[英]PowerShell remoting from a Windows service
I have a Windows service that regulary runs a PowerShell script on a remote computer via WsManConnectionInfo
/ RunspaceFactory
(following the steps from this article: Remotely Executing Commands in PowerShell using C# ): 我有一个Windows服务,通过WsManConnectionInfo
/ RunspaceFactory
在远程计算机上定期运行PowerShell脚本(遵循本文中的步骤: 使用C#在PowerShell中远程执行命令 ):
var connectionInfo = new WSManConnectionInfo(false, server, 5985, "/wsman",
"http://schemas.microsoft.com/powershell/Microsoft.PowerShell",
cred)
{
OperationTimeout = 4*60*1000,
OpenTimeout = 1*60*1000
};
using (var runSpace = RunspaceFactory.CreateRunspace(connectionInfo))
{
runSpace.Open();
using (var p = runSpace.CreatePipeline())
{
p.Commands.AddScript(script);
var output = p.Invoke();
...
}
}
Now, if I run the Windows service itself with an Administrator account , all is well. 现在,如果我使用管理员帐户运行Windows服务,一切都很好。 But if i run the service with the LocalSystem account, I get the following exception; 但是,如果我使用LocalSystem帐户运行该服务,我会得到以下异常;
System.Management.Automation.Remoting.PSRemotingTransportException:
Connecting to remote server NOSRVDEV02 failed with the following error message :
WinRM cannot process the request. The following error with
errorcode 0x8009030d occurred while using Negotiate authentication:
A specified logon session does not exist. It may already have been terminated.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
at System.Management.Automation.RemoteRunspace.Open()
...
Note: This has nothing to do with the credentials in WSManConnectionInfo
- just the account settings in the service properties "Log On" tab. 注意:这与WSManConnectionInfo
的凭据WSManConnectionInfo
- 只是服务属性“登录”选项卡中的帐户设置。
I don't want to give the service admin privileges. 我不想给予服务管理员权限。 Any ideas why the LocalSystem user fails to log in? 任何想法为什么LocalSystem用户无法登录?
Additional info: 附加信息:
TrustedHosts
). 我试图通过IP地址和主机名连接两者(两者都列在本地计算机的TrustedHosts
)。 EDIT: Even more info (summary of the comments): 编辑:更多信息(评论摘要):
A rather surprising solution to this one: The username in the PSCredential
object ( cred
) needed to be prefixed with the domain-less remote computer's name, eg " MYREMOTESERVERNAME\\remoteusername " and not just " remoteusername ". 一个相当令人惊讶的解决方案: PSCredential
对象( cred
)中的用户名需要以无域远程计算机的名称为前缀,例如“ MYREMOTESERVERNAME \\ remoteusername ”而不仅仅是“ remoteusername ”。
I have no idea why the prefix is needed only when connecting with the LocalSystem account though... 我不知道为什么只有在与LocalSystem帐户连接时才需要前缀...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.