We help IT Professionals succeed at work.

Powershelling into remote system fails

We have a script that will connect into machines and check for Windows Updates without rebooting them. We know this process works on another computer but on mine, it fails.
Note: I've verified that the WINRM service is running on both their PC and mine, and that my profile is set to public etc.

I get the following error repeatedly:

[TARGETSERVER] Connecting to remote server TARGETSERVER failed with the following error message : The client cannot
connect to the destination specified in the request. Verify that the service on the destination is running and is
accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most
commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to
analyze and configure the WinRM service: "winrm quickconfig". For more information, see the
about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (TARGETSERVER:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : CannotConnect,PSSessionStateBroken
  Checking for and installing available updates
Install-WindowsUpdate : [TARGETSERVER] Connecting to remote server TARGETSERVER failed with the following error
message : The WinRM client cannot process the request.  Default credentials with Negotiate over HTTP can be used only
if the target machine is part of the TrustedHosts list or the Allow implicit credentials for Negotiate option is
specified. For more information, see the about_Remote_Troubleshooting Help topic.
At C:\Scripts\EnableRemoteWSUSNoReboot.ps1:80 char:5
+     Install-WindowsUpdate -ComputerName $RemoteMachine -AcceptAll -Ve ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (TARGETSERVER:String) [Get-WindowsUpdate], PSRemotingTransportException
    + FullyQualifiedErrorId : ExplicitCredentialsRequired,PSSessionStateBroken

I am prompted for my domain creds when I connect and everything seems to be running properly.
Comment
Watch Question

AlexA lack of information provides a lack of a decent solution.
CERTIFIED EXPERT

Commented:
Run powershell with your admin account and not your standard account.
AlexA lack of information provides a lack of a decent solution.
CERTIFIED EXPERT

Commented:
Run powershell as administrator as well.
Kevin MSystems Engineer

Author

Commented:
Done and done--same error. When prompted I even used domain admin, which I am one of, but just to check.
AlexA lack of information provides a lack of a decent solution.
CERTIFIED EXPERT

Commented:
Can you use your own account on a machine that is confirmed to be working to achieve what it is you're trying to do?

Running the same version of powershell?

In the same OU as another machine that works?

is your computer in the same groups?

Can you ping said machine without any issue?

If you're on a laptop, have you tried doing it over a network cable rather that wireless to rule out a VLAN issue?

Thanks
Alex
Kevin MSystems Engineer

Author

Commented:
Sure, little background: working desktop is Windows 7. My desktop is Windows 10. Both in same OU.
We ran the script from his machine to a different one using his and my credentials, worked fine.
I than ran it on my machine and get this error:
  Checking for and installing available updates
Install-WindowsUpdate : (TARGETSERVER: Unknown failure.
At C:\scripts\EnableRemoteWSUSNoReboot.ps1:80 char:5
+     Install-WindowsUpdate -ComputerName $RemoteMachine -AcceptAll -Ve ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (:) [Get-WindowsUpdate], Exception
    + FullyQualifiedErrorId : Unknown,PSWindowsUpdate.GetWindowsUpdate

I am running it as admin.
AlexA lack of information provides a lack of a decent solution.
CERTIFIED EXPERT

Commented:
+ CategoryInfo          : PermissionDenied: (:) [Get-WindowsUpdate], Exception


Drop yourself into the local admins on that machine and try again.
Kevin MSystems Engineer

Author

Commented:
Our domain's "Domain Admins" group is in the local admins group on that machine.
AlexA lack of information provides a lack of a decent solution.
CERTIFIED EXPERT

Commented:
I'm wondering if it's not liking the nested group.

the OS on the machine that's working, is it 10 as well?

Thanks
Alex
Kevin MSystems Engineer

Author

Commented:
Nope, Windows 7., so I may have more recent PowerShell components.
Christian KAZADiIT Support Level 2
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Hi,

To make sure that you have all the right on remote machine try access \\myremotepc\c$ by default only admin can do this and if you are able to do that you should be able to access powershell

also try via PowerShell ISE (Run as administrator) you should see an icone a named  Remote PowerShell Tab
AlexA lack of information provides a lack of a decent solution.
CERTIFIED EXPERT

Commented:
I've got no idea at this point, the only thing I can think of is your rights but it works from windows 7.

$Psversiontable on both your destination machine and local machine, see if they are massively out. This is my last guess to be fair.
Kevin MSystems Engineer

Author

Commented:
Not a problem, I appreciate all of your input.

From my system:
Name                           Value                                                                                                                                                                                                
----                           -----                                                                                                                                                                                                
PSVersion                      5.1.18362.145                                                                                                                                                                                        
PSEdition                      Desktop                                                                                                                                                                                              
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                                                                                              
BuildVersion                   10.0.18362.145                                                                                                                                                                                      
CLRVersion                     4.0.30319.42000                                                                                                                                                                                      
WSManStackVersion              3.0                                                                                                                                                                                                  
PSRemotingProtocolVersion      2.3                                                                                                                                                                                                  
SerializationVersion           1.1.0.1  

System I'm connecting to:

Name                           Value                                                                                                                                                                                                
----                           -----                                                                                                                                                                                                
PSVersion                      4.0                                                                                                                                                                                                  
WSManStackVersion              3.0                                                                                                                                                                                                  
SerializationVersion           1.1.0.1                                                                                                                                                                                              
CLRVersion                     4.0.30319.42000                                                                                                                                                                                      
BuildVersion                   6.3.9600.19170                                                                                                                                                                                      
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0}                                                                                                                                                                                
PSRemotingProtocolVersion      2.2
Kevin MSystems Engineer

Author

Commented:
Am I to ascertain that the remote system that says  "PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0}                  "  means I can't use 5.x?
Kevin MSystems Engineer

Author

Commented:
I just tried this process on another Windows 10 machine running the same version of Powershell that I am and it errored out again.

I'm going to try remoting from that machine to the server, just to create another test.
Sean BravenerSenior Information Technology Consultant
CERTIFIED EXPERT
Awarded 2019
Distinguished Expert 2019

Commented:
can you run other remote commands on those windows 10 machines?  Also for testing purposes can you disable the domain firewall? (please re enable it after testing)
Kevin MSystems Engineer

Author

Commented:
Sure, domain firewall disabled, same error.  Seems to be choking on this command:
Install-WindowsUpdate -ComputerName $RemoteMachine -AcceptAll -Verbose | ft
($RemoteMachine is the hostname and does get assigned)

Error:
Connecting to remote server *******  failed with the following error message : The
WinRM client cannot process the request.  Default credentials with Negotiate over HTTP can be used only if the target
machine is part of the TrustedHosts list or the Allow implicit credentials for Negotiate option is specified.

The person who normally does this says he doesn't edit a TrustedHosts file, but I ran this anyway from https://www.centrel-solutions.com/media/xiaconfiguration/adminguideweb/PowerShellTrustedHosts.html

To trust any machine, use the following command:
Set-Item WSMan:\localhost\Client\TrustedHosts –Value * -Force

Once I ran that, and removed any blank lines from the file I use to target the correct hosts, no errors.
He may have run that command so he didn't need to keep adding to the TrustedHosts.

Thanks gents....
Systems Engineer
Commented:
See above--many thanks to the community.