Why do I get Access Denied when using WinRM?
try installing the latest version of winrm from here on the 2003 box. The ports (by default) should be 5985 for http and 5986 for https. Also note that winrm quickconfig is not available on 2003.
Winrm will run commands based on the user currently accessing the machine. Once you have te 2.0 version installed run from the 2k3 box:
test-wsman -computername web1928 -authentication default
This output should tell you if it can connect properly. If you want to test other credentials use
$cred = get-credential
test-wsman -computername web1928 -authentication default -credential $cred
Related videos on Youtube
Kev
###Actively looking for freelance work ###About Me: I'm a professional software developer and have spent my time building provisioning and web based self-service systems for IIS, Apache and Citrix XenServer, amongst other things. My Curriculum Vitae can be viewed on Stack Overflow Careers (might be a bit out of date). Stuff I like to listen to at last.fm You can get in touch here: kevin.e.kenny #@# gmail.com (you know what to do with the # and spaces). No Survey Emails Please. Also not ashamed to admit I like trains, mostly diesels, late Era 8 (BR Sectorisation) and Era 9 onwards :) I'm also interested in signalling if anyone from Network Rail is looking this far down ;)
Updated on September 17, 2022Comments
-
Kev over 1 year
Following on from this question:
Why does my PowerShell script hang when called in PSEXEC via a batch (.cmd) file?
I took the advice from Jim B and installed WinRM. To recap I have two servers:
- HMon01 - runs Windows 2003 Standard SP2
- Web1928 - runs Windows 2008 Standard SP2 (not R2)
Both servers are standalone.
I installed WinRM for Windows 2003 from here and configured WinRM as follows on both machines:
Client NetworkDelayms = 5000 URLPrefix = wsman AllowUnencrypted = false Auth Basic = true Digest = true Kerberos = true Negotiate = true Certificate = true DefaultPorts HTTP = 80 HTTPS = 443 TrustedHosts = *
The problem I have is that if I remotely execute commands using the remote machine's built in Administrator account then all is well.
However I have an account on the remote machine named
remoteexec
which is a member of the Administrators group (we disable our Administrator accounts). If I use this account then I getAccess Denied
errors. I've done all the usual things such as checking passwords and the like.Why would this be?
-
tony roth about 14 yearsso if you run winrm quickconfig on both servers what result do you get? also run this as administrator!
-
tony roth about 14 yearsyes thats correct, do this as a test create an account on the monitoring server called remoteexec with the same password as the account on the web server. Do not pass a password with the powershell command if the account is good then pass thru authentication should work.
-
Kev about 14 yearsI'm running this from
CMD.EXE
. I now have two identical accounts on each server (both with the same password and both members of Administrators). If I leave the password out I get prompted for one. If I enter it or leave blank I still get Access Denied. I also tried leaving out the credentials all together, still no joy. -
tony roth about 14 yearson the monitoring server can you do the following logged in as remoteexec dir \\Web1928\c$
-
Kev about 14 yearsHi Jim...do I need to install PowerShell 2.0 on the Windows 2003 box or can I still use the command line? Does the Windows 2008 box need upgrading (it's not R2)?
-
Kev about 14 yearsJim, thanks for that. I upgraded both machines and it's all magically started working, even from our HostMonitor software.