3 Replies Latest reply on Aug 30, 2018 2:30 PM by maba

    Trying to run a remote powershell script using credssp

    RWA Specialist

      Hello there,

       

      I'm trying to run a Powershell script triggered by a Service Request via Quick Action (run a program). The script does some stuff in Active Directory.

      When the script is run by the Quick Action on a remote server, I get the following errors:

      After "Import-Module ActiveDirectory":

      WARNING: Error initializing default drive: 'Unable to contact the server. This may be because this server does not

      exist, it is currently down, or it does not have the Active Directory Web Services running.'.

      Afer any following AD cmdlet, e.g. "Get-ADUser -Identity AdamSam":

      Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not

      have the Active Directory Web Services running.

          + CategoryInfo          : ResourceUnavailable: (AdamSam:ADUser) [Get-ADUser], ADServerDownException

          + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADUser

       

      I did some research and there is a way to do this by using Credssp authentication ("2nd-Hop-Problem", Kerberos Delegation). So I followed instructions to enable Credssp.

      Manually I run a Powershell console and use the command:

      Enter-PSSession -ComputerName <targetcomputer> -Credential (Get-Credential) -Authentication Credssp

      Works fine! I had the same errors described above when I tried it manually before Credssp was enabled, so Credssp is a resolution.

       

      My question now is: how do I set up the quick action to use Credssp?

      Currently it looks like this:

      Connection:                              MyConnection (connection to target computer configured with an user that has admin rights)

      Program with path:                   C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe

       

      Arguments:                               -File D:\Scripts\MyScript.ps1 param1 param2 param2

      Wait for the program to finish:    true

      Show Output:                             true

      Output Field:                              ScriptResult

       

      As far as I know, there is no commandline parameter for Powershell.exe to change authentication method

      Has anybody tried this yet?

       

      Regards,

      René.

        • 1. Re: Trying to run a remote powershell script using credssp
          RWA Specialist

          Sorry, pressed send before finishing...

          Delete the text "As far as I know, there is no commandline parameter for Powershell.exe to change authentication method" from the end... doesn't make sense (no edit option?).

          When Powershell.exe is started there is already a remote connection defined by "MyConnection". At best there should be a way to configure Credssp, but there isn't and I don't know if it is even possible.

           

          I really don't know how to do this, and I guess I am not the first one to run a remote powershell script to do stuff in AD, am I?

           

          Regards,
          René.

          • 2. Re: Trying to run a remote powershell script using credssp
            RWA Specialist

            Hi again,

            ok after a night of sleep I found a solution

            I now use a localhost connection and start a local Powershell script which used New-PSSession (with Credssp authentication) and Invoke-Command to run the remote script.

            The only flaw is, that I currently have to store the credentials locally (New-PSSession requires the Credential-parameter).

             

            René.

            • 3. Re: Trying to run a remote powershell script using credssp
              maba Apprentice

              Good evening Rene,

               

              We have the same problem. Would it be possible to explain step by step how you had resolved the problem?

               

              Many thanks in advance

              Best regards

              Maba