INVOKE-COMMAND to remote server works on one server but not another
Hello everyone, I've got a problem with INVOKE-COMMAND where it works with one server but not another. NEX-SUPD106 is a server that runs an application called “ArielDB” on one of the non-production environments of our pension administration system. This non-production system is known as “SUP” and I can use remote desktop to connect to NEX-SUPD106 using the svcOctopusSUP account as it is in the Administrators group. If I run the following code in a PowerShell window on my desktop and supply the password for svcOctopusSUP, it works and the Security event view shows a successful login (image attached). $global:Env="SUP"; $global:CRM_host="NEX-SUPD106" $svcCRMOther_cred = Get-Credential -Credential APACORP\svcOctopus$global:Env $global:CRM_session = New-PSSession -ComputerName $global:CRM_host -Credential $svcCRMOther_cred Invoke-Command -Session $global:CRM_session -ScriptBlock { param($p_Env, $p_CRM_host) write-Output "This is inside the Invoke-Command." } -ArgumentList ($global:Env, $global:CRM_host) This is inside the Invoke-Command. NEX-SUPD118 is a server that runs Microsoft Dynamics CRM for the same “SUP” non-production pension administration environment and I can connect using remote desktop to that server using the svcCRMOtherSUP account as it is in the Administrators group on the server. Weirdly, if I run the same PowerShell code but for the CRM server and CRM account, it fails: $global:Env="SUP"; $global:CRM_host="NEX-SUPD118" $svcCRMOther_cred = Get-Credential -Credential APACORP\svcCRMOther$global:Env $global:CRM_session = New-PSSession -ComputerName $global:CRM_host -Credential $svcCRMOther_cred Invoke-Command -Session $global:CRM_session -ScriptBlock { param($p_Env, $p_CRM_host) write-Output "This is inside the Invoke-Command." } -ArgumentList ($global:Env, $global:CRM_host) New-PSSession : [NEX-SUPD118] Connecting to remote server NEX-SUPD118 failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090322 occurred while using Kerberos authentication: An unknown security error occurred. <lines deleted> At line:3 char:23 + ... M_session = New-PSSession -ComputerName $global:CRM_host -Credential ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException + FullyQualifiedErrorId : -2144108387,PSSessionOpenFailed Invoke-Command : Cannot validate argument on parameter 'Session'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. At line:4 char:25 + Invoke-Command -Session $global:CRM_session -ScriptBlock { + ~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [Invoke-Command], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommand There is something that’s preventing the simple INVOKE-COMMAND from connecting to NEX-SUPD118. The accounts I’m using are both in the local Administrators group on their server and I can connect to each server using the respective account. The same code works on one server but fails on another. Any suggestions on where to look / what to check would be appreciated. Ken
ICM fails on call back to local PC
Hi there. I've an odd issue with Powershell. I discovered that I cannot ICM from the domain controller to a remote workstation - and I also cannot ICM from the actual workstation PC console back to itself. This had been properly configured & working until... (Recent details: We had an SBS 2008 DC, migrated to WS2019. When I finally transferred DNS & DHCP and took the old server offline is when the ICM problem began. Before the SBS 2k8 came offline and the two DCs were still replicating AD & etc., I could ICM from the WS2019 DC with no problem.) Not sure what to make of it. On a side note, the DHCP snap-in strips the domain from the server name and replaces it with 'mshome.net' no matter how many times I delete it and add it back in - and does not allow any interaction. But the Get-DHCPServer(...) cmdlets report all the correct settings, scope, exclusions, etc. - so I've ignored this for the most part.) -------------------------------- Back to the initial question, this is an example of events pulled from WinRM / ICM where the client & destination are the same computer: Thinking perhaps User & Computer domain mismatch? Any ideas? Thanks! P.S. This might be correlated - RDP attempt from the DC to remote PC. Strange error since the DC is the computer being used, but says the DC can't be contacted for NLA.
Powershell DSC not working in remote computer
Hello I recently discovered DSC Resouces and I think it's great, I've started doing senzy tests and I run into this problem: If I run the following code in local it works correctly Invoke-DscResource -Name Registry -ModuleName PSDesiredStateConfiguration -Method set -Property @{ key = "HKLM:\SOFTWARE\ExampleRegistry"; ValueName = "TestData"; ValueType = "String"; ValueData = @("Hola") } If I run the following code on a remote PC Invoke-Command -ComputerName PCXXX -ScriptBlock { Invoke-DscResource -Name Registry -Method Set -Property @{ key = "HKLM:\SOFTWARE\ExampleRegistry"; ValueName = "TestData"; ValueType = "String"; ValueData = @("Hola") } -Verbose -ModuleName PSDesiredStateConfiguration } Failure with error "serialized xml is nested to deeply" From here I have tried with different DSCs, but always with the same error. Has anyone encountered this error? Thank
