3

I've got the start of the script to achieve this:

$SecurePassword = ConvertTo-SecureString –String $Password –AsPlainText -Force 
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserName, $SecurePassword
$sess = New-PSSession -ComputerName $IPAddress -Credential $Credential
Invoke-Command -Session $sess -ScriptBlock {Get-Service}
Remove-PSSession -Session $sess

but I'm getting this connection error:

New-PSSession : [xx.xx.xx.xx] Connecting to remote server xx.xx.xx.xx failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.

  • To try and get the script working I have run the Enable-PSRemoting command on both the client and remote servers.
  • As the remote server is not part of a domain, I've added the servers IP address to the TrustedHosts on the client server.

I've been using this page, amongst many others, to try a resolve this issue and as far as I can tell it should be working (or at least not having connection issues).

  • The user I'm connecting to the remote server with is not an administrator but is part of the Remote Managers Group.
  • I've also followed the advice from this question to grant access to the service. I don't think it's getting this far but I wanted to mention it for completeness.

Any answers, advice, suggestions, etc. is greatly appreciated. Thanks.

Community
  • 1
Wayne Scott
  • 41
  • 8
  • Is the windows firewall running on the remote server? If not, how did you disable it? If yes, could you enable logging of blocked connections on the current profile, make a few requests again, then see if any block messages show up? Also, could you include the version of the remote server you're trying to access? – Neil Nov 05 '15 at 05:19
  • Have you tried using CredSSP? – Matt Nov 05 '15 at 22:57
  • 1
    Thanks @NeilT your comment made me go back and take a closer look at the firewall settings which is where I found the issue. – Wayne Scott Nov 06 '15 at 01:17

1 Answers1

1

The problem turn out to be with the firewall settings on the remote server. The HOW TO ADD A FIREWALL EXCEPTION section of the about_Remote_Troubleshooting states:

Enable-PSRemoting attempts to create a firewall exception for WS-Management communications. On server versions of Windows, it creates a firewall exception for all network locations.

which it did do. However if the network profile is Private it only allows connections from servers on the Local Subnet which wasn't the case in my situation. After adding an additional Scope to the firewall rule I was able to connect to the server.

I still had one more issue to resolve as I couldn't get a list of the services using Get-Service but as I know the name of the service I'm stopping I can replace it with Stop-Service. The script now looks like:

$securePassword = ConvertTo-SecureString –String $password –AsPlainText -Force 
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $userName, $securePassword
$sess = New-PSSession -ComputerName $ipAddress -Credential $credential
$scriptBlock = {
    $serviceName = "SeriveName"
    Stop-Service -Name $serviceName
}
Invoke-Command -Session $sess -ScriptBlock $scriptBlock
Remove-PSSession -Session $sess
Wayne Scott
  • 41
  • 8