Powershell to change RDWEB certificates remotely

Question

About to give up on this and connect locally to each system and run the commands but thought it wise to ask the smart people first.

With my credentials locally this works:

Set-Variable -Name "CBROKE" -Value "vmname01.amgsvcs.net"
Set-Variable -Name "CERTPASS" -Value "wHQTD3w6s"
Set-Variable -Name "CERTPATH" -Value "N:\CERTS\vmname01.domain.com.pfx"
Import-Module RemoteDesktop
$Password = ConvertTo-SecureString -String $CERTPASS -AsPlainText -Force
Set-RDCertificate -Role RDWebAccess -ImportPath $CERTPATH -Password $Password -ConnectionBroker $CBROKE -Force
Set-RDCertificate -Role RDPublishing -ImportPath $CERTPATH -Password $Password -ConnectionBroker $CBROKE -Force
Set-RDCertificate -Role RDRedirector -ImportPath $CERTPATH -Password $Password -ConnectionBroker $CBROKE -Force
Set-RDCertificate -Role RDGateway -ImportPath $CERTPATH -Password $Password -ConnectionBroker $CBROKE -Force

If I try to do this remotely with my same domain admin account using

Enter-PSSession -ComputerName vmname01

I get this in response to each Set-RDCertificate:

Get-RDServer : The RD Connection Broker server is not available. Verify that you can connect to the RD Connection
Broker server.
At C:\windows\system32\WindowsPowerShell\v1.0\Modules\RemoteDesktop\Certificate.psm1:309 char:22
+ ... webaccess = Get-RDServer -ConnectionBroker $ConnectionBroker -Role @( ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-RDServer

Set-RDCertificate : Deployment does not contain an RD Web Access server.
At line:1 char:1
+ Set-RDCertificate -Role RDWebAccess -ImportPath $CERTPATH -Password $ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Set-RDCertificate

I have used the checks from this page https://stackoverflow.com/questions/65022178/run-invoke-command-in-remote-computer-as-administrator and they all return true that the remote console is elevated.

score 0 · Answer 1 · answered Apr 25 '22 at 23:50

0

I realized that these commands don't have to be run locally, they are in effect domain/network type commands and can be run from any machine.

answered Apr 25 '22 at 23:50

4evernoob

135
8

Powershell to change RDWEB certificates remotely

1 Answers1