0

I work at a company where the AD forest has a one-way trust with our DMZ domain (DMZ Trusts Corpnet) when attempting to run the below command from my laptop sitting on the corporate network I am not able to remote into a server sitting in our DMZ. By default winrm quickconfig is run on every server that is setup in the DMZ.

Is there a way to resolve this issue so i can run commands from a computer on my corporate network?

The script that was run:

Invoke-Command -ComputerName Servername.DMZDomain.Company.com -Credential [My Creds] -ScriptBlock {get-UICulture}

The related error that is affecting the remoting session:

-The client and remote computers are in different domains and there is no trust between the two domains.

jamason1983
  • 176
  • 4

3 Answers3

0

The fact that you get a corporate ip doesn't necessary mean that you are on the same subnet / domain.

What kind of access do you have ? You could either create a reverse ssh tunnel from DMZ machines , or using a machine that have access to the DMZ as a proxy.

Nikolaidis Fotis
  • 1,994
  • 11
  • 13
  • I can easily access the server via remote desktop or psexec from my laptop using the same corpnet creds I just get the error when traversing the one-way trust using Enter-PSSession. A reverse SSH tunnel would probably work in this situation is not a truly viable solution as we have quarterly turnaround of the servers and would end up being more effort than it’s worth to set that up on every server every quarter. – jamason1983 Aug 02 '10 at 22:25
  • Can you access the server via ssh ? {Propably yes}. From what you told me, my best guess is that something is wrong with PS authentication configuration (I haven't use it so i can't help you further). By the way, what do you mean when you say that you have "quartely turnaround of the servers" ? That you change servers too often ? If yes, do they have the same characteristics ? In that case i suggest to use some cluster management software. You write the template once and it's automatically deployed every time you add new hardware. – Nikolaidis Fotis Aug 02 '10 at 23:26
0

Have you tried adding the requesting server(s) name(s) to the DMZ servers WinRM Trusted Hosts lists?

winrm set winrm/config/client @{TrustedHosts="servername1,"servername2"}
Helvick
  • 19,579
  • 4
  • 37
  • 55
0

Turns out my issue was that i was not using FQDN in the remoting request.... I was reliying on my "DNS Suffix Search List" to autocomplete the computername which is what caused me to fail.

jamason1983
  • 176
  • 4