Yami learns Powershell
-
IIRC the solution is for you to find an admin to run winrm quickconfig and then it'll "magically" start working.
So that's why I've come back: we've agreed between myself, the server guys, and the security team that changing the policy to AllowSigned and my self-signing the script will be sufficient to allay the security concerns, so they've done that on a server, but I still can't figure out what's up.
Unless I'm confused and that's not what quickconfig does
-
Unless I'm confused and that's not what quickconfig does
All I know is back in May, I tried running the same command that you got, that produced the "run winrm quickconfig" message, and after doing that, I was able to run that command.
winrm quickconfig seems, then, from observation, to configure the remote server to allow remote powershell, or whatever it was we were talking about. If you need to know more you'd probably have to either google it or find someone who actually knows, and apparently nobody on this site does.
Well, there's always MSDN: https://msdn.microsoft.com/en-us/library/aa384372(v=vs.85).aspx
Starting with Windows Vista, you can enable the WS-Management protocol on the local computer and set up the default configuration for remote management with the following command: Winrm quickconfig.
The winrm quickconfig command (or the abbreviated version winrm qc) performs the following operations:
- Starts the WinRM service, and sets the service startup type to auto-start.
- Configures a listener for the ports that send and receive WS-Management protocol messages using either HTTP or HTTPS on any IP address.
- Defines ICF exceptions for the WinRM service, and opens the ports for HTTP and HTTPS.
Note The winrm quickconfig command creates a firewall exception only for the current user profile. If the firewall profile is changed for any reason, winrm quickconfig should be run to enable the firewall exception for the new profile; otherwise, the exception might not be enabled.
-
Shooting in the dark here but:
Does your user account or a group you belong to have 'Access This Computer from the Network' granted on the machine the script is trying to run on?
-
I'll suggest this to the server guy tomorrow.
Does your user account or a group you belong to have 'Access This Computer from the Network' granted on the machine the script is trying to run on?
I am able to RDP in, and we tried making me an admin to rule out permissions issues. No change.
-
The reason I asked is 'Access This Computer from the Network' is 99.99999% of the reason I've seen shit randomly fail with Kerberos/AD authentication but works locally on the machine.
There MIGHT be an odd Windows Event log that points you in a better direction but you generally have to get really lucky and spot the needle in the haystack with those.
-
I'll suggest this to the server guy tomorrow.
I'm at home now so I can't check but I'm pretty sure I actually tried it at work last month and the powershell command actually worked after running
winrm
, and didn't before.
-
I'll suggest this to the server guy tomorrow.
Does your user account or a group you belong to have 'Access This Computer from the Network' granted on the machine the script is trying to run on?
I am able to RDP in, and we tried making me an admin to rule out permissions issues. No change.
Another random link about quickconfig seems to indicate that you also have to enable remoting using the command:
Enable-PSRemoting -force
-
Mu.
Does a dog have Buddha nature?The funny thing is that the answer is commonly regarded as irrational, but really it's simply correct. "Buddha nature" was a later conception.
-
didn't we run into this the last time you played with powershell? IIRC the solution is for you to find an admin to run
winrm quickconfig
and then it'll "magically" start working.The error message even says to do that.
-
It worked >.> The WM listener hadn't been started, says quickconfig
-
Next order of business:
My current batch script prompts for input. I have the input to give it in the powershell script. Do I need to rewrite it to take a parameter, or can I have powershell respond to the prompt?
-
Does a dog have Buddha nature?
Never mind that. There's a more important question:
Does Powershell have Buddha nature?
-
Do I need to rewrite it to take a parameter, or can I have powershell respond to the prompt?
Can you do both? Accept a parameter and only ask if it isn't provided?
-
Sure. I was trying to avoid changing the batch script if I don't have to, but if I do, I'll go with both to minimize surprise (this is used by other people as well)
-
If I were doing it, I'd use a wrapper that does the argument checking/asking and calls the original script to actually do the work. The wrapper would also handle defaults and stuff like that, while the inner script would be the part that would be more strongly testable. I know you like to think in terms of testability anyway; I think that's a great way to work.
-
We basically have that, though the split is a little different than I'd have liked. The last guy on this project wrote the script. He moved the real work (which is repeated a lot, optionally, depending on the box configuration) to an inner script; the outer one prompts for input, then runs down a huge checklist of configuration options to determine how often and where to call the inner script. So I just need to make the outer one able to run non-interactive.
