PowerShell Script test.ps1
This Script contains new-PSSession to Connecting windows server with another windows server using powershell script.
The Script works well by executing on one windows server, But issue occure while executing same script on Gitlab CI/CD
The error is given below gitlab logs :
# Set the remote server details
$remoteServer = "[instance-ip]"
$username = "Administrator"
$password = "[password]"
# Set the name of the service, local file path, remote destination path
$serviceName = "bthserv"
$localFilePath = "C:\Windows\system32\svchost.exe"
$remoteDestination = "C:\Users\Public\Documents"
Set-Item WSMan:\localhost\Client\TrustedHosts -Value $remoteServer -Force
# Create a secure password object
$securePassword = ConvertTo-SecureString -String $password -AsPlainText -Force
# Create a credential object
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, $securePassword
# Establish a remote PowerShell session
$session = New-PSSession -ComputerName $remoteServer -Credential $credential -SessionOption (New-PSSessionOption -SkipCNCheck)
# Stop the service on the remote server
Invoke-Command -Session $session -ScriptBlock {
Param($serviceName)
Stop-Service -Name $serviceName
} -ArgumentList $serviceName
# Copy the file to the remote server
Copy-Item -Path $localFilePath -Destination $remoteDestination -ToSession $session
# Start the service on the remote server
Invoke-Command -Session $session -ScriptBlock {
Param($serviceName)
Start-Service -Name $serviceName
} -ArgumentList $serviceName
# Close the remote session
Remove-PSSession -Session $session
**
New-PSSession : [0.0.0.0](instance ip) Connecting to remote server 0.0.0.0 failed with the following error message :
WinRM cannot process the request. The following error with errorcode 0x8009030d occurred while using Negotiate
authentication: A specified logon session does not exist. It may already have been terminated.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
I want to Execute powershell script on gilab cicd.
If you have faced same use case please reply
Enter-PSSession <IPaddress> -Credential Administrator
$username = "Administrator"
$password = ConvertTo-SecureString "******" -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList($username, $password)
$serverNameOrIp = "*****"
Enter-PSSession -ComputerName $serverNameOrIp -Credential $cred
Enter-PSSession : Connecting to remote server ****** failed with the following error message : WinRM cannot
process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There
are currently no logon servers available to service the logon request.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
At C:\Users\Administrator\Downloads\cred.ps1:6 char:1
+ Enter-PSSession -ComputerName $serverNameOrIp -Credential $cred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (******:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
Please note that remote server is in trusted host list
I have a script in which I’m basically launching an interactive remote pssession to run ad hoc commands in. I want my script to pause until the session ends and then continue processing commands. Unfortunately once I’m connected to my remote host, my script continues to run on the system I launched it from. For example:
enter-pssession -computername $machine -configurationName myConfig -credential $myCred hostname Get date
This all works, but it runs hostname and get-date immediately. I would like my script to pause until my remote session ends before running these commands.
I can’t use invoke-command because the whole point of this script is to collect data, use it to launch an interactive session to run ad hoc commands and then clean up the session config on the remote host after I’m done using it.
I thought this used to be the default behavior when you used enter-pssession in the middle of a script and now I can’t even make it do it. Anyone know what changed or how I can make this happen?
Okay here’s the code. Essentially it creates a remote session config with a credential object passed to it to get around the “second hop” problem with authenticating to systems beyond the remote host. The only thing I’m trying to do after the session is cleanup that remote config so I’m not leaving credentialed sessionConfigs laying all over the place:
Param (
[Parameter(Mandatory=$true)][string]$Machine,
[Parameter(Mandatory=$true)][object]$Credential
)
if ($credential.GetType().name -ne "pscredential") {
write-host
write-host -f red "[ERROR]`t" -nonewline
write-host -f yellow "Invalid credential object"
write-host
$cred = get-credential -message "Enter system credentials"
}
else {
$cred = $credential
}
# create a remote session config that uses the credential passed
Invoke-Command $machine -ScriptBlock { Register-PSSessionConfiguration -Name myCredentialedSession -RunAsCredential $using:cred -Force } -Credential $cred -errorAction SilentlyContinue | out-Null
# sleep to allow previous session config to complete prior to attempting to connect to it
sleep 1
# connect to remote server using the registered session config that contains the cred I passed
Enter-PsSession -ComputerName $Machine -ConfigurationName myCredentialedSession -credential $cred
# This is where I would like the script to wait for my remote session to finish.
# clean up after ourselves so we don't leave credentialed configs laying everywhere
Invoke-Command $machine -ScriptBlock { unRegister-PSSessionConfiguration -Name myCredentialedSession } -Credential $credEnter-PSSession cmdlet allows you to establish a persistent interactive PowerShell session with a remote computer. All commands you enter in your command prompt are executed on the remote computer. In this article, we’ll explain the main features of Enter-PSSession and how it can be used to remotely manage computers running Windows 10/11 and Windows Server 2022/2019/2016.
In the simple case. to establish an interactive PowerShell session with a remote computer, you need to specify only the computer name to connect (the ComputerName option). To connect to a remote computer, just run the command:
Enter-PsSession –ComputerName hq-srv01.woshub.com –Credentials woshub\maxbak
$creds = Get-Credential
Enter-PSSession -ComputerName hq-srv01 -Credential $creds
The output of all commands run remotely is displayed in your local console. You can run the hostname command and make sure that you running it on a remote computer.
