2

I am trying to use powershell remote execution on a EC2 server. I have enabled Windows Remote Management on the Server and configured WRM with -quickconfigure.

However when run the example:

$Cred=Get-Credential Invoke-Command -Authentication Negotiate -Credential $Cred -ComputerName <servername>.eu-west-1.compute.amazonaws.com -ScriptBlock {Get-Culture}

I get the error:

Connecting to remote server failed with the following error message : The WinRM client cannot complete the operation within the time specified. Check if the machine name is valid and is reachable over the network and firewall exception for Windows Remote Management service is enabled. For more information, see the about_Remote_Troubleshooting Help topic. + CategoryInfo : OpenError: (:) [], PSRemotingTransportException + FullyQualifiedErrorId : PSSessionStateBroken

I read here in a question that the Server and client both have to be on same domain. Is that really necessary? Do we have other options to interact with non-domain machine using Powershell?

Note: I am aware of PSExec tool.

Anthony Neace
  • 1,031
  • 10
  • 18
Pavan Keerthi
  • 183
  • 7

1 Answers1

3

The server and client do not need to be in the same domain, however, the error message you are getting seems to me to indicate not an authentication error, just a basic networking error. Are there firewalls between you and the WinRM server that may be preventing this communication? Can you telnet to port 5985 on the WinRM server? 5985 is the HTTP port that WinRM uses in 2008 R2.

edit: Also note that you're going to need to add the WinRM server to the TrustedHosts list on your client, but I don't think you've gotten to that point yet.

Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
  • Hi, I tried to TCPing into the ports 5985 and 5986 and I get Socket not Connected error. I have opened these on EC2 Security group and Windows firewall as well .I don't understand the problem .Any ideas? – Pavan Keerthi Mar 03 '12 at 17:01
  • Also I added the EC2 server dns into my laptop trusteddomain list and verified it – Pavan Keerthi Mar 03 '12 at 17:02
  • If you can't telnet to the port, but you're sure that there is a TCP service listening on that port, then it is a firewall issue. A successful test with telnet will connect and you'll get a blank screen, then you hit Ctrl+C to quit and WinRM will give you HTTP "bad request" like data. I don't use Amazon EC2, so I do not know what their procedures are for opening ports to the internet. – Ryan Ries Mar 03 '12 at 17:13
  • 1
    It worked.The configuration on EC2 SecurityGroup had typo.When I corrected it worked like a charm.Thanks for putting me on right track – Pavan Keerthi Mar 03 '12 at 17:25