Solved

Execute PowerShell on Remote Computer

Posted on 2014-01-11
21
1,508 Views
Last Modified: 2014-01-19
I get the following message when executing a powershell on remote computer. The powershell script can be executed on this workstation. Any idea ?


Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x80070
6BA)


On the remote workstation ,the following tasks have been done when it doesn't help.
- WMI & RPC services have been started
- firewall disable
- Enable-PSRemoting -Force
0
Comment
Question by:AXISHK
  • 7
  • 5
  • 5
  • +1
21 Comments
 
LVL 39

Expert Comment

by:footech
ID: 39773061
Have you verified that DNS information is correct?  If you're supplying a name to the -computername parameter, and that name doesn't resolve or resolves to a different IP than you're intending, that could be the problem.
0
 
LVL 5

Expert Comment

by:alicain
ID: 39773068
Hi Axishk,

On the remote computer, you can test if the remoting has been sucesfully enabled with :
 "Enter-PSSession -ComputerName localhost"
That should give you a new PS session - if not that would give further clues.

Remotely, does a "test-wsman" succeed?
   e.g. test-wsman -computername your_server_name_here

If the Enter-PSSession succeeds but the test-wsman fails also returning RPC server is unavailable, can you ping and browse shares etc?

Are both machines members of the same domain?

Regards,
Alastair.
0
 

Author Comment

by:AXISHK
ID: 39773085
On a remote computer
---------------------------------
Windows PowerShell
Copyright (C) 2012 Microsoft Corporation. All rights reserved.

PS C:\Users\Administrator.KTL> Enter-pssession -computername localhost
[localhost]: PS C:\Users\Administrator.KTL\Documents>


On a calling computer (where script will be run)
------------------------------------------------------------------
Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.

PS C:\Users\administrator.KTL> test-wsman -computername 10.0.23.60


wsmid           : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor   : Microsoft Corporation
ProductVersion  : OS: 0.0.0 SP: 0.0 Stack: 3.0



PS C:\Users\administrator.KTL> ping 10.0.23.60

Pinging 10.0.23.60 with 32 bytes of data:
Reply from 10.0.23.60: bytes=32 time<1ms TTL=128
Reply from 10.0.23.60: bytes=32 time<1ms TTL=128

Ping statistics for 10.0.23.60:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
PS C:\Users\administrator.KTL>

On a calling computer running the script
--------------------------------------------------------
PS C:\scripts\chkdisk> .\chkdisk.ps1
Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
At C:\scripts\chkdisk\ChkDisk.ps1:1 char:22
+ $body = Get-WmiObject <<<<  Win32_LogicalDisk -filter "DriveType=3" -computer (Get-Content .\computer.csv) | Select S
ystemName,DeviceID, @{Name="Free (%)";Expression={"{0:N0}" -f (($_.freespace /1gb) / ($_.size /1gb) * 100) }}, @{Name="
Size (GB)";Expression={"{0:N1}" -f($_.size/1gb)}},@{Name="Free (GB)";Expression={"{0:N1}" -f($_.freespace/1gb)}} |
    + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], COMException
    + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
0
 
LVL 5

Expert Comment

by:alicain
ID: 39773502
Thanks AXISH,

So that all looks good and we can see that the script is trying to get the computer name from the file "computer.csv"

Let's look at the computer.csv file next.   Do we have permissions to it?  We could add a line at the start of do a "get-content .\computer.csv" to make sure it can be output OK.

Also worth checking the format of the csv file itself/

We could replace the get-contect .\computer.csv with the machine name directly to make sure it's ok that way.

Regards,
Alastair.
0
 
LVL 39

Expert Comment

by:footech
ID: 39773937
It may be worth noting that the communication from something like
get-wmiobject Win32_LogicalDisk -computername somecomputer
is different than PS Remoting.  It uses WMI and RPC (TCP 135 and dynamic ports) while PS Remoting uses TCP 5985 (when using the default HTTP).  May be helpful when you decide to turn the firewall back on.
0
 

Author Comment

by:AXISHK
ID: 39774054
Firewall has been turned off during the testing and it doesn't help. Hence, I have already turned it on again.

Have completely no idea why these few servers doesn't work....  

Tks
0
 
LVL 5

Expert Comment

by:alicain
ID: 39774075
Have you tried running the command explicitly with the servername rather that via the get-content?

Regards,
Alastair.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39774107
That's a good hint (again). With WMI you will get the RPC error if you provide a wrong address. Get-Content might return more than a computer name only, or additional spaces or other characters.
0
 

Author Comment

by:AXISHK
ID: 39774120
I use IP address and I'm sure there is no typo error or additional space there....

