Best IT Recipes

Remote access to PowerShell with the ip address as the target

I successfully enabled PSRemoting on my 2008 R2 server. I can do remote pssession from the same network using the hostname as the target.

I fail when I try to use the IP address as a target from any computer (inside the network or from another network (for example, via VPN)). I want to be able to use a remote connection through my VPN connection, where I need to use an IP address because the host name cannot be resolved.

I don’t want to add names to my host file because there are several other servers on our clients that have the same DNS name, and I don’t want to delete and insert name-ip-address-connection again and again.

I hope someone tells me how to resolve the psremoting-target call over IP.

Change To be more specific, I want to be able to run this:

Enter-PSSession -Computername 192.168.123.123 -credentials $cred

But I can execute this command only if I pass the host name to " -Computername "

Edit2 :
I get the following errormessage when I try to login using ip instead of the host name (from the internal network):

 Enter-PSSession : Connecting to remote server failed with the following error message : The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HT TPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure T rustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to se t TrustedHosts run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.

Edit3:
I know about setting up WSMan trusted hosts, but that doesn't seem to be the problem. It is already set to "*" (I did it right after enabling remote access), but I still can’t connect to this server using ip as target-computername, but I can connect using the host name as the name -target-computername, It seems that there is something like a binding in IIS that does not allow the listener to listen for requests that target the ip number instead of the host name. But IIS is not installed. I do not know where to look for such a setting.

Update 2011-07-12:
Well, I think that trustedhosts-setting is not a problem, because I can connect from our DC through the host name, but not if I use the destination ip address for param computer.
I think the problem should be a listener. The listener may not accept requests destined for ip target instead of hostname. But I do not know how to change this.

+58
powershell remoting powershell-remoting
Jul 05 '11 at 18:50
source share
6 answers

The error message gives you most of what you need. It's not just about the TrustedHosts list; he says that to use an IP address using the default authentication scheme, you also need to use HTTPS (which is not configured by default) and provide explicit credentials. I can say that at least you are not using SSL because you did not use the -UseSSL switch.

Please note that SSL / HTTPS is not configured by default - this is an additional step that you must take. You cannot just add -UseSSL.

The default authentication mechanism is Kerberos, and it wants to see the real host names as they appear in AD. Not IP addresses, not CNAME DNS names. Some people will enable basic authentication, which is less picky, but you also need to install HTTPS, because otherwise you would pass credentials in clear text. Enable-PSRemoting only configures HTTP.

Adding names to the hosts file will not work. This is not a name resolution problem; it's about how mutual authentication between computers is implemented.

In addition, if the two computers participating in this connection are not in the same AD domain, the default authentication mechanism will not work. Read "help about_remote_troubleshooting" for information on setting up authentication without a domain and between domains.

From the docs at http://technet.microsoft.com/en-us/library/dd347642.aspx

 HOW TO USE AN IP ADDRESS IN A REMOTE COMMAND ----------------------------------------------------- ERROR: The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. The ComputerName parameters of the New-PSSession, Enter-PSSession and Invoke-Command cmdlets accept an IP address as a valid value. However, because Kerberos authentication does not support IP addresses, NTLM authentication is used by default whenever you specify an IP address. When using NTLM authentication, the following procedure is required for remoting. 1. Configure the computer for HTTPS transport or add the IP addresses of the remote computers to the TrustedHosts list on the local computer. For instructions, see "How to Add a Computer to the TrustedHosts List" below. 2. Use the Credential parameter in all remote commands. This is required even when you are submitting the credentials of the current user.
+47
Jul 12 '11 at 16:49
source share
β€” -

Try to do this:

 Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force
+24
Jul 06 2018-11-11T00:
source share

I check your statement in my infrastructure, the IP address is not a problem, the following works for me:

 PS C:\Users\JPB> hostname JPBCOMPUTER PS C:\Users\JPB> Enter-PSSession -ComputerName 192.168.183.100 -Credential $cred [192.168.183.100]: PS C:\Users\jpb\Documents> [192.168.183.100]: PS C:\Users\jpb\Documents> hostname WM2008R2ENT

If you are trying to work through a VPN, you better take care of the firewall settings on the way to your server. "Installation and Setup for Windows Remote Management" can help you. WinRM TCP port is expected to expect:

WinRM 1.1 and earlier: The default HTTP port is 80.

WinRM 2.0: The default HTTP port is 5985.



Edited: According to your error, you can check this on youclient computer:

 Set-Item WSMan:\localhost\Client\TrustedHosts *
+4
Jul 6 '11 at 3:29
source share

The guys gave a simple solution that will look like this: you need to look at the help - it’s good, it looks a lot, but actually read quickly:

 get-help about_Remote_Troubleshooting | more
+3
Jul 06 2018-11-11T00:
source share

On your computer * run 'Set-Item WSMan:\localhost\Client\TrustedHosts -Value "$ipaddress"

* The machine you are running PSSession from

+1
Aug 23 '18 at 3:26
source share

In Windows 10, it is important to verify that the WinRM service is running to invoke the command

* Set-Item wsman: \ localhost \ Client \ TrustedHosts -value '*' -Force *

0
Aug 07 '19 at 8:38
source share


More articles:


All Articles