6

So to recap the situation: I am at one computer trying to run powershell using enter-pssession computername, then from the remote session, run the logic below:

$DFSPath = "\\DFSpath.com"
$RDL1 = [char](1+[char](gdr ?)[-1].name)
New-PSDrive -Name $RDL1 -PSProvider FileSystem -Root $DFSPath -Persist -credential domain\UN

The get-variable shows the variables properly. But when I try to create with New-PSDrive, it gives:

New-PSDrive : A specified logon session does not exist. It may already have
been terminated

I did look at this: PowerShell 2.0: Accessing Windows Shares during a Remote Session but wasn't able to get it to work. Also I wouldn't know how to devise it in my script above (which will be run on multiple computers). Is there anything newer? I am using v3 powershell. Thanks so much!

Community
  • 1
  • 1
1BilliumDollars
  • 149
  • 1
  • 3
  • 12
  • Do you know about the dreaded "[Double-Hop](http://blogs.msdn.com/b/clustering/archive/2009/06/25/9803001.aspx)?" If not, then that's your problem. – E.V.I.L. Sep 11 '13 at 16:26
  • I just found that here: http://blogs.msdn.com/b/powershell/archive/2008/06/05/credssp-for-second-hop-remoting-part-i-domain-account.aspx . So that seems to get the session up and running but it normally shows the computername at the "cmdline". So I start copying files like I need to and it just copies from the share to my computer. Thanks! – 1BilliumDollars Sep 11 '13 at 16:41
  • Oh, I didn't pipe into | new-pssession. Thanks BobLobLaw! This is the answer for my issue. Now I need to figure out how to add it into the script:). – 1BilliumDollars Sep 11 '13 at 16:48

1 Answers1

5

From the looks of things it appears that you are experiencing the dreaded "Double-Hop". If you only what to remote to a few computers it's pretty easy to setup the "fix" for the "Double-Hop". On the computers that you want to remote to you need to run the following commands:

Enable-PSRemoting

Enable-WSManCredSSP Server

Then on the computer you want to remote from you need to run the command:

Enable-WSManCredSSP Client –DelegateComputer [<FQDN of the server>][*]

In place of the fully qualified domain name you can put a * instead. That will allow you to send your credentials to any computer (that could be dangerous).

Now how would you work this into a script? There is a command called Invoke-Command. If you look at the parameters of Get-Help Invoke-Command -Parameter *, you'll see that it take a Credential and a Authentication. Here's how you would run a command on multiple computers.

$MyCred = Get-Credential
Invoke-Command -ComputerName Computer1,Computer2 -Credential $MyCred -Authentication Credssp -ScriptBlock {Get-ChildItem $args[0]} -ArgumentList '\\Server\Share' -ErrorAction SilentlyContinue

Now if you'll be remoting onto many machines and you know how to use Group Policy. I'd recommend setting up PSRemoting and enabling WSManCred with the Group Policy.

E.V.I.L.
  • 2,120
  • 13
  • 14
  • Thanks so much! By the looks of it I won't be able to use GPO. I may just have to run the script locally. It's too bad you cannot do Enable-WSMAn CredSSP Server -file C:\computernames.txt with a list like you can the client. – 1BilliumDollars Sep 12 '13 at 13:50
  • it's a pity the second link is broken. – рüффп Jun 21 '21 at 12:05