Tks
0
 
LVL 5

Expert Comment

by:alicain
ID: 39774629
So just running a simple oneliner like the following still fails with RPC server unavailable :
   get-wmiobject Win32_LogicalDisk -computername targetcomputername

Are there any errors reported in the security event log of the target machine?

If you are able to put netmon/wireshark on the target machine, if would be interesting to do a trace to ensure that at least some DCOM/WMI communication is taking place.

Is time in sync between to two machines?  As well as connectivity issues, RPC server unavailable can be due to authentication failues resulting from clocks being skewed.

Regards,
Alastair.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:AXISHK
ID: 39775776
The powershell script can be run locally on the remote server. There is no error logged in the security event. And the clock and regional setting is correct.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39775977
And what about    get-wmiobject Win32_LogicalDisk -computername targetcomputername, both on a different and the "local" machine "targetcomputername"?
0
 

Author Comment

by:AXISHK
ID: 39778197
An interesting discovery, if I use host name, it works fine. However, it doesn't work on ip address. Ping test can resolve everything perfect. Any idea ?  Tks

PS C:\scripts\test> get-wmiobject Win32_LogicalDisk -computername portalbi


DeviceID     : A:
DriveType    : 2
ProviderName :
FreeSpace    :
Size         :
VolumeName   :

DeviceID     : C:
DriveType    : 3
ProviderName :
FreeSpace    : 34964590592
Size         : 85530243072
VolumeName   :

DeviceID     : D:
DriveType    : 5
ProviderName :
FreeSpace    :
Size         :
VolumeName   :



PS C:\scripts\test> get-wmiobject Win32_LogicalDisk -computername 10.0.23.60
Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x80070
6BA)
At line:1 char:14
+ get-wmiobject <<<<  Win32_LogicalDisk -computername 10.0.23.60
    + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], COMExcept
   ion
    + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands
   .GetWmiObjectCommand

PS C:\scripts\test> ping portalbi

Pinging portalbi.abc.com.hk [10.0.23.60] with 32 bytes of data:
Reply from 10.0.23.60: bytes=32 time<1ms TTL=128
Reply from 10.0.23.60: bytes=32 time=1ms TTL=128
Reply from 10.0.23.60: bytes=32 time<1ms TTL=128
Reply from 10.0.23.60: bytes=32 time<1ms TTL=128

Ping statistics for 10.0.23.60:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms
PS C:\scripts\test>
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39778832
While I try to find a reason - is that behaviour the same on a remote (<> "portalbi") and the local ("portalbi") PC?
0
 
LVL 39

Expert Comment

by:footech
ID: 39779829
I don't know the reason for this, but the only thing I can think of offhand that changes when you use an IP vs. a name is the authentication type.  Kerberos (unless I'm recalling incorrectly) doesn't work with IP addresses, so NTLM will be used.
0
 
LVL 68

Assisted Solution

by:Qlemo
Qlemo earned 125 total points
ID: 39779911
Yes, Kerberos only works with names, and only in the same domain. But I'm uncertain whether WMI uses Kerberos by default (it's not documented in http://technet.microsoft.com/en-us/library/hh849824.aspx ), but we can force to use NTLM with names:
get-wmiobject Win32_LogicalDisk -computername portalbi -Authority "ntlmdomain:YourDomainHere"

Open in new window

though I would expect an authentication error in that case ...
0
 
LVL 39

Expert Comment

by:footech
ID: 39779993
Does the command succeed if you put a period at the end of the IP?
get-wmiobject Win32_LogicalDisk -computername 10.0.23.60.
0
 
LVL 5

Assisted Solution

by:alicain
alicain earned 125 total points
ID: 39780452
Worth checking that your reverse DNS zone records are correct for this host, that one is record is correctly registered and ensure that there are no stale entries.

Regards,
Alastair.
0
 

Author Comment

by:AXISHK
ID: 39790222
'get-wmiobject Win32_LogicalDisk -computername 10.0.23.60. ' works fine. Any idea ?
0
 
LVL 39

Accepted Solution

by:
footech earned 250 total points
ID: 39790676
See the comment at the very end of this link.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa393720%28v=vs.85%29.aspx

The problem appears to be with incorrect DNS records.  I did a quick network capture and saw that a query like get-wmiobject Win32_LogicalDisk -computername 10.0.23.60 does indeed perform a reverse DNS lookup.  I tried creating a bogus record, but on my machine the query was still successful.  So I can't say I know exactly what is going on, but for many people making sure that your DNS records are correct (both the A and PTR records) was the solution.
0
 

Author Closing Comment

by:AXISHK
ID: 39793529
tks
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This article will help you understand what HashTables are and how to use them in PowerShell.
A procedure for exporting installed hotfix details of remote computers using powershell
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now