-
Next order of business:
My current batch script prompts for input. I have the input to give it in the powershell script. Do I need to rewrite it to take a parameter, or can I have powershell respond to the prompt?
You can do that in the actual param list if you want, too:
param ( [string] $optional, #an optional parameter with no default value [string] $required = $(throw "requiredparam required."), #throw exception if no value provided [string] $prompt = $(Read-Host -prompt "prompt"), #prompt user for value if none provided ) process { }
-
rragghh, I'm clearly not getting something here.
if I do
invoke-command -computername $computerName -ScriptBlock {C:\directory\outerscript.bat $param}
, then outerscript.bat can't find innerscript.bat to run, because it refers to it by relative path and there's no innerscript.bat in the same folder my powershell file is in....
-
Isn't there a change-directory cmdlet?
-
I want to set the working directory for the remote script, though. If I do a set-location, won't that change powershell's working directory locally?
Ugh, and I'm having trouble with the timeout command... I'm starting to think I should rewrite the script as a powershell script that I can invoke using this one. That seems to be simplest.
-
I want to set the working directory for the remote script, though. If I do a set-location, won't that change powershell's working directory locally?
Yes, it's a process-inheritable property by default. (Same as on all Unixes.) You have save the current location, change it, run the subscript, change back. (Unless you can do the change as part of the subprocess launch; I don't know if powershell exposes that capability.)
-
Guess this is running a script block remotely, so changing the local directory probably won't have effect. Can you include a set-location in -ScriptBlock though?
-
I ran this fucking line a dozen times, no problem. Suddenly, it complains. WTF
invoke-command -session $Session -filePath "doSwitch.ps1" -ArgumentList $branchName
Error:
Invoke-Command : You must provide a value expression on the right-hand side of the '-' operator. At H:\Powershell\switchServer.ps1:22 char:15 + invoke-command <<<< -session $Session -filePath "doSwitch.ps1" -ArgumentList $branchName + CategoryInfo : ParserError: (:) [Invoke-Command], ParseException + FullyQualifiedErrorId : ExpectedValueExpression,Microsoft.PowerShell.Commands.InvokeCommandCommand
-
Linux thinking, no powershell experience, does $Session or $branchName contain spaces?
-
Or more likely, is either one null / empty / whatever is appropriate for PS?
-
It worked >.> The WM listener hadn't been started, says quickconfig
Yeah, that's what I saw when I tried it--and it's consistent with what MSDN says.
-
My current batch script prompts for input. I have the input to give it in the powershell script. Do I need to rewrite it to take a parameter, or can I have powershell respond to the prompt?
Powershell uses pipes just like unix pipe chains, so you can probably do the latter.
-
Ugh, and I'm having trouble with the timeout command... I'm starting to think I should rewrite the script as a powershell script that I can invoke using this one. That seems to be simplest.
Only you know if it would, but would it make sense to redo the powershell script as a powershell cmdlet, an actual c# program?
-
You have save the current location, change it, run the subscript, change back
It sounds like PowerShell supports pushd and popd (as does Windows batch scripting).
-
Probably. But I don't have VS handy.
-
does $Session or $branchName contain spaces?
No. Session is an object containing the remote session. Branchname does not contain spaces.
Or more likely, is either one null / empty / whatever is appropriate for PS?
Best I can tell, no. One was echo'd a line previous, the other I just did a debug echo and it's fine too.
-
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaah
What is the difference between
PS H:\Powershell> Invoke-Command -ComputerName REDACTED -FilePath C:\Scripts\Sample.ps1
and
PS H:\Powershell> Invoke-Command -ComputerName REDACTED -FilePath H:\Powershell\switchAllRepositories.ps1
Because the former gets me "no such script" (because, duh, it was copied from an example) and the latter gets me
You must provide a value expression on the right-hand side of the '-' operator.
-
FFS!
The problem is with the actual script being invoked.
It has nothing to do with the line that errors.
When I made H:\Powershell\Sample1.ps1 which just contained
Write-Host "yay"
Then
H:\Powershell> Invoke-Command -ComputerName QAAPPWEB01 -FilePath H:\Powershell\Sample.ps1
runs just fine.
