Remote Control Domain Controller

I was watching an MVA (Microsoft Virtual Academy) video by Jason Helmick and Jeffery Snover on Powershell 3.0 it seemed like a good place to start and learn the fundamentals so I started following along with them through examples for Enter-PSSession to remotely control one of the Domain controllers. I started the Powershell IISE as an Administrator on my workstation the example failed with the following description.

PS C:\WINDOWS\system32> Enter-PSSession -ComputerName co-5023
Enter-PSSession : Connecting to remote server co-5023 failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer
name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By
default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the
about_Remote_Troubleshooting Help topic.
At line:1 char:1

  • Enter-PSSession -ComputerName co-5023
  •   + CategoryInfo          : InvalidArgument: (co-5023:String) [Enter-PSSession], PSRemotingTransportException
      + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

I checked the Get-Help about_Remote_Troubleshooting and followed the suggestions to isolate the problem without success.

I am brand new to Powershell and not afraid to read or listen when someone with experience offers a suggestion. I work for a small school district and we have a single Domain, I have multiple Domain controllers both physical and Virtual (running Hyper V) I was really intrigued with the option of automating several task through Powershell and disappointed when I was unable to use the tool properly.

any and all help appreciated.

Read about how to configure and enable WinRM. IIRC on Domain Controllers its disabled and not configured for security reasons.

This is also assuming you don’t have windows firewall blocking as its a domain controller in which case further reading on network ports used by WinRM should point you in the necessary ports that you need to open.
might help but not only.

HI Arie
Domain Controller is a Windows Server 2012 r2 and I went through the about_remote_troubleshooting to include the get-service winRM to make sure it was running and also checked the advanced settings on the firewall. my admin workstation is running Windows 10 Pro and both the workstation and Domain Controller are running WMF 5.0
I’m sure I am overlooking a simple setting or syntax to allow me to access the Domain controller. When Jason demonstrated how easy it was I was impressed. I should have remembered Murphy’s Law “when everything seems to be going fine you’ve obviously overlooked something”
Thanks for the suggestion Arie, at least I know I’m not alone in the Powershell Universe :slight_smile:

Hi Alan,

You’re not alone in the PowerShell Universe. Were all but Get-StarDust :slight_smile:

Try running the Enter -PSSession from a different sever or station.
Try from the domain controller itself.

I assume you run the PowerShell with admin rights and the your domain user has sufficient permission on the domain controller.
I also assume you don’t have a group policy set to disable the necessary service.

If RM is configured correctly, you should be able to run something like this
Get-Service -ComputerName DC1
If this works, the RemoteManagement works even if PowerShell remoting doesn’t , in which case PowerShell remoting is the culprit.

Normally this would work out of the box on W10 & W2012R2, if they are in the same domain and/or you use the proper permissions. PSRemoting is enabled by default.

Is name resolving working correctly for the target from your W10 computer?

What does Test-WSMan gives you when you run that on the target?

Try to troubleshoot with the help of:

To be clear, the winrm service running is NOT enough to ensure you can connect to the box. The service supports limiting source IPs and other tricks. quick and dirty way to get it working: “winrm quickconfig”, it will check the service, ensure permissions are defaulted, and open the firewall ports. Be aware this makes Winrm open to anyone in the domain with creds, which may or may not be a good thing.

Hi again Arie
Looking at your note:
all commands run from an elevated Administrator prompt ISE 64 bit
we are a small school district and I personally created the Windows Server 2012r2 I am trying to connect to from my workstation.
The server manager on my workstation allows me to initiate a Remote Desktop Session without any problems. I was really hoping to be able to learn enough to automate several of my daily task with a script.

I have tried to enter-Pssession from my workstation as well as several of the member servers and both of the Domain Controllers. each time it gives me the following information

PS C:\Windows\system32>
PS C:\Windows\system32> Enter-PSSession

cmdlet Enter-PSSession at command pipeline position 1
Supply values for the following parameters:
ComputerName: co-aww-14
Enter-PSSession : Connecting to remote server co-aww-14 fail
the destination is running and is accepting requests. Consul
the WinRM service, run the following command on the destinat
At line:1 char:1

  • Enter-PSSession
  •   + CategoryInfo          : InvalidArgument: (co-aww-14:St
      + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

I am certain there is an answer to the problem once I learn enough to ask the correct question.

patient and persistent

Hi Richard and Justin
testing both recommendations I got the following results

PS C:\Windows\system32> test-wsman

wsmid :
ProtocolVersion :
ProductVendor : Microsoft Corporation
ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0

PS C:\Windows\system32> winrm quickconfig
WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.
PS C:\Windows\system32>

I am inside our domain (small school district, small domain) :slight_smile:

Richard I will go through the article you referenced.

still patient and persistent and thanks to everyone

Hello Aire, Richard and Justin
Thanks for all the help and suggestions.
Richard the article you referenced
powershellorg · Secrets of PowerShell Remoting
pointed me in the right direction and it was a blocked port or more to the point a missing checkmark on the firewall settings. With that part behind me I can continue following the tutorials shown in the Microsoft Virtual Academy and hopefully learn a little.

again my thanks to all of you

That’s great to hear Alan! Enjoy your PowerShell experience!