PSWA access denied errror

Hi

I am trying to use remove-dnsserverresourcerecord cmdlet but I get permissiondenied.
here is the cmdlet and error.
remove-dnsserverresourcerecord -ComputerName “DOMAIN CONTROLLER” -ZoneName “ZONE”.com -RRType A -Name “SERVER TO REMOVE”
Failed to get the zone information for “ZONE” on server “DOMAIN CONTROLLER”.
+ CategoryInfo : PermissionDenied: (“SERVER TO REMOVE”:root/Microsoft/…rResourceRecord) [Remove-DnsServerResourceRecord], CimException
+ FullyQualifiedErrorId : WIN32 5,Remove-DnsServerResourceRecord

I was wondering why? If I log onto the server that is running pswa I can run the cmdlet fine.

Hey there LiveUser. It’s a double-hop problem. When you’re logged into PSWA, you’re actually in a remote PS session. So you’re remoted and running a command to a remote DNS server, and it’ll fail. Local Session > PSWA > DNSServer

When you log into the PSWA server directly via RDP, you’re eliminating a hop.
PSWA>DNSServer

You can actually read up about the double hop problem, and possible solutions, here. https://www.penflip.com/powershellorg/secrets-of-powershell-remoting

Thank you for the quick response. This was very helpful.

Any time! Mind if I mark this as resolved? :slight_smile:

And for a good, concise explanation, https://powershell.org/kb/the-double-hop-authentication-problem/.