Kevin M
asked on
Powershelling into remote system fails
We have a script that will connect into machines and check for Windows Updates without rebooting them. We know this process works on another computer but on mine, it fails.
Note: I've verified that the WINRM service is running on both their PC and mine, and that my profile is set to public etc.
I get the following error repeatedly:
[TARGETSERVER] Connecting to remote server TARGETSERVER failed with the following error message : The client cannot
connect to the destination specified in the request. Verify that the service on the destination is running and is
accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most
commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to
analyze and configure the WinRM service: "winrm quickconfig". For more information, see the
about_Remote_Troubleshooti ng Help topic.
+ CategoryInfo : OpenError: (TARGETSERVER:String) [], PSRemotingTransportExcepti on
+ FullyQualifiedErrorId : CannotConnect,PSSessionSta teBroken
Checking for and installing available updates
Install-WindowsUpdate : [TARGETSERVER] Connecting to remote server TARGETSERVER failed with the following error
message : The WinRM client cannot process the request. Default credentials with Negotiate over HTTP can be used only
if the target machine is part of the TrustedHosts list or the Allow implicit credentials for Negotiate option is
specified. For more information, see the about_Remote_Troubleshooti ng Help topic.
At C:\Scripts\EnableRemoteWSU SNoReboot. ps1:80 char:5
+ Install-WindowsUpdate -ComputerName $RemoteMachine -AcceptAll -Ve ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~
+ CategoryInfo : OpenError: (TARGETSERVER:String) [Get-WindowsUpdate], PSRemotingTransportExcepti on
+ FullyQualifiedErrorId : ExplicitCredentialsRequire d,PSSessio nStateBrok en
I am prompted for my domain creds when I connect and everything seems to be running properly.
Note: I've verified that the WINRM service is running on both their PC and mine, and that my profile is set to public etc.
I get the following error repeatedly:
[TARGETSERVER] Connecting to remote server TARGETSERVER failed with the following error message : The client cannot
connect to the destination specified in the request. Verify that the service on the destination is running and is
accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most
commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to
analyze and configure the WinRM service: "winrm quickconfig". For more information, see the
about_Remote_Troubleshooti
+ CategoryInfo : OpenError: (TARGETSERVER:String) [], PSRemotingTransportExcepti
+ FullyQualifiedErrorId : CannotConnect,PSSessionSta
Checking for and installing available updates
Install-WindowsUpdate : [TARGETSERVER] Connecting to remote server TARGETSERVER failed with the following error
message : The WinRM client cannot process the request. Default credentials with Negotiate over HTTP can be used only
if the target machine is part of the TrustedHosts list or the Allow implicit credentials for Negotiate option is
specified. For more information, see the about_Remote_Troubleshooti
At C:\Scripts\EnableRemoteWSU
+ Install-WindowsUpdate -ComputerName $RemoteMachine -AcceptAll -Ve ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (TARGETSERVER:String) [Get-WindowsUpdate], PSRemotingTransportExcepti
+ FullyQualifiedErrorId : ExplicitCredentialsRequire
I am prompted for my domain creds when I connect and everything seems to be running properly.
Run powershell with your admin account and not your standard account.
Run powershell as administrator as well.
ASKER
Done and done--same error. When prompted I even used domain admin, which I am one of, but just to check.
Can you use your own account on a machine that is confirmed to be working to achieve what it is you're trying to do?
Running the same version of powershell?
In the same OU as another machine that works?
is your computer in the same groups?
Can you ping said machine without any issue?
If you're on a laptop, have you tried doing it over a network cable rather that wireless to rule out a VLAN issue?
Thanks
Alex
Running the same version of powershell?
In the same OU as another machine that works?
is your computer in the same groups?
Can you ping said machine without any issue?
If you're on a laptop, have you tried doing it over a network cable rather that wireless to rule out a VLAN issue?
Thanks
Alex
ASKER
Sure, little background: working desktop is Windows 7. My desktop is Windows 10. Both in same OU.
We ran the script from his machine to a different one using his and my credentials, worked fine.
I than ran it on my machine and get this error:
Checking for and installing available updates
Install-WindowsUpdate : (TARGETSERVER: Unknown failure.
At C:\scripts\EnableRemoteWSU SNoReboot. ps1:80 char:5
+ Install-WindowsUpdate -ComputerName $RemoteMachine -AcceptAll -Ve ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~
+ CategoryInfo : PermissionDenied: (:) [Get-WindowsUpdate], Exception
+ FullyQualifiedErrorId : Unknown,PSWindowsUpdate.Ge tWindowsUp date
I am running it as admin.
We ran the script from his machine to a different one using his and my credentials, worked fine.
I than ran it on my machine and get this error:
Checking for and installing available updates
Install-WindowsUpdate : (TARGETSERVER: Unknown failure.
