本地主机的新 PSSession 失败
New-PSSession to localhost fails
我有一个脚本可以打开到本地主机的远程会话。
我需要这个来通过登录脚本在某些设备上安装 NuGet。
$Username = "Admin"
$Password = ConvertTo-SecureString ‘adminPW’ -AsPlainText -Force
$adminCredential = New-Object System.Management.Automation.PSCredential $Username, $Password
$Session = New-PSSession -Credential $adminCredential
Invoke-Command -Session $Session -ScriptBlock {Install-PackageProvider -Name NuGet -Verbose -MinimumVersion 2.8.5.201 -Force}
每次我尝试 运行 时,我都会收到以下错误:
New-PSSession : [localhost] Connecting to remote server localhost failed with the following error message : The client cannot connect to the destination
specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the
WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the
destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
At C:\Users\Mike Holtackers\OneDrive - Foreign Trade Association\Scripts\OutlookSig\getAADconnectionOK.ps1:5 char:12
+ $Session = New-PSSession -ConnectionUri $ConnectionURI -Credential $a ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CannotConnect,PSSessionOpenFailed
运行 winrm quickconfig 没有任何改变...
以下是winrm get winrm/config
的输出
PS WSMan:\localhost\Listener\Listener_1084132640> winrm get winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts = *
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = 194.168.254.1-194.168.254.256 [Source="GPO"]
IPv6Filter [Source="GPO"]
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true [Source="GPO"]
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
检查 winrm 服务是否在您的本地主机上 运行:
PS C:\> Get-Service winrm | ft -AutoSize
Status Name DisplayName
------ ---- -----------
Running winrm Windows Remote Management (WS-Management)
否则 PS 远程处理将不起作用,尽管您已经通过 winrm 配置并通过 Enable-PSRemoting.
启用了 PS 远程处理
问题是有人篡改了防火墙...感谢您的帮助!
基本上防火墙 GPO 阻止了远程管理
以下方法适用于我的案例:
# NOTE: Following is set by Enable-PSRemoting, it prevents UAC and
# allows remote access to members of the Administrators group on the computer.
Set-ItemProperty -Name LocalAccountTokenFilterPolicy -Value 1 `
-Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
有关此设置的详细信息,请参阅 about_Remote_Troubleshooting
中的部分
我有一个脚本可以打开到本地主机的远程会话。 我需要这个来通过登录脚本在某些设备上安装 NuGet。
$Username = "Admin"
$Password = ConvertTo-SecureString ‘adminPW’ -AsPlainText -Force
$adminCredential = New-Object System.Management.Automation.PSCredential $Username, $Password
$Session = New-PSSession -Credential $adminCredential
Invoke-Command -Session $Session -ScriptBlock {Install-PackageProvider -Name NuGet -Verbose -MinimumVersion 2.8.5.201 -Force}
每次我尝试 运行 时,我都会收到以下错误:
New-PSSession : [localhost] Connecting to remote server localhost failed with the following error message : The client cannot connect to the destination
specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the
WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the
destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
At C:\Users\Mike Holtackers\OneDrive - Foreign Trade Association\Scripts\OutlookSig\getAADconnectionOK.ps1:5 char:12
+ $Session = New-PSSession -ConnectionUri $ConnectionURI -Credential $a ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CannotConnect,PSSessionOpenFailed
运行 winrm quickconfig 没有任何改变...
以下是winrm get winrm/config
PS WSMan:\localhost\Listener\Listener_1084132640> winrm get winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts = *
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = 194.168.254.1-194.168.254.256 [Source="GPO"]
IPv6Filter [Source="GPO"]
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true [Source="GPO"]
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
检查 winrm 服务是否在您的本地主机上 运行:
PS C:\> Get-Service winrm | ft -AutoSize
Status Name DisplayName
------ ---- -----------
Running winrm Windows Remote Management (WS-Management)
否则 PS 远程处理将不起作用,尽管您已经通过 winrm 配置并通过 Enable-PSRemoting.
问题是有人篡改了防火墙...感谢您的帮助!
基本上防火墙 GPO 阻止了远程管理
以下方法适用于我的案例:
# NOTE: Following is set by Enable-PSRemoting, it prevents UAC and
# allows remote access to members of the Administrators group on the computer.
Set-ItemProperty -Name LocalAccountTokenFilterPolicy -Value 1 `
-Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
有关此设置的详细信息,请参阅 about_Remote_Troubleshooting
中的部分