-
The actual problematic line:
if ($process.ExitCode -neq 0)) {
I wanted -ne. neq is Coldfusion.
-
The problem is with the actual script being invoked.
I thought that was what it was going to turn out to be after reading your last post. Programs invoking other programs leads to chaos if there's errors, unfortunately.
-
Is
--
something special in Powershell? Because svn is giving me access forbidden, and I'm using explicit credentials with--username
and--password
, so the only thing I can think is it's not going through correctly..
-
This post is deleted!
-
How does the authentication work?
Say I am user yamikuronue on my local box, and this is an AD user. I want to be user yamikuronue, the AD user, on the remote machine, and then execute an exer as user yamikuronue the AD user. Is that not the default? Because I'm getting different results when I remote desktop into the box as myself and run the command than when I have powershell run the command.
-
That sort of thing is why we always specify that there be a single-sign-on scheme for things we do around the university. Yes, that's often a COMPLAIN to get working, but it saves so much effort elsewhere (including especially in user training!)
-
Okay so
Script 1 is invoking Script 2 on the remote machine.
Script 2 reports environment::currentuser as yamikuronue
But svn.exe is not able to fall back to my AD credentials when it finds an issue.
I can put nonsense in the --username and --password field from the command line via remote desktop as yamikuronue, and it still goes through.
How do I make the credentials just work?
-
Okay so
Script 1 is invoking Script 2 on the remote machine.
Script 2 reports environment::currentuser as yamikuronue
But svn.exe is not able to fall back to my AD credentials when it finds an issue.
I can put nonsense in the --username and --password field from the command line via remote desktop as yamikuronue, and it still goes through.
How do I make the credentials just work?
How are you invoking svn.exe?
-
$exe = "C:\Program Files\TortoiseSVN\bin\svn.exe"; &$exe switch "$to" "$workingCopy" --username [redacted] --password [redacted] --no-auth-cache --non-interactive --trust-server-cert
From inside Script 2.
-
```
$exe = "C:\Program Files\TortoiseSVN\bin\svn.exe";
&$exe switch "$to" "$workingCopy" --username [redacted] --password [redacted] --no-auth-cache --non-interactive --trust-server-certFrom inside Script 2.</blockquote> Maybe try using Invoke-Command instead? & is an alias for Invoke-Expression which might not be passing Session information.
-
but that is being run from a script being run with Invoke-Command.... should it matter?
-
but that is being run from a script being run with Invoke-Command.... should it matter?
I have no idea, unfortunately.
-
I would suggest not trying to pass the command line arguments directly to Invoke-Expression. I ran into similar issues with some horribly hacked-together Powershell scripts I was working on last year and ended up getting it to work by passing everything to Invoke-Expression as individual variables.
EDIT: Actually just checked on this and I don't think that it's correct to refer to & as Invoke-Expression. It's the invocation operator, more details here: http://social.technet.microsoft.com/wiki/contents/articles/7703.powershell-running-executables.aspx#The_Call_Operator_amp
-
EDIT: Actually just checked on this and I don't think that it's correct to refer to & as Invoke-Expression. It's the invocation operator, more details here: http://social.technet.microsoft.com/wiki/contents/articles/7703.powershell-running-executables.aspx#The_Call_Operator_amp
Neither is listed as an alias of the other, but I'm not sure they aren't given the technet descriptions:
Invoke-Expression:
https://technet.microsoft.com/en-us/library/hh849893.aspx& Operator:
-
Passing
"C:\Program Files\TortoiseSVN\bin\svn.exe" https://[url redacted] C:\webfiles\inspections --username [redacted] --password [redacted] --no-auth -cache --non-interactive --trust-server-cert
To
Invoke-Expression $fullCommand
gave me
Unexpected token 'https://[url redacted]' in expression or statement. + CategoryInfo : ParserError: (https://[ur....ed]:String) [Invoke-Expression], ParseException + FullyQualifiedErrorId : UnexpectedToken,Microsoft.PowerShell.Commands.InvokeExpressionCommand
-
Quote the URL? Unless you've already tried that, of course.
-
That gets me a CommandNotFoundException.
Ditto for straight-up "svn" which works on the command line on that box. But the & finds it just fine.