At C:\scripts\EnableRemoteWSU
+ Install-WindowsUpdate -ComputerName $RemoteMachine -AcceptAll -Ve ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (:) [Get-WindowsUpdate], Exception
+ FullyQualifiedErrorId : Unknown,PSWindowsUpdate.Ge
I am running it as admin.
+ CategoryInfo : PermissionDenied: (:) [Get-WindowsUpdate], Exception
Drop yourself into the local admins on that machine and try again.
Drop yourself into the local admins on that machine and try again.
ASKER
Our domain's "Domain Admins" group is in the local admins group on that machine.
I'm wondering if it's not liking the nested group.
the OS on the machine that's working, is it 10 as well?
Thanks
Alex
the OS on the machine that's working, is it 10 as well?
Thanks
Alex
ASKER
Nope, Windows 7., so I may have more recent PowerShell components.
Hi,
To make sure that you have all the right on remote machine try access \\myremotepc\c$ by default only admin can do this and if you are able to do that you should be able to access powershell
also try via PowerShell ISE (Run as administrator) you should see an icone a named Remote PowerShell Tab
To make sure that you have all the right on remote machine try access \\myremotepc\c$ by default only admin can do this and if you are able to do that you should be able to access powershell
also try via PowerShell ISE (Run as administrator) you should see an icone a named Remote PowerShell Tab
I've got no idea at this point, the only thing I can think of is your rights but it works from windows 7.
$Psversiontable on both your destination machine and local machine, see if they are massively out. This is my last guess to be fair.
$Psversiontable on both your destination machine and local machine, see if they are massively out. This is my last guess to be fair.
ASKER
Not a problem, I appreciate all of your input.
From my system:
Name Value
---- -----
PSVersion 5.1.18362.145
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.18362.145
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
System I'm connecting to:
Name Value
---- -----
PSVersion 4.0
WSManStackVersion 3.0
SerializationVersion 1.1.0.1
CLRVersion 4.0.30319.42000
BuildVersion 6.3.9600.19170
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0}
PSRemotingProtocolVersion 2.2
From my system:
Name Value
---- -----
PSVersion 5.1.18362.145
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.18362.145
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
System I'm connecting to:
Name Value
---- -----
PSVersion 4.0
WSManStackVersion 3.0
SerializationVersion 1.1.0.1
CLRVersion 4.0.30319.42000
BuildVersion 6.3.9600.19170
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0}
PSRemotingProtocolVersion 2.2
ASKER
Am I to ascertain that the remote system that says "PSCompatibleVersions {1.0, 2.0, 3.0, 4.0} " means I can't use 5.x?
ASKER
I just tried this process on another Windows 10 machine running the same version of Powershell that I am and it errored out again.
I'm going to try remoting from that machine to the server, just to create another test.
I'm going to try remoting from that machine to the server, just to create another test.
can you run other remote commands on those windows 10 machines? Also for testing purposes can you disable the domain firewall? (please re enable it after testing)
ASKER
Sure, domain firewall disabled, same error. Seems to be choking on this command:
Install-WindowsUpdate -ComputerName $RemoteMachine -AcceptAll -Verbose | ft
($RemoteMachine is the hostname and does get assigned)
Error:
Connecting to remote server ******* failed with the following error message : The
WinRM client cannot process the request. Default credentials with Negotiate over HTTP can be used only if the target
machine is part of the TrustedHosts list or the Allow implicit credentials for Negotiate option is specified.
The person who normally does this says he doesn't edit a TrustedHosts file, but I ran this anyway from https://www.centrel-solutions.com/media/xiaconfiguration/adminguideweb/PowerShellTrustedHosts.html
To trust any machine, use the following command:
Set-Item WSMan:\localhost\Client\Tr ustedHosts –Value * -Force
Once I ran that, and removed any blank lines from the file I use to target the correct hosts, no errors.
He may have run that command so he didn't need to keep adding to the TrustedHosts.
Thanks gents....
Install-WindowsUpdate -ComputerName $RemoteMachine -AcceptAll -Verbose | ft
($RemoteMachine is the hostname and does get assigned)
Error:
Connecting to remote server ******* failed with the following error message : The
WinRM client cannot process the request. Default credentials with Negotiate over HTTP can be used only if the target
machine is part of the TrustedHosts list or the Allow implicit credentials for Negotiate option is specified.
The person who normally does this says he doesn't edit a TrustedHosts file, but I ran this anyway from https://www.centrel-solutions.com/media/xiaconfiguration/adminguideweb/PowerShellTrustedHosts.html
To trust any machine, use the following command:
Set-Item WSMan:\localhost\Client\Tr
Once I ran that, and removed any blank lines from the file I use to target the correct hosts, no errors.
He may have run that command so he didn't need to keep adding to the TrustedHosts.
Thanks gents....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.