Jul 25 2022 06:24 AM
Hi,
I'm building a script for checking, downloading and installing updates on Windows Servers, using the PSWindowsUpdate module.
My goal is to go to one server a time, check for updates and write a log file in csv format to a fileshare, so after I can parse that CSV file to do some checks and then apply the updates later on.
The issue is that when running the script (from a server), I get the message:
"Access to the path '\path\filename.csv' is denied."
But if I go directly to the server itself and run the command, it works, as the server has permissions over that folder.
So it's something while I'm running the script remotely that is not right.
I've tried several ways, like:
- Enter-PSSession
- Invoke-Command -ComputerName $server { command }
- Invoke-Command -Session $s -ScriptBlock { command }
So what I am missing here?
Thanks
Jul 25 2022 08:29 AM
Jul 25 2022 08:31 AM
Jul 25 2022 09:41 AM
Jul 26 2022 12:04 AM
Hi
I assume that the user have the correct permission to perform the required action.
Try the following code
$Cred=Get-Credential
Invoke-Command -ComputerName Server1 -ScriptBlock {New-PSDrive -Root '\\FileServer.FQDN.local\MyShare' -PSProvider FileSystem -Name X -Credential $Using:Cred -Persist;Set-Content -Path 'X:\myfile.txt' -Value 'www2w111'}
Jul 26 2022 06:36 AM
Hi,
Thanks. I have the permissions, as I'm using a domain admin for the testing.
I tried your code and it works, but I have some issues. I replaced a part of the code to acomplish my objective. It's like this right now:
$Cred=Get-Credential
Invoke-Command -ComputerName servername -ScriptBlock {New-PSDrive -Root '\\share_ip\WindowsUpdateLogs' -PSProvider FileSystem -Name X -Credential $Using:Cred -Persist; (Get-WUList).GetEnumerator() | Export-Csv -Path "X:\$(hostname)-$(get-date -f dd-MM-yyyy)-WindowsUpdate.log" }
But this works once and then if I try to run it a next time on the same server or a different server I get this error message:
A specified logon session does not exist. It may already have been terminated
+ CategoryInfo : InvalidOperation: (X:PSDriveInfo) [New-PSDrive], Win32Exception
+ FullyQualifiedErrorId : CouldNotMapNetworkDrive,Microsoft.PowerShell.Commands.NewPSDriveCommand
+ PSComputerName : servername
If I leave it for 1h and back for testing, it works again once. So there's something with the expiration of the session which I'm not understanding.
Also, I need to insert this into a cycle to fetch the updates on each server. But if this is running just once, I can't insert it on a cycle.
Thanks in advance.
Jul 27 2022 01:59 AM
I try it on my end, and Yes, the same issue I got
But I notice the following: my file server is a failover cluster, but if I set the write destination to a server node or a single server, the script you provide works fine.
I need to go deeper into this to see what is causing this; for now I think its related to the double-hope issue.
Can you try to write to other node or destination and let me know.
Jul 27 2022 08:28 AM
Hi,
My server is not a cluster, it's a regular VM. Also, I've tried with another share on another server and the issue persists, with same error message.
It's quite odd, as it seems that the session is terminated just after has been established.
Thanks
Jul 27 2022 08:42 AM - edited Jul 27 2022 08:43 AM
I found 2 resource that might help you in your issue
https://github.com/PowerShell/PowerShell/issues/11333
and also check this one
https://support.imanami.com/knowledgebase/article/KA-01005/en-us#:~:text=Go%20to%20Security%20Settin....
Jul 27 2022 09:32 AM
Thanks for the links.
Well, I've tried the parameters "-scope local", but the issue is just the same. In my case, sometimes runs the first time, sometimes doesn't even run the first time.
Also, I've got that option "Network access: Do not allow storage of passwords and credentials for network authentication" already Disabled, so it's not related to that as well.
Also, if I try to remove the PSDrive with the command Remove-PSDrive <Z> it says the drive does not exist, even when it was created.
Do you think if we create a scheduled task to run the commands will the same issue?
Thanks
Jul 27 2022 09:51 AM - edited Jul 27 2022 09:52 AM
No, This is related to a double-hop authentication issue.
if you enable the scheduled task, then the script will be executed from the server itself rather than being called remotely to write to a second hop destination.
Aug 24 2022 11:10 AM