Remotely set winrm - access denied
Hello, for some security reason I am unable to configure winrm via PSRemoting.
Invoke-Command -ScriptBlock {winrm get winrm/config/winrs} -ComputerName <server>
WSManFault
+ CategoryInfo : NotSpecified: (WSManFault:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : <server>
Message = Access is denied.
NotSpecified: (:) [], RemoteException
Error number: -2147024891 0x80070005
Access is denied.
I am admin on both sides, PSRemoting otherwise working fine. Just cant set winrm remotely.
TrustedHosts = * on both sides.
Any ideas?
February 19th, 2015 9:46am
Can you try the WSMAN provider to do the equivalent ?
Connect-WSMAN to connect to the WSMAN provider on the remote host and get the information needed.
PS C:\>Connect-WSMan -computer server01
PS C:\Users\testuser> cd wsman:
PS WSMan:\>
PS WSMan:\> dir
WSManConfig: Microsoft.WSMan.Management\WSMan::WSMan
ComputerName Type
------------ ----
localhost Container
server01 Container
I am not sure, what might be causing the above.
February 19th, 2015 11:31am
Using WSMAN I am able to retrieve/change the information I need remotely. Thanks for the tip.
Still being curious about that access denied error though ..
February 19th, 2015 1:11pm
You cannot change the endpoint while using it. WsMan connects directly to the provider. "Invoke-Command" uses the endpoint you are trying to change.
February 19th, 2015 1:36pm
You cannot change the endpoint while using it. WsMan connects directly to the provider. "Invoke-Command" uses the endpoint you are trying to change.
February 19th, 2015 1:58pm
Your test appears to be inconsistent. Your original post and later posts do not match well.
February 19th, 2015 2:04pm
Your test appears to be inconsistent. Your original post and later posts do not match well.
February 19th, 2015 2:19pm
Is this the original issue?
Invoke-Command -ScriptBlock
{winrm get winrm/config/winrs}
-ComputerName <server>
If it is only the "get" that fails then I agree, You seem to be saying you want to change the values.
February 19th, 2015 2:24pm
OK - I ran some tests and it can be used inside of an endpoint connection. Perhaps you have a version mismatch. Can you do some probes and dump the settings.
February 19th, 2015 2:28pm
The issue is, I cannot use invoke-command -scriptblock {winrm .......} (get/set, doesn't matter) on all servers. The only server I can use it against is the server named "server2.testcontoso.com" in test environment.
Server im trying to configure to accept remote settings via invoke-command, has this winrm config
PS C:\winrm get winrm/config
Config
MaxEnvelopeSizekb = 150
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts = *
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 15
EnumerationTimeoutms = 60000
MaxConnections = 25
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = true
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = * [Source="GPO"]
IPv6Filter = * [Source="GPO"]
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 180000
MaxConcurrentUsers = 5
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 15
MaxMemoryPerShellMB = 150
MaxShellsPerUser = 5
And yes, I want to change "maxmemorypershell" value
remotely. Server2 in test environment is allowing me that. Others wont.
February 19th, 2015 2:38pm
What versions? What platform? Group Policy?
February 19th, 2015 2:50pm
What versions? What platform? Gro
February 24th, 2015 2:36pm
.. created .ps1
invoke-command {winrm set winrm/config/winrs `@`{MaxMemoryPerShellMB=`"1024`"`}}
Copied it to remote servers.
Then used schtasks to run it.
Invoke-Expression -Command ("schtasks.exe /F /Create /RU system /sc once /ST 09:20 /tr G:\Scripts\WinRM\WinRM.bat /tn WinRM")
Worked fine.
-
Marked as answer by
Mekac
18 hours 40 minutes ago
March 30th, 2015 8:28am
.. created .ps1
invoke-command {winrm set winrm/config/winrs `@`{MaxMemoryPerShellMB=`"1024`"`}}
Copied it to remote servers.
Then used schtasks to run it.
Invoke-Expression -Command ("schtasks.exe /F /Create /RU system /sc once /ST 09:20 /tr G:\Scripts\WinRM\WinRM.bat /tn WinRM")
Worked fine.
-
Marked as answer by
Mekac
Monday, March 30, 2015 12:27 PM
March 30th, 2015 12:27pm
Other recent topics
