0

I am trying to build a Powershell script that allows you to perform various system administration level tasks from a Powershell session. However, outside of the network, I am having issues resolving the hostname and possibly with authentication. The DNS records are okay at the Domain Controller level and even entered DNS entries in \drivers\etc\host file and still coming up with one of two errors, either if using fqdn, it fails to resolve or if using an IP address it states you can only use this method with HTTPS enabled. This is what I've tried so far below:

$rcreds = Get-Credential -credential test.user@test.com
$rcomp = Read-Host "Enter FQDN of remote computer"
$rdir = Read-Host "Enter directory"


Invoke-Command -ComputerName $rcomp -ScriptBlock -Credential $rcreds {
    Get-ChildItem c$\$rdir
}
j.k.ells
  • 21
  • 5
  • What is the exact DNS error you get when using the FQDN? Does `nslookup server.domain.tld` return the IP you expect? The error you get is expected when using an IP - you either need to trust the host in the `winrm` config or enable WinRM over HTTPS (and the IP needs to be the subject or one of the SANs in the trusted certificate used to serve WinRM in this case or you'll still have to trust the host). – codewario Dec 18 '19 at 01:39
  • "The WinRM client cannot process the request because the server name cannot be resolved." Something to that extent, may not be exact. And yes, nslookup and ping resolves the hostname with no problem. – j.k.ells Dec 18 '19 at 01:49
  • The exact error is important because the error looks similar if Kerberos can't verify the hostname vs. not being able to find it in DNS. At this point it could be an auth issue or a DNS one and it's unclear. – codewario Dec 18 '19 at 14:44

1 Answers1

0

I don't see how $rdir would work in the remote scope that way.

Invoke-Command -ComputerName $rcomp -ScriptBlock -Credential $rcreds { 
    Get-ChildItem c$\$using:rdir 
}
js2010
  • 23,033
  • 6
  • 64
  • 66
  • that is correct. The issue is it refuses to resolve the hostname, and without setting up an HTTPS connection by enabling a service over a port, Im kind of at a loss. – j.k.ells Dec 18 '19 at 10:59
  • I think @js2010 is saying that path you pass to `Get-ChildItem` doesn't look correct... `C$` would be the administrative `C:` share but you would have to access it as a UNC path (e.g. `\\servername\C$` or `\\.\C$`), not a local one. – codewario Dec 18 '19 at 14:49
  • @BendertheGreatest also the $rdir variable wouldn't normally be accessible from the scriptblock. – js2010 Dec 18 '19 at 14:56
  • [It should if they use the `$using:varName` syntax.](https://stackoverflow.com/a/42083997/584676) – codewario Dec 18 '19 at 15:00