I have a Power shell script where I invoke a HTTP web request and then parse the response body. On my local, the request is successful and I get an HTTP response code of 200.
However on my windows server 2012, when I am firing the same request via power shell console, I get an exception as below. The url is accessible from browser on my local as well as the windows server.
PS C:\> Invoke-WebRequest -URI https://testsite:8555/results.form
Invoke-WebRequest : ERROR
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL: testsite:8555
Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service
provider if you feel this is incorrect.
Your cache administrator is webmaster.
Generated Mon, 18 Dec 2017 14:05:42 GMT by ip-10-160-129-105 (squid/3.5.20)
At line:1 char:1
+ Invoke-WebRequest -URI https://testsite:8555/dmsl_monitor/results.form
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
I have checked that No proxy is configured in my IE11 browser. Also I am in the administrator group and can invoke the PS script as an administrator.
Keep in mind that when you remote to another machine, you’re passing along a delegated security token. That token cannot, by default, be passed along BY the remote machine. So, you could be running into the “second hop” problem with remoting. It’s hard to say for sure since a dozen things in your environment could be impacting that, but you’ve eliminated what I would say are the “basic” potential causes, and this is the one difference you’ve not covered.
IE, for example, passes credentials along automatically. It could be that the website is configured to demand an identity, and you’re transparently providing one in most of your scenarios, but you can’t across the “second hop.”
I tried passing credentials but still I am getting the same error as mentioned above.
$user = "testuser"
$password = ConvertTo-SecureString "testpassword" -AsPlaintext -Force
$credential = New-Object PSCredential($user, $password)
$credential = Get-Credential
Invoke-WebRequest https://testsite:8555/results.form -Credential $credential
Invoke-WebRequest : ERROR
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL: testsite:8555
Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service
provider if you feel this is incorrect.
Your cache administrator is webmaster.
Generated Tue, 19 Dec 2017 12:44:24 GMT by ip-10-160-131-38 (squid/3.5.20)
At line:1 char:1
+ Invoke-WebRequest -URI https://testsite:8555/dmsl_monitor/results.form
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
My windows server 2012 R2 is hosted on cloud and on a different domain where I have access to the url.
It’s something on the web server wanting some identification that your server can’t present. Either different domain, IP restrictions, firewall, or something. It’s not a PowerShell problem.
My thoughts are as follows… full disclosure, all the below is assuming you are using IIS.
Does you site directory have the proper ACL applied at the file system?
Does you site have the proper mime types defined for what you are asking for?
Does what you are trying o do require directory browsing to be enabled?
What is the AppPool setting, meaning the site identity?
Is you site set for Anonymous auth?
Is your site set for Windows Auth and on what is the auth provider setting, FBA or left at the default of Kerberos/ntlm or was KCD implemented for the site?