To get PowerShell's remoting capability working fully, you need an extra
'shell', which is supplied by the WinRm. Even after the WinRm service install completes successfully, you
need to tweak its config settings before the remote sessions become
operational.
WinRm is the underlying engine or resource for PowerShell remoting; it is
also the name of the additional executable that you need to download from
the Microsoft Connect site. Once installed, you can access WinRm
directly from the 'DOS' command line, or better still, check and amend
settings with PowerShell's own WSMan: provider.
PowerShell has handy commands to create remote sessions such as
# PowerShell v 2.0 Enter-PSSession -computerName otherMachine
Problem the above command does not work because a WinRm settings
called TrustedHosts needs configuring.
To achieve this goal we need to enter the PowerShell WSMan
namespace. (The other alternative is to use cmd and call for WinRm -?)
Use PowerShell Itself to Control TrustedHosts
Preamble: If you need a refresher on 'cd'
(Change directory) try this at the PowerShell command line, for example: cd c:
or cd c:\windows
PowerShell WSMan
Example - Connect to the 'Client' Sub-folder
Rather than a succession of short steps, we could use one longish path statement. Dir displays the
TrustedHosts settings stored in the client sub-folder.
# PowerShell WSMan
Example cd wsman::localhost\client dir
However, if the above does not work then try this alternative
line-by-line method:
cd wsman: cd localhost\client dir
Please note: cd wsman fails, we need that colon.
cd wsman: (Succeeds now we can access the wsman 'area', 'namespace' or
'drive'.)
TrustedHosts Goal: To set, or change TrustedHosts
so that any machine can connect remotely.
# PowerShell TrustedHosts
Example Set-Item TrustedHosts * Restart-Service WinRm
A more restrictive approach would be to set the value for TrustedHosts to
a named machine.
Set-Item TrustedHosts BigServer
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
SolarWinds'
Network Performance Monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
What I like best is the way NPM suggests solutions to network
problems. Its also has the ability to monitor the health of individual VMware
virtual machines. If you are interested in troubleshooting, and creating
network maps, then I recommend that you try NPM now.
What this does is start the WinRM service and sets the startup type to Automatic.
It is also supposed to enable
a firewall exception for WS-Management communications. However, Guy
believes that sometimes it lies, and you need to configure the firewall
manually.
Enable-PSRemoting also creates a listener to
accept requests on any IP address.
One common problem is ERROR: Access is denied. Solution: Launch
PowerShell with elevated rights, in simple language: Run as administrator.
Try setting TrustedHosts * on BOTH machines, that is the machine
acting as the client as well as the server to which you are trying to
establish a session.
Remember that for once this is a plural TrustedHostS.
Remember to restart the WinRm service, otherwise changes won't take
effect, try: Restart-Service WinRm
Keep your eye on the difference between the namespace WSMan and the
Windows service winrm.
Bizarre and wacky. Try connecting using Remote Desktop.
Bizarrely this may fail on the first attempt but succeed on the second
attempt. Now for the good news, re-try:
# PowerShell v 2.0 Enter-PSSession -computerName otherMachine
Firewalls, PowerShell and "The rpc server is unavailable"
Security experts will hold up the hands in horror at this
suggestion, but if you get the error message: "The rpc server is
unavailable", then I suggest that you turn off the firewall on both
machines.
Now if that works, then great, but follow-up by testing which ports
are involved (135, 445), then try configuring the firewall with
exceptions that allow PowerShell remoting, but retain firewall
protection from other threats.
P.S. I have read that Enable-PSRemoting is supposed to take care of
the firewall settings automatically, but in my experience this was not
always the case.
Guy Recommends: SolarWinds Engineer's Toolset v10
This
Engineer's Toolset v10 provides a comprehensive console of 50 utilities
for troubleshooting computer problems. Guy says it helps me
monitor what's occurring on the network, and each tool teaches me more about how the
underlying system operates.
There are so many good gadgets; it's like having free rein of a
sweetshop. Thankfully the utilities are displayed logically: monitoring,
network discovery, diagnostic, and Cisco tools. Try the SolarWinds Engineer's Toolset now!
To make sure that PowerShell's remoting is not restricted we often need to
check the client settings. For this we can use cmd and WinRm, or better,
PowerShell and WSMan. A common use of this technique is to change the
TrustedHosts from nobody to everybody.
If you like this page then please share it with your friends
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
Windows Management Instrumentation (WMI) is
most useful for PowerShell scripting.
SolarWinds
have produced this
Free WMI Monitor to take the guess work out of which
WMI counters to use for applications like Microsoft Active Directory,
SQL or Exchange Server.
