PSRemoting Ports

Hello Team,

I am struggling to find a proper answer about PSRemoting, hope you can help me.

I want to connect a non trusted domain controller using PSremoting. I’ll authenticate in that domain controller with a user from that remote domain only. Firewall devices are exists in the network. Which ports need to be open for communication?

As per document I have opened 5985 port at firewall and at client have added the domain in trusted host list, also added IP details in host file as there is no DNS. I am able to establish connection (verified using netsh) but authentication is getting failed saying invalid username or password. Could you please guide me further? (Credential is correct).

I want to execute cmdlets like get-aduser, gpo, replicationmetadata etc through PSremoting session. I want to open only those ports those are really required. Your guide may help me a lot.

Thanks.

Roy.

5986 for WASMAN over HTTPS is required for untrusted domains
Also see eBook: Secrets of PowerShell Remoting – PowerShell.org

Thats okay. But I think, kerberos or NTLM ports need to be opend for authentication, but not getting confirmation from anywhere.

Could you confirm that 5985/6 can perform the authentication?

Going through the book as well, but nothing found about it. I am using trusted host, so 5986 will not be applicable for me.

Anyway, please let me know if you have any update.

Regards,

Roy.

I can confirm 5986 is what I’ve been able to connect to a different domain using credential from that domain. Simply allowed that one port from our wan ip. I’m not sure it’s required like Sam said, but I couldn’t imagine anyone wanting to use unencrypted traffic. Good luck

I wonder if you can use the old trick where if the username and PW are identical on both systems? As in you login on system A with a username and password that also exist on the remote system? M$ seems to think the domain is irrelevant.

[quote quote=222264]I wonder if you can use the old trick where if the username and PW are identical on both systems? As in you login on system A with a username and password that also exist on the remote system? M$ seems to think the domain is irrelevant.

[/quote]
This trick will not work for me. Can’t make such changes. Only way I need to test as Doug mentioned.