I have a remote server that contains a Data directory which contains some folders/files i want to delete (based on name match)
Suppose the actual server is: D2WP68JVM.domain.com and lets say i have a CName for that server: server1.domain.com
I have a database table thats populated with the server containing these folders/files but as a CName server1.domain.com for easier user readability/maintenance…because its much easier to identify an alias server than the actual server name with all the alphanumeric it has in the server its pointing to D2WP68JVM.domain.com.
the problem lies with connecting remotely to the CName to remove the files
[server1.domain.com] Connecting to remote server server1.domain.com failed with the following error message : WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer server1.domain.com. Verify that the computer exists on the network and that the name provided is spelled correctly. For more information, see the about_Remote_Troubleshooting Help topic. + CategoryInfo : OpenError: (server1.domain.com:String) [], PSRemotingTransportException + FullyQualifiedErrorId : NetworkPathNotFound,PSSessionStateBroken
so is it at all possible to connect with CName? only using the actual server works...
Simple answer, Nope, nor could you use an A/AAAA record alias either. They both will fail by default.
Also, before you might ask, No, adding them to the trusted host list does not change that failure state.
How do I know this, been there, done that, gave up on it.
You should be able to pass the -Credential parameter and explicitly give admin credentials to run Invoke-Command with a cname. This should be the same if you are trying to use an IP address.
Please read the docs from Microsoft. I am able to use cnames in my org as well as IP addresses using the credential parameter.
From Microsoft docs: "
Type the NETBIOS name, IP address, or fully qualified domain name of one or more computers in a comma-separated list. To specify the local computer, type the computer name, localhost, or a dot (.).
To use an IP address in the value of ComputerName, the command must include the Credential parameter. Also, the computer must be configured for HTTPS transport or the IP address of the remote computer must be included in the WinRM TrustedHosts list on the local computer. For instructions for adding a computer name to the TrustedHosts list, see “How to Add a Computer to the Trusted Host List” in about_Remote_Troubleshooting."
The key to this is depending on the entry of the Set-Item command, when running Invoke-Command, the name must match what is in the trusted hosts or it will not work.
The key to this is depending on the entry of the Set-Item command, when running Invoke-Command, the name must match what is in the trusted hosts or it will not work.
Just be aware this sets the trusted hosts to every machine on the domain and is not recommended at all. Make sure you clear the trusted after you have tested and only add the computers you need.
Just be aware this sets the trusted hosts to every machine on the domain and is not recommended at all. Make sure you clear the trusted after you have tested and only add the computers you need.
pwshliquori
[/quote]
ok so i added it to trusted host and i also used credential, now i get this error:
The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: “winrm quickconfig”. For more information, see the about_Remote_Troubleshooting Help topic.
i went to the server and checked winrm, it says this:
WinRM service is already running on this machine. WinRM is already set up for remote management on this computer.
There may be other logs on why this failed besides the error you see in the console.
Questions:
Is the firewall enabled?
Which version of Windows are you using?
Did you try restarting the WinRM service?
pwshliquori
[/quote]
Is the firewall enabled?
Firewall is only enabled against going from development to test environment or production. However for now I am just trying to get this to work for dev server to dev server, in which the firewall is loose or open for this
[quote quote=148607]Can you try running the Invoke-Command against the cname again and use -port 5985 ? Port 5985 is the default HTTP listener port for WinRM.
[/quote]
Actually I think its already trying thru that port, because when I checked the configuration of wine, it showed 5985/5986 (I thing 86 is https)
You are correct, just trying to force it through and troubleshoot with you. If you are testing dev to dev server, can you try to temporarily disable the firewall and test it out? Just to rule out the firewall is not an issue?
[quote quote=148610][/quote]
I have turned off firewall on server1.domain.com and still error persisted. i also turned off firewall on the utility (development) server and the error still persisted. also, there is already an exception created for the WinRM service and its ports, so we can definitely rule out its not a firewall issue