Need help Enable-PSRemoting

Hi Guys.

I have 78 servers in domain where i have to uninstall SCCM agent manually. So i wrote a script which works fine, and luckily 62 server are done. here is my script,

$computer= Get-Content C:\SCCM\computer.txt
$session =New-PSSession -ComputerName $computer
$scriptBlock= { C:\windows\ccmsetup\ccmsetup.exe /uninstall}
Invoke-Command -Session $session -ScriptBlock $scriptBlock

However, for few servers (probably 10) the script generate error as follows -

New-PSSession : [MachineName] Connecting to remote server MachieName failed with the following error message : The client canno
t connect to the destination specified in the request. Verify that the service on the destination is running and is acceptin
g requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS o
r WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the
WinRM service: “winrm quickconfig”. For more information, see the about_Remote_Troubleshooting Help topic.
At C:\SCCM\SCCMUninstall.ps1:2 char:11

• $session =New-PSSession -ComputerName $computer

•       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : OpenError: (System.Manageme…RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTran
    sportException
  • FullyQualifiedErrorId : CannotConnect,PSSessionOpenFailed
    Invoke-Command : Cannot validate argument on parameter ‘Session’. The argument is null or empty. Provide an argument that is
    not null or empty, and then try the command again.
    At C:\SCCM\SCCMUninstall.ps1:4 char:25
• Invoke-Command -Session $session -ScriptBlock $scriptBlock

•                     ~~~~~~~~
  

  • CategoryInfo : InvalidData: ( [Invoke-Command], ParameterBindingValidationException
  • FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommand

I have already checked and WinRM service is running at destination.
Important point - if i login to machine “MachineName” and execute (Enable-PSRemoting -force) then i’m able to execute my script over remote connection.

My questions - How can i execute (Enable-PSRemoting -force) at the start of my script?

Note- I’ve just started learning powershell scripting, please excuse me for anything found stupid in my note.

Thanks,
Akhtar Nawaz

Hi there Akhtar. What OS is running on these machines? Are they perhaps in a DMZ or segregated environment? Also, select one of the machines and try these commands:

Get-WMIObject -Class Win32_Service -ComputerName

and then

Get-CIMInstance -ClassName Win32_Service -ComputerName

Let me know if one or both fail.

Hi Will,

Thanks for response,
Machine OS version is Server 2008 R2 SP1. These machines are not in DMZ domain (but not 100% sure, I will verify it).

Here is the results of your commands-
1st command ran successfully. but 2nd one (Get-CIMInstance -ClassName Win32_Service -ComputerName) failed. Here is the error message-

PS C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup> Get-CIMInstance -ClassName Win32_Service -ComputerName MachineName
Get-CIMInstance : The WS-Management service cannot process the request. A DMTF resource URI was used to access a non-D
MTF class. Try again using a non-DMTF resource URI.
At line:1 char:1

• Get-CIMInstance -ClassName Win32_Service -ComputerName MachineName

•   + CategoryInfo          : NotSpecified: (root\cimv2:Win32_Service:String) [Get-CimInstance], CimException
    + FullyQualifiedErrorId : HRESULT 0x80338139,Microsoft.Management.Infrastructure.CimCmdlets.GetCimInstanceCommand
    + PSComputerName        : MachineName
  
  

Thanks,
Akhtar Nawaz

OK. So you’re on PowerShell 2.0. Can you verify that Enable-PSRemoting was attempted while running as Administrator? Also, can you verify that you have firewall rules in Windows Firewall enabled to allow 5895?

Try RDP’ing to one of the broken machines and opening a PSSession to one of your verified working machines. See if you get the same result. You can also try a Get-NetTCPConnection from a working machine to the broken one for port 5985 and see what the result is.

Don wrote up a really good eBook for a lot of this as well. The troubleshooting section is pretty thorough.

https://devops-collective-inc.gitbooks.io/secrets-of-powershell-remoting/content/manuscript/diagnostics-and-troubleshooting.html

You cannot use all of PoSH Remoting until you enable it.
There are several cmdlet which can you use without enable PoSH Remoting at all. See this article on that topic.

‘technet.microsoft.com/en-us/library/ff699046.aspx’

Yet, all-in-all, you need to execute on each system the Enable-PSRemoting -Force command before running scripts leveraging PoSH Remoting.

BTW, you can do this via GPO to all systems in the domain.

‘TransIP - Reserved domain’

Or

‘gallery.technet.microsoft.com/scriptcenter/Enable-PSRemoting-Remotely-6cedfcb0’

Or

‘Configure PowerShell Remoting and Use Remote Commands - Scripting Blog’
if you need to turn on Windows PowerShell remoting on an entire organizational unit, domain, or forest, it is better to use Group Policy.

Hi Will,

Yes, i inititade PS as an admin and then Enable-PSremoting was attempted. i found firewall enabled, then i dissabled it. I don’t see any issue at now.I think this is because of PORT, not sure yet. I will check with other couple of machine and will share the update. but thanks again because i can continue my work.

Thanks alot!

Hi there Akhtar,

You can configure the firewall ports to allow HTTP traffic over 5985 and it should work with the firewall enabled.