0

There are two machines in this scenerio:

  • client.sub.domain.com (client machine PSRemoting to remote server)
  • server.sub.domain.com (remote server that client is PSremoting into)

I am using the below commands to start a psremote session using CredSSP to do "second-hop" authentication:

$session = New-PSSession -cn server.sub.domain.com -Credential $credential -Authentication Credssp
Invoke-Command -Session $session -ScriptBlock {. '\\client\Profile\Microsoft.PowerShell_profile.ps1'}
Invoke-Command -Session $session -ScriptBlock { Import-Module \\client\Profile\Modules\Posh-SSH }

Last line above produces the error below (this error happens with any binary module I use). I need this damn error to go away!

Could not load file or assembly 'file://\client\Profile\Modules\Posh-SSH\Assembly\Renci.SshNet.dll' or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515) + CategoryInfo : validOperation: (:) [Import-Module], FileLoadException

Below are all things I've tried/verified:

On server.sub.domain.com:

PS C:\Users\MKANET\Desktop\Dev>Get-WSManCredSSP
The machine is not configured to allow delegating fresh credentials.
This computer IS CONFIGURED to receive credentials from a remote client computer.

On client.sub.domain.com:

PS C:\Users\MKANET\Desktop\Dev>Get-WSManCredSSP
The machine IS CONFIGURED to allow delegating fresh credentials to the following target(s): wsman/*.sub.domain.com
This computer is not configured to receive credentials from a remote client computer.

I put below in $PSHome\Powershell.exe.config on Client

<?xml version="1.0"?>
<configuration>
    <startup useLegacyV2RuntimeActivationPolicy="true">
        <supportedRuntime version="v4.0.30319"/>
        <supportedRuntime version="v2.0.50727"/>
    </startup>
    <runtime>
        <loadFromRemoteSources enabled="true"/>
    </runtime>
</configuration>

On Client: (I tried running the below commands, since nothing else worked. Needless to say, this didn’t help any.)

Set-Alias CasPol "$([Runtime.InteropServices.RuntimeEnvironment]::GetRuntimeDirectory())CasPol.exe"
CasPol -pp off -machine -addgroup 1.2 -url file://\S858018\Profile\Modules\* FullTrust

On both client and server:

PS C:\Users\MKANET\Desktop\Dev>$psversiontable

Name                           Value
----                           -----
WSManStackVersion              3.0
PSCompatibleVersions           {1.0, 2.0, 3.0}
SerializationVersion           1.1.0.1
BuildVersion                   6.2.9200.16398
PSVersion                      3.0
CLRVersion                     4.0.30319.1008
PSRemotingProtocolVersion      2.2
MKANET
  • 573
  • 6
  • 27
  • 51
  • How do I even debug something like this? It's like shooting in the dark. It would be nice to know what it's really looking for instead of just guessing by blindly multiple fixes I found online. It appears like I've already applied all "known" fixes to this kind of error message. Hopefully someone with much broader knowledge and experience than me knows what's REALLY wrong! – MKANET Nov 21 '13 at 22:53
  • How did you install the POSH-SSH module? If you downloaded a ZIP from the web and then extracted the files, did you remember to unblock the ZIP first? – Keith Hill Nov 22 '13 at 05:56
  • I installed it via powershell command-line from GitHub. BTW: I have no problems importing the module locally on my PC. I didn't need to unblock anything; although, I did verify just to be certain. I also verified that all dlls and other files within the posh-ssh directory are accessible via remote session using test-path command. Whatever the problem is, it doesnt seem to be related to permissions/access. Adding $PSHome\Powershell.exe.config seemed like a promising fix; but, it didn't help any. I really wish there was at least a clue that would tell me at least what to focus on. – MKANET Nov 22 '13 at 20:57

1 Answers1

0

The process that is receiving the invoke-command on the remote machine is not powershell.exe, but wsmprovhost.exe. You would need to change the config file of that process like you did for powershell.exe if you want it to have any effect.

Fusion log can be of use when debugging assembly loading problems. Be sure to do this on your remote machine since that is where the assembly loading takes place.

Also have you tried the caspol thing on the remote machine?

Community
  • 1
  • 1
Lars Truijens
  • 42,837
  • 6
  • 126
  • 143
  • Something sounds a bit odd. If that were the case, I would have to modify every single machine I remote into; since there are hundreds of remote devices which are identical. I have a feeling theres a much greater chance the problem might be on my client PC> I do think it would be a good idea to run Fusion log on at least one remote machine. – MKANET Nov 24 '13 at 08:59
  • caspol is a machine local setting and the .config file is local for that process. Your error message is consistent with known workings of .Net 4.0 (http://blogs.msdn.com/b/shawnfa/archive/2009/06/08/more-implicit-uses-of-cas-policy-loadfromremotesources.aspx). What you or me like it to be does not make it true. Just give it a try and you will know. – Lars Truijens Nov 24 '13 at 13:19