I am trying to use PowerShell Remoting to check some disk sizes from a Server in a remote domain, but the commands I am running are failing to work.
The situation is like this:
- Source Server is in Domain A
- Destination Server is in Domain B
- There is no trust in place between these domains
The Server in Domain B is running Exchange 2010, and I can run Exchange 2010 Specific commands against it from Server A using this command:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange –ConnectionUri $ConnectionURI -Credential $Credentials -Authentication Basic
Import-PSSession $Session
The problem is that I can't run any non Exchange commands against this server using this session, if I try then it says that it can't understand the commands. I've checked and running Get-Command with Invoke-Command and the -Session variable set to my established session only returns Exchange commands.
So I thought i'd try to use Invoke-Command and the relevant ComputerName, Authentication type and Credentials, but this is failing:
Invoke-Command -ScriptBlock {Get-Service} -ComputerName "Servername.destination.com" -Credential $Credentials -Authentication "Basic"
This is the error:
[servername.destination.com] Connecting to remote server failed with the following error message : The WinRM client can
not process the request. The authentication mechanism requested by the client is not supported by the server or unencry
pted traffic is disabled in the service configuration. Verify the unencrypted traffic setting in the service configurat
ion or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the computer nam
e as the remote destination. Also verify that the client computer and the destination computer are joined to a domain.
To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name a
nd password. Possible authentication mechanisms reported by server: Negotiate Kerberos For more information, see th
e about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
So I go into the WSMAN config on the Target server and set the relevant settings for allowing Basic Auth and an unencrypted connection:
cd WSMan:\localhost\Service
Set-Item AllowUnencrypted $True
cd .\Auth
Set-Item Basic $True
I also have added the Destination server into the Trusted Hosts of the Source domain server:
cd WSMan:\localhost\Client
Set-Item TrustedHosts servername.destination.com
After doing so, the error changes, but it's not very helpful:
PS WSMan:\localhost\Client> Invoke-Command -ScriptBlock {Get-Service} -ComputerName "servername.destination.com" -Creden
tial $Credentials -Authentication "Basic"
[servername.destination.com] Connecting to remote server failed with the following error message : Access is denied. Fo
r more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
I have also tried using Domain Admin credentials, via -Credential (Get-Credential), but this is failing with the same problem.
The user I am trying to use is a member of the local Admins users on the server in question, so the permissions should already be set on the PSSessionConfiguration containers.
I would love any further pointers with this! I would just use WMI but it's not enabled through the firewalls at the moment.