We have almost 300 servers running in a shared storage setup that requires some delicate management. Intensive disk use on more than a few servers at a time causes performance issues, but that’s what PowerShell is for right?
Unfortunately I’ve hit a snag, it’s most flexible to run this from within a PSSession on a central server, but then I cannot run Invoke-Command. In fact I can’t create any new sessions at all, local or remote, just getting the following error:
[(server)] Connecting to remote server (server) failed with the following error message
: WinRM cannot process the request. The following error with errorcode 0x8009030d occurred while using Negotiate
authentication: A specified logon session does not exist. It may already have been terminated.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
I can only assume this is because you can’t create a session from within a session, but I can’t find any documentation on it or anything online. I’m aware of the double-hop dilemma and am pretty sure it’s not what is happening, I’m providing credentials and the command runs perfectly fine when run outside a session.
Easily replicated with:
Enter-PSSession localhost Invoke-Command -Credential -scriptblock { $env:computername }
Is there any way to allow this? I’d rather not need to set it up in a scheduled task with a database or something.