PSRemoting in Workgroup (Standalone) Servers

I would like to run the PS Script on multiple Workgroup Machines where PSRemoting is enabled and All required Firewall Ports are opened. If I do Enter-PSSession Localhost it works fine. Problem is during remote execution.

[pre]

$Servers = Get-Content ‘C:\PSRemoting\VMList.txt’
$Scriptpath = ‘C:\PSRemoting\Temp.ps1’
$logfile =‘C:\PSRemoting\log.txt’
$Username = ‘support’
$Password = ‘MYPassword’
$Halt = ‘2’ #This value defines the pause between to execution in secs
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$pass
foreach($s in $Servers)
{
$Credtest = gwmi win32_computersystem -computer $s -credential $cred
If($Credtest -eq $null)
{
Write-Output “$(Get-Date -Format g) : PasswordFailure : $S : Password is not working” | Out-File -FilePath $logfile -Append -Force
} else {

try {
Write-Output “Proccessing $S”
Start-Sleep -s $Halt
Invoke-Command -ComputerName $s -FilePath $Scriptpath -Credential $Cred -ErrorAction Stop -ErrorVariable Err
}
catch {
Write-Output “$(Get-Date -Format g) : ExecutionFailure : $S : Exection Failed with Error: $ERR” | Out-File -FilePath $logfile -Append -Force
}

}
}

[/pre]

In above script $Credtest is success but Invoke is failing with below error:

3/18/2019 11:36 AM : ExecutionFailure : VMNAME: Exection Failed with Error: System.Management.Automation.ActionPreferenceStopException: The running command stopped because the preference variable “ErrorActionPreference” or common parameter is set to Stop: [VMNAME] Connecting to remote server VMNAME failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)
at lambda_method(Closure , Object[] , StrongBox`1[] , InterpretedFrame )

 

Any assistance on above error is much appreciated or any better way to do PSRemoting on Workgroup VM’s.

You have to setup the environment for this and it is well documented in many places over the years…

Enable PowerShell Remoting on a standalone (workgroup) computer https://4sysops.com/archives/enable-powershell-remoting-on-a-standalone-workgroup-computer

PowerShell remoting between two workgroup machines
https://blogs.msdn.microsoft.com/wmi/2009/07/24/powershell-remoting-between-two-workgroup-machines

POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS
http://vcloud-lab.com/entries/active-directory/powershell-ps-remoting-between-standalone-workgroup-computers

PowerShell remoting between two workgroup machines
https://posh2scripting.wordpress.com/2013/06/07/powershell-remoting-between-two-workgroup-machines

Enabling remote Powershell on workgroup computers
https://infrahouse.wordpress.com/2015/10/21/enabling-remote-powershell-on-workgroup-computers

How to setup WinRM in a WorkGroup Non Domain Environment
https://www.paulligocki.com/how-to-setup-winrm-in-a-workgroup-non-domain-environment

See also:

Understanding and troubleshooting WinRM connection and authentication: a thrill seeker's guide to adventure http://www.hurryupandwait.io/blog/understanding-and-troubleshooting-winrm-connection-and-authentication-a-thrill-seekers-guide-to-adventure

WinRM (Windows Remote Management) Troubleshooting Tips
https://support.iportalis.com/en-us/article/1-winrm-windows-remote-management-troubleshooting-tips

Troubleshoot WinRM with PowerShell—Part 1
https://devblogs.microsoft.com/scripting/troubleshoot-winrm-with-powershellpart-1
https://devblogs.microsoft.com/scripting/troubleshooting-winrm-with-powershellpart-2

Learn How to Easily Troubleshoot PowerShell Remoting
https://devblogs.microsoft.com/scripting/learn-how-to-easily-troubleshoot-powershell-remoting

About Remote Troubleshooting
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_remote_troubleshooting?view=powershell-6

@postanote

Thanks for help.

While going through the articles found that issue with source VM trusted host config. After adding * in Trustedhost in Source VM it started working fine.

Once again thanks for guidance.

No worries. Glad they helped.

If this is you now self controlled environment, then doing this ‘adding * in Trustedhost’ is fine, but not something you’d want to do in an enterprise. For risk manager reasons, ‘adding * in Trustedhost’, is not recommended, specifically list the hosts you want to trust.

Holy Cow! I was just getting ready to post a question about this exact topic and this was the top of the heap.

Thanks, I’ll be testing this solution in a couple hrs.

Here was the gist of my problem.

New to Powershell and IT generally

Attempting to collect info from WMI (CIM) classes on a remote computer
Has the same Network (10.0.0.x)
The request is being made from a Win 10 machine
The request is made of a 2016 Win Server EVAL machine
Access is denied unless -Credentials "Administrator" is used
Other users of the Administrator group are denied.
Both machines are visible and accessible via Windows Explorer
Both machines are have been made Trusted Hosts of each other via WinRM
My prefrence is to not to supply credentials for the moment since I'm
just setting up a lab environment
Thanks again