0

Following on from this question:

Why does my PowerShell script hang when called in PSEXEC via a batch (.cmd) file?

I took the advice from Jim B and installed WinRM. To recap I have two servers:

  • HMon01 - runs Windows 2003 Standard SP2
  • Web1928 - runs Windows 2008 Standard SP2 (not R2)

Both servers are standalone.

I installed WinRM for Windows 2003 from here and configured WinRM as follows on both machines:

Client
    NetworkDelayms = 5000
    URLPrefix = wsman
    AllowUnencrypted = false
    Auth
        Basic = true
        Digest = true
        Kerberos = true
        Negotiate = true
        Certificate = true
    DefaultPorts
        HTTP = 80
        HTTPS = 443
    TrustedHosts = *

The problem I have is that if I remotely execute commands using the remote machine's built in Administrator account then all is well.

However I have an account on the remote machine named remoteexec which is a member of the Administrators group (we disable our Administrator accounts). If I use this account then I get Access Denied errors. I've done all the usual things such as checking passwords and the like.

Why would this be?

Community
  • 1
Kev
  • 7,877
  • 18
  • 81
  • 108
  • so if you run winrm quickconfig on both servers what result do you get? also run this as administrator! – tony roth Apr 23 '10 at 03:20
  • yes thats correct, do this as a test create an account on the monitoring server called remoteexec with the same password as the account on the web server. Do not pass a password with the powershell command if the account is good then pass thru authentication should work. – tony roth Apr 23 '10 at 03:57
  • I'm running this from `CMD.EXE`. I now have two identical accounts on each server (both with the same password and both members of Administrators). If I leave the password out I get prompted for one. If I enter it or leave blank I still get Access Denied. I also tried leaving out the credentials all together, still no joy. – Kev Apr 23 '10 at 04:53
  • on the monitoring server can you do the following logged in as remoteexec dir \\Web1928\c$ – tony roth Apr 23 '10 at 14:26

1 Answers1

2

try installing the latest version of winrm from here on the 2003 box. The ports (by default) should be 5985 for http and 5986 for https. Also note that winrm quickconfig is not available on 2003.

Winrm will run commands based on the user currently accessing the machine. Once you have te 2.0 version installed run from the 2k3 box:

test-wsman -computername web1928 -authentication default

This output should tell you if it can connect properly. If you want to test other credentials use

$cred = get-credential
test-wsman -computername web1928 -authentication default -credential $cred
Jim B
  • 24,081
  • 4
  • 36
  • 60
  • Hi Jim...do I need to install PowerShell 2.0 on the Windows 2003 box or can I still use the command line? Does the Windows 2008 box need upgrading (it's not R2)? – Kev Apr 23 '10 at 05:37
  • For the 2003 box definitely. The same link has the update for 2008 as well. I believe that it's only at 1.1 on 2008 – Jim B Apr 23 '10 at 11:51
  • Jim, thanks for that. I upgraded both machines and it's all magically started working, even from our HostMonitor software. – Kev Apr 23 '10 at 12:36