unable to connect to server from workstation

PowerShell Help
1

Hello,

Hi im trying out powershell and really enjoying it, however i ran into a problem about remoting. I have a Windows Server 2012 R2(SRV1 and SRV2 - Core) and a Windows 8.1 (WKS1).

Im trying to do a remote management from WKS1 to SRV1 however when I issue the command"Invoke-Command -ComputerName srv1 -ScriptBlock { Get-EventLog -LogName Security | select LogName, Message -Last 3 }" - without the quotes, i get the error message. I cant event issue the Enter-PSsession -ComputerName srv1. I get these messages when I issue those commands.

(pre)PS C:\Windows\system32> Invoke-Command -ComputerName srv1 -ScriptBlock { Get-EventLog -LogName Security | select TimeWritten, Name }
[srv1] Connecting to remote server srv1 failed with the following error message : WinRM cannot complete the operation. Verify that the specified
computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows
access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local
subnet. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (srv1:String) , PSRemotingTransportException
+ FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken

PS C:\Windows\system32> Enter-PSSession -ComputerName srv1
Enter-PSSession : Connecting to remote server srv1 failed with the following error message : WinRM cannot complete the operation. Verify that the
specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled
and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same
local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1

  • Enter-PSSession -ComputerName srv1
  •   + CategoryInfo          : InvalidArgument: (srv1:String) [Enter-PSSession], PSRemotingTransportException
  + FullyQualifiedErrorId : CreateRemoteRunspaceFailed(/pre)

I already made changes to the firewall for
COM+ Network Access (DCOM-In) - Inbound rule to allow DCOM traffic for COM+ Network Access. [TCP 135]
Remote Event Log Management (RPC-EPMAP) - Inbound rule for the RPCSS service to allow RPC/TCP traffic for the local Event Log Service.
Remote Event Log Management (NP-In) - Inbound rule for the local Event Log service to be remotely managed over Named Pipes.
Remote Event Log Management (RPC) - Inbound rule for the local Event Log service to be remotely managed via RPC/TCP.

These are the ports that server manager use so i’m assuming that those are the ports that powershell remoting use, or am I wrong?
I do however able to powershell remote from srv1 to srv2.

I’m looking for a solution that I can deploy from GPO so that I wont have to go to every server workstation in my test virtual environment.
Any Ideas?

2

Windows Server 2012 R2 comes with PS remoting enabled and ready by default without the need to open any ports or issue any commands.
If you’re not getting through, I would:

  1. Ensure that the 2 servers and WS are in the same domain
  2. Make sure it’s not a name resolution issue. Ping SRV1 from WS1, see if it resolves the name to IP (ping may not go through, but it should resolve the name). Try NSLookup as well. If names are not being resolved, try FQDN like SRV1.domain.com
  3. Make sure you’re logging in to the WS with an admin account or account that has permissions for PS Remoting
    Also check out the free ebook Secrets of Powershell Remoting https://powershell.org/2012/08/06/ebook-secrets-of-powershell-remoting/
3

The thing is, why can I remote from Server to Server, but not to Workstation to Server or vice versa?

4

Taking from what you’re saying, your workstations are either 8 or 8.1?

Are the workstations and servers sitting on a different vlan? If so, are the required ports open between them (not the windows firewall ports)?
Can you try running Enable-RSRenoting -force on the workstation?
Do you have any group policies in place on the workstations that differ from servers?
Have you configured TrustedHosts and delegation?