Unable to run a powershell script on remote server with additional Parameters

Hello Expert,

we have Winrm script (provided by OEM: SIEM) and works fine. We need to run the script on our 500+ servers and i am using below to code to execute it. We have also discussed with the OEM and they have denied a way to apply this via GPO or via SCCM as well. So the only way is to do via PS. Below is the code i am using:

$argsArray = @()
$data =Invoke-Command -ComputerName 1GOTVASW020-SQL -ScriptBlock {
Param(
[ValidateNotNullOrEmpty()]
[string]$User
)
$result = c:\winrmconfig.ps1 -Action enable -ListenerType http -User xys@contoso.locol
Return $result
}
This fails to identify the User name Parameter. It gives below error:
User User xys@contoso.locol was not found, cannot continue!
However if i go to the server and run the powershell manually it works. So from remote powershell it does not handle the Parameter well. I have tried other way as well like: Using Psexec and run the script but it still fails.
If I dont mention the user parameter, it works fine but we need to mention the User parameter to get it into affect.
The WINRM script is huge and couldn't paste it here so i apologize in advance.

You have a parameter of [string]$User but you aren’t passing in any arguments. Try this

$argsArray = @()
$data =Invoke-Command -ComputerName 1GOTVASW020-SQL -ScriptBlock {
Param(
[ValidateNotNullOrEmpty()]
[string]$User
)
$result = c:\winrmconfig.ps1 -Action enable -ListenerType http -User $user
Return $result
} -ArgumentList 'xys@contoso.local'

I hope this helps

Hello Doug,

Thank you for your response. I tried the exact same code but it still errors for the username parameter. :(. It says it couldnt find the mentioned user name.

I have tried using Psexec as well but doesnt work either. I also tried to manually place the username into the code but still it doesnt work. All these methods fails with the same error. So i am totally confused as how to run this code on 500+ servers.

What exactly is the -User param doing? Are you troubleshooting a NULL parameter or is the winrmconfig.ps1 doing a lookup for ‘xys@contoso.local’ and cannot actually find it? The error would be more along the lines “User cannot be NULL” or “Cannot find user ‘’” if it’s param issue. When you explain it above, it sounds like it’s getting passed and the script is doing a lookup that is failing. Provide the exact error message.

Hi Rob,

Thanks for pitching in. I am getting following error message

 

“User xyz@contoso.com was not found, cannot continue!”

basically the user param is being used as below:

$win32account = (Get-WmiObject -Class Win32_UserAccount -Filter “Domain = ‘$domain’ and Name = ‘$accountname’”)

if ($win32account -eq $null)
{
log “User $User was not found, cannot continue!” “error”
}

Even if i feed the user name to $Win32account, it still doesnt work. I have also tried removing the Param mentioned in the script and feel the $user = ''Username" it still gives the same error.

Good call Rob. The question should be, what is the winrmconfig.ps1 expecting to be passed in. Is it expecting an email? Once you confirm that, then you can move on to why it’s unable to find that user. Perhaps the email is incorrect? Perhaps it is needing to query a remote machine to resolve the user? If it is needing to reach out to another host then you’re likely dealing with double hop issue. Thanks for pointing out my error, Rob. Good luck maxwell

Where in the script are $domain and $accountname defined? That block is producing the error and it shows the user, so it’s getting the parameter but the WMI lookup is failing. $User is in the error, so I would imagine it’s doing a split on @ and setting $domain and $accountname, but does this work:

Get-WmiObject -Class Win32_UserAccount -Filter "Domain = 'contoso.com' and Name = 'xyz'"

Here these Parameters are defined: Yes, it is splitting it in username and domain. And then from WMI it is getting

if ($User.Contains(’@’))
{
$domainaccount = $User.Split(’@’)
$domain = $domainaccount[1].Split(’.’)[0]
$accountname = $domainaccount[0]

Answering your last part: Get-WmiObject -Class Win32_UserAccount -Filter “Domain = ‘contoso.com’ and Name = ‘xyz’”

If i run the above code on the server, it works. It returns the user information which was provided.

 

I really appreciate everyone’s involvement in it and respect their time as well. I have uploaded the script on this below location. Would really appreciate if anyone can take a look :slight_smile:

https://www.mediafire.com/file/3mty8d19ndgsayc/winrmconfig.ps1/file

It stands to reason that WMI remote is not allowed. Try to run the command that @Rob gave you, remotely against the server in question and provide the results.

