10

I have created a W10 VM (guest) running docker, pulled microsoft/nanoserver image and hosted a container of the image.

(tutorial here: https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/quick_start_windows_10)

Everything runs great, even host can ping the container running under guest W10. But what i cannot do, is to connect a remote powershell to container.

Enter-PSSession -ComputerName "<container ip>" -Credential ~\Administrator

This pops up a dialog asking for user and password. I cannot leave it blank or etc - the result is access denied. Any ideas how to connect or set a password for nanoserver container ?

RassK
  • 515
  • 6
  • 20
  • https://technet.microsoft.com/en-us/windows-server-docs/compute/nano-server/getting-started-with-nano-server#a-name-bkmk-manageremote-a-managing-nano-server-remotely ? – Eris Aug 28 '16 at 19:46
  • It still requires some kind of credentials that i have not set – RassK Aug 28 '16 at 20:13
  • @RassK Have you tried to set the Administrator password from the prompt presented to you after running `docker run -it microsoft/nanoserver cmd`? – Mathias R. Jessen Aug 28 '16 at 23:42
  • @MathiasR.Jessen: I added a password (`net user` to list users, then `net user Administrator password` to set the password), but I still can't remote in. I get a `PSRemotingTransportException`. It seems that https and TrustedHosts is the issue. – Johnny Oshika Oct 11 '16 at 08:31
  • @JohnnyOshika, did you add the client to trustedhosts ? `Set-Item WSMan:\localhost\Client\TrustedHosts -Value "servername or IP"` ? – RassK Oct 11 '16 at 12:28

2 Answers2

1

I've been struggling with this for a few days now. However, think my problem is slightly different though, as I'm trying to do an Enter-PSSession to a windows docker container, but from another machine, not the container host.

In this tutorial (http://dinventive.com/blog/2016/01/30/windows-server-core-hello-container/), the guy makes a nested container PSSession inside a host PSSession.

He uses this command, which is only available in the latest versions of Powershell. (not in v3)

Enter-PSSession -ContainerId "<container ID>"

Get the ID by doing :

Get-Container | fl

You also have to check your Powershell version and make an upgrade if needed.

To check PS version :

$PSVersionTable

And to download Powershell latest version : https://www.microsoft.com/en-us/download/details.aspx?id=50395

G. Gomes
  • 51
  • 6
  • To be clear: It is the `-ContainerId` parameter that was introduced in PSv5.1 ( https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.core/enter-pssession); `Enter-PSSession` itself has been around since (at least) v3. If indeed using `-ContainerId` obviates the need for specifying credentials, I suggest you make that clearer. – mklement0 Jan 05 '17 at 16:32
  • 1
    Thanks for the clarification. Indeed, no need for credentials with `-ContainerId` I suspect that the option `-ComputerName` doesn't work with containers – G. Gomes Jan 05 '17 at 16:43
0

When connecting to a PS-Session using a IP address it adds some requirements, You must either have the remote device configured to use ssl or have the IP address listed in your trusted hosts.

The solution is to either try use the host name for the device, I have had great success with this. Or play with the trusted hosts list. In my experience it works consistently if you add trusted list entries on your machine and the remote machine as well. You can also specify:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*"

This will basically set all machines to be in the trusted hosts list, It has its cons like all machines being trusted but in certain restricted networks its acceptable. Doing this on the host and client machine seems to yield best results.

When specifying -Credentials it expects a credential object, You can craft one before the cmdlet to avoid entering it every time like so:

$secpass = convertto-securestring "Password Here" -asplaintext -force
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist "Username Here", $secpass 
Enter-PSSession -ComputerName "<container ip>" -Credential $cred

Coding credentials like this in a script is bad practice, You should look in to storing credentials in scripts properly, there are plenty of good resources on it.

Nick
  • 1,783
  • 1
  • 15
  • 18
  • Hi Nick, thanks for the response. Sorry if it wasn't clear (it wasn't my question, I just added a bounty) I have already set the trusted hosts to '*' and, further more, have tried adding the container name and ip address to the local hosts (%windir%/system32/etc/hosts) so as to provide name resolution. When you don't provide full credentials to the '-Credential' parameter, you're prompted for them. I believe this does the same as passing full parameters. Have you successfully used Enter-PSSession with Nanoserver in a docker container? – ibebbs Dec 20 '16 at 11:52
  • Nick, I downvoted your answer as I don't believe it pertains to the issue I am experiencing, namely using Enter-PSSession to connect to the microsoft/nanoserver image **when running in a docker container**. – ibebbs Dec 21 '16 at 20:58
  • 1
    That is all there is to using ps remoting. It sounds like there is a separate issue going on in that case, Perhaps if the question was tagged for Docker or nanoserver more people would chime in. – Nick Dec 30 '16 at 04:09
  • Nick, I think you're correct as I've managed to connect to Nanoserver when running in a VM rather than docker. Perhaps I'll ask my own question and offer another bounty on it with your suggested tags. Thanks for the answer. – ibebbs Dec 31 '16 at 08:02