimmylew52Author Commented:
No matter what I try remotely it gives me access denied.  PSSession also gave me access denied on the login.

Have to take my grandson to soccer practice. I will check in after to see if their are any more suggestions.
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Try credentials without the pc/domain name.
0
jimmylew52Author Commented:
Tried credentials without the domain or server name and I still get access denied. Trying to get the UAC turned off on the client 2008 R2 server to see if that helps.
0
jimmylew52Author Commented:
Here is what is working after turning off UAC:

$cred =  New-Object Management.Automation.PSCredential ("Trans\username", (ConvertTo-SecureString "password" -AsPlainText -Force))
Get-WMIObject Win32_Service -Filter {Name = 'winRM'} -Computer Trans -Cred $cred

$serviceStatus = (get-service "$serviceName").Status;
if ($serviceStatus -ne "Running") {
    Send-MailMessage -From 'Trans@systrends.com' -To 'me@systrends.com' `
  -SmtpServer 'mail.mycompany.com' `
  -Subject 'The Task Scheduler Service is Not Running' `
  -Body  $("The Task Scheduler Service is Not Running:   Status is $serviceStatus `n`
             Please Check the service and restart if necessary. Sent  From monitor .110")`
}

UAC setting was causing the problem with the "Access Denied".
0
jimmylew52Author Commented:
Thanks for the help!
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Strange. UAC should have no effect on WMI.

But the code cannot be correct - you dismiss the (remote) WMI object, and then check the local service.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.