Get-WmiObject -Class Win32_UserAccount -Filter "Domain = 'contoso.com' and Name = 'xyz'"

 

okay - Thats interesting. So when i run the wmi command from remote server, it doesnt return anything.

used below code:

Invoke-Command -ComputerName ‘MyServerName’ -ScriptBlock {

Get-WmiObject -Class Win32_UserAccount -Filter “Domain = ‘Contoso.com’ and Name = ‘AccountName’”
}

 

So if this is the root cause how do i workaround this issue? :frowning:

But no error was returned? Well I think i’m mistaken again anyways. If you’re running this through invoke-command, you’re connecting fine to the server over winRM. It’s having the issue running the local c:\winrmconfig.ps1. Let’s see what others think. Do you know how to use powershell interactively remotely? I’d be curious just to see what happens if you enter-pssession to that server and try running

c:\winrmconfig.ps1 -Action enable -ListenerType http -User xys@contoso.locol

Hello Doug,

Correct, i didnt get any error message. It just completed without any error. Yes, my WINRM connectivity is just fine. I can run other PS cmds remotely and it works fine too.

I have also tried using Enter-pssession from Powershell ISE and then put the command you pasted but it still errors the same thing.

But when i login locally to the server and open Powershell ISE and run the same command, it works fine. So i have no clue what is the difference when we run it remotely vs locally. :frowning:

 

It’s the same user that you’re invoking the command and logging in locally?

Correct. Using the same account.

Interestingly, if i do invoke-command on the local server itself and run the command inside scriptblock, it fails with the exact same message.

OK so it seems the winrm config on the server doesn’t allow wmi access. That’s my best guess at this point in time. Do you know if it’s a custom winrm config on 1GOTVASW020-SQL?

Nothing is configured manually for any server for that matter. I have also tested it with some newly built servers but result is the same. So we need to check how to get that WMI info using remote server. If we get that working, we may find a solution. But right now I am clueless

OK I’m not the best WMI guy around, so bear with me. Unless your SQL server is a domain controller, then I believe this is the issue.

if ($User.Contains('@'))
{
$domainaccount = $User.Split('@')
$domain = $domainaccount[1].Split('.')[0]
$accountname = $domainaccount[0]
logToDisk "Domain: $domain"
logToDisk "Account: $accountname"
}
else
{
$domain = $computerName
$accountname = $User
logToDisk "Local system name: $domain"
}

The query is splitting the user up based on what you pass in. If it has an @ sign, it will get the first part of the domain. So user@domain.local would get

$useraccount = 'User'

$domain = 'Domain'

In my testing on my SQL servers, Get-WmiObject -Class win32_useraccount only lists local accounts. the domain for those accounts are the local computer name. Only on the DC did I see the domain be the same as the actual domain. What I don’t understand is if you run this locally on that machine with the same user/format passed in, you should get the same results.

Unless the SQL server is a DC, I would try the command with either passing in just a local user name like ‘user’ or the local user name ‘user@computername’

Based on the way they split you could even put ‘user@computername.YouCanPutAnythingHereExceptAPeriod’ but that’s just silly. I hope i’m not wrong but that’s what my testing shows.

I hope this helps.

Hello Doug,

Appreciate your time on this. I tried your suggestion by putting the local user in mentioned format: ‘user@computername’ but it failed with the same error.

I also tried to feed the User Variable manually in the script, so that it takes the username without asking from the end user but it still fails. I am not understanding why it works when we give it as a additional parameter but fails when we feed the same user account in the original script it self.

This is beyond my capacity to debunk this behavior :slight_smile:

 

Note: I am not running it on DC. this behavior is common for 100+ servers.

This script seems to be dated. I only get passed the user check with a local account but the script errors out just after with the error below. What exactly are your requirements? Perhaps there are other solutions.

[computername] Processing data from remote server computername failed with the following error message: The I/O operation has been aborted because of either a thread exit or an application request. For more information, see the about_Remote_Troubleshooting Help topic.

  • CategoryInfo : OpenError: (computername:String) [], PSRemotingTransportException
  • FullyQualifiedErrorId : WinRMOperationAborted,PSSessionStateBroken