Reputation: 1
Invoke-command fails to run another invoke-command on remote computer
My setup. I have three PCs : MyComp, Server1, and Server2 and two similar scripts used invoke-command RemTest1.ps1, which calls RemTest2.ps1 on remote Server1. And RemTest2 use invoke-command to run script block on Server2. I am on Powershell version 5.1 When I run script from MyComp to Server1 it works fine. When I run from Server1 to Server2 it also runs fine. But when I run from MyComp to Server1, which have to run then on Server2 I receive the following message:
[Server2] Connecting to remote server Server2 failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x8009030e occurred while using Kerberos authentication: A specified logon session does not exist. It may already have been terminated.
All three computers are in the same domain. I don't have Admins privileges. I tried to add Server2 to TrustedHosts on Server1. It did not help. I added to scripts print of username to make sure on all PCs used the domain user.
If somebody can help with the problem, please help. To reproduce the problem I created a very simple example of my two scripts.
RemTest1.ps1
$LocalRepDir = 'D:\Reps'
$RemoteWrkDir = 'D:\wrk'
$Server1 = 'Server1'
#script block to run on remote Server1
$Run = {
"Script block from RemTest1"
$env:COMPUTERNAME + " User = $(whoami)"
cd $using:RemoteWrkDir
ls
# call script from remote server1
.\RemTest2.ps1
}
$env:COMPUTERNAME + " RemTest1 User = $(whoami)" | Out-File -FilePath "$LocalRepDir\res.txt"
$Output = @() # to grab an output from remote servers
$Output = Invoke-Command -ComputerName $Server1 -ScriptBlock $Run
$Output | Out-File -FilePath "$LocalRepDir\res.txt" -Append
RemTest2.ps1
$LocalRepDir = 'D:\Reps'
$RemoteWrkDir = 'D:\wrk'
$Server2 = 'Server2'
#script block to run on remote Server2
$Run = {
"Script block from RemTest2"
$env:COMPUTERNAME +" User = $(whoami)"
cd $using:RemoteWrkDir
ls
}
$env:COMPUTERNAME +" script RemTest2 User = $(whoami)"
$Output = @() # to grab output from remote servers
$Output = Invoke-Command -ComputerName $Server2 -ScriptBlock $Run
$Output | Out-File -FilePath "$RemoteWrkDir\res.txt
Output of these scripts
MyComp RemTest1 User = MyDomain\MyLogin
Script block from RemTest1
SERVER1 User = MyDomain\MyLogin
Directory: D:\wrk
Mode LastWriteTime Length Name PSComputerName
---- ------------- ------ ---- --------------
-a--- 4/23/2022 12:09 AM 490 RemTest2.ps1 SERVER1
-a--- 4/23/2022 12:06 AM 0 res.txt SERVER1
SERVER1 script RemTest2 User = MyDomain\MyLogin
As you can see I did not receive output from the RemTest2 script block from SERVER2. Instead I received error message. Please help.Invoke-Command
Upvotes: 0
Views: 1135
Answers (1)
Reputation: 2268
For security purposes, windows won't let you pass credentials from inside a remote session.
It might work if you pass it password based credentials. My environment is certificate based and I was never able to make it work.
You're better off just having the first machine sending the same commands to both servers.
Invoke command can take both machine names simultaneously.
You might be able to do what you're doing via ssh, windows now supports that. But your commands would be completely different and still need passwords or ssh keys.
For invoke command into the second computer, you might can try...
Invoke-Command -ComputerName $Server2 -ScriptBlock $Run -Credential (get-credential)
Also you should append your log on the second server otherwise you'll overwrite it. Or just have it print to the screen and the initial invoke command should save it's output as well.
$Output | Out-File -FilePath "$RemoteWrkDir\res.txt" -Append
But as far as I'm aware you can't do what you're aiming to do.
This article explains what it is. And pros and cons. I highly advise against it. As generally you have to store credentials in the second script if you wanna automate this.
It also states you have to deem an account worthy to do this. It's highly convoluted and should be used in 100% necessary scenarios. One example would be if you are creating a botnet to mass spread certain configurations. But with tools like mecm, this is sort of not necessary in an enterprise
Upvotes: 2
Related Questions
- Powershell Invoke Command is not working for Remote Machine and did not returning any error message
- Invoke-Command with remote session: Cannot validate argument on parameter
- invoke command on remote machine is not working using powershell
- Powershell Invoke-Command fails, Locally it works
- How to run multiple commands via Invoke-Command on remote server
- execute remote powershell script on remote server
- Invoke-Command error when I try to run a script on a remote computer
- Invoke-Command with script block is not working on remote machine with no error
- powershell remote
- Powershell Invoke-Command executing on local, rather than remote server