You can run any command in this interactive command prompt (according to your privileges).
For example, let’s display the Windows network settings using PowerShell:
You can change DNS settings on the remote computer:
Set-DNSClientServerAddress –InterfaceIndex 6 –ServerAddresses 192.168.13.4, 192.168.100.4
To exit an interactive remote shell session, run Exit-PSSession or exit. The PS prompt will become usual and you will get back to your local PowerShell console:
In Windows Server 2016/2019/2022, PowerShell Remoting is enabled by default (you can see it in Server Manager -> Local Server -> Remote Management = Enabled).
In desktop Windows versions (Win10, Win11), PSRemoting and WinRM are disabled.
You can check if PSRemoting is enabled on your current computer using the command below:
You can test if you can connect to your computer locally via PowerShell Remoting:
Test-WSMan -ComputerName localhost
If the command returns a WSMan schema version, remote connections to the computer using PS Remoting are allowed.
Test-WSMan : <f:WSManFaultxmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2150858770" Machine="srv02"><f:Message>The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".
To enable PowerShell Remoting, run this command:
- Enables WinRM service and set its startup type to Automatic;
- Creates a connection point on the default WinRM port (TCP/5985 for HTTP traffic);
- Adds exceptions for WS-Management to the Windows Firewall (if you’re configuring PSRemoting manually, add a firewall rule using PowerShell or with GPO)
- Allows remote PowerShell sessions
- Restarts the WinRM service
Make sure the WinRM service is running and set to start automatically:
The Enable-PSRemoting command works only for domain and private Windows network profiles. If you want to enable PSRemoting on a computer in a public network, change the network location from Public to Private, or use the command below:
Enable-PSRemoting -SkipNetworkProfileCheck -Force
In an Active Directory domain, the easiest way to centrally configure Windows Remote Management (PSRemoting) on servers and computers is through Group Policy.
Modern PowerShell versions (v6 or v7) support Secure Shell protocol (SSH) to connect to a remote computer over PowerShell Remoting. An SSH connection point must be available on a remote computer (How to enable built-in OpenSSH Server on Windows 10?). You can start an interactive PSRemoting session over SSH using this command:
Or authenticate over SSH using an RSA key:
You can use Enter-PSSession together with New-PSSession:
$s = New-PSSession -ComputerName hq-srv01.woshub.com
Enter-PSSession -Session $s
Enter-PSSession supports several authentication methods. You can set the one you want using -Authentication parameter. Basic, Digest, Kerberos, CredSSP, NegotiateWithImplicitCredential, Negotiate Challenge authentication methods are supported.
In the example above, we showed how to create an interactive Enter-PSSession connection between computers in the same Windows domain (it is enough to specify an FQDN or a short name for the connection, Kerberos authentication is used). If you try to connect to a remote computer using its IP address or CNAME, you will not be authenticated:
Enter-PSSession : Connecting to remote server 192.168.31.12 failed with the following error message: The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated.
To connect to a remote computer using its IP address, you can add the host to the list of trusted hosts (Trusted Hosts) or use SSL for WinRM(it is more secure).
To add an IP address to trusted hosts, run this command:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value 192.168.13.5
You can add a trusted host using a wildcard mask:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value *.woshub.com
To display the list of trusted hosts:
In the same way, you can add your host to the list of trusted hosts on a remote computer.
Restart the service:
To connect to a remote computer using its IP address, run the command below:
The Enter-PSSession and New-PSSession cmdlets create a persistent one-to-one remote session and are used mostly in interactive scenarios. If you want to run scripts or jobs automatically or do something on multiple remote computers simultaneously, use the Invoke-Command command.
I’m trying to pass a parameter to a PSSession.
$value1 = someValue
$session = New-PSSession $serverList
Invoke-Command -Session $session -ScriptBlock { Start-Job -Name jobName1 -ScriptBlock {
param([string] $value1)
Set-ItemProperty HKLM:\Software\someLocation -Name "someName" -Value $value1 #"hardcodeValue"
} -Args $value1
$done = Invoike-Command -Session $session -Command {Wait-Job -Name jobName1}
Get-PSSession | Remove-PSSession
I’m expecting “someValue” to be applied to the Registry on the remote server. If I use “hardcodeValue”, instead of $value1, the Registry is updated.
asked Aug 1, 2023 at 20:37
Your code is overly complicated due to the use of Start-Job inside Invoke-Command. Simply remove it:
$value1 = 'someValue'
Invoke-Command -Session $serverList -ScriptBlock {
param([string] $value1)
Set-ItemProperty HKLM:\Software\someLocation -Name 'someName' -Value $value1
} -ArgumentList $value1
If you want async execution then you have -AsJob:
$value1 = 'someValue'
$job = Invoke-Command -Session $serverList -ScriptBlock {
param([string] $value1)
Set-ItemProperty HKLM:\Software\someLocation -Name 'someName' -Value $value1
} -ArgumentList $value1 -AsJob
# do other stuff here...
$job | Receive-Job -Wait -AutoRemove
You can also use the using: scope modifier which makes it even easier to pass locally defined variables to the remote scope:
$value1 = 'someValue'
Invoke-Command -Session $serverList -ScriptBlock {
Set-ItemProperty HKLM:\Software\someLocation -Name 'someName' -Value $using:value1
}
answered Aug 1, 2023 at 21:08
