We have serverA and serverB (both are Win2016 with same patch level) and their configuration are very similar. I want to create a PowerShell script to collect all disk information for all server. So in ServerA I run:
Get-WmiObject Win32_LogicalDisk -serverB
it returns: Get-WmiObject : No such interface supported
However when I run it on serverB:
Get-WmiObject Win32_LogicalDisk -serverA
it works as expected. I checked both server's firewall rule "Windows Management Instrumentation (WMI-In)" both are disabled. If I enabled this rule on serverB, then I can run the get-WmiObject -serverB command successfully.
Although I can continue my work by enable this rule but it doesn't make sense for me. Why I don't need to enable this rule on serverA? I wish I could keep all the server have same config if possible.
Do you know, any rule or config I should check and compare between serverA and serverB?
Related
I'm using WSL2 on Windows 10.
My dev stack is using a local webserver (localwp or wamp) on the host OS.
I use WSL2 as the main terminal (SSH, Git, SASS, automation tools, ...).
What I need is a way to connect to my host services (MySql) from the WSL2 system using a server name instead of a random IP address.
It is already possible for the Windows host to connect to WSL2 services with "localhost". Is there a solution to do it the other way?
You should use hostname.local to access Windows from WSL2 because that will use the correct IP. Note that hostname should be replaced with the result of the hostname command run in WSL2.
You can check the IP by running ping $(hostname).local from WSL2.
You also need to add a firewall rule to allow traffic from WSL2 to Windows. In an elevated PowerShell prompt run this:
New-NetFirewallRule -DisplayName "WSL" -Direction Inbound -InterfaceAlias "vEthernet (WSL)" -Action Allow
The command above should allow you to access anything exposed by Windows from WSL, no matter what port, however bear in mind that any apps you've launched get an automated rule created for them when you first launch them, blocking access from public networks (this is when you get a prompt from Windows Firewall, asking whether the app should be allowed to accept connections from public networks).
If you don't explicitly allow, they will be blocked by default, which also blocks connections from WSL. So you might need to find that inbound rule, and change it from block to allow (or just delete it).
See info here:
https://github.com/microsoft/WSL/issues/4585#issuecomment-610061194
Well, your title and your question body don't seem quite aligned.
The question title says "use localhost", but then in the body you say "using a server name."
Accessing the Windows 10 service via the name "localhost" from WSL2? Let's just go with "no". I can think of a possibility of how to make it work, but it would be complicated.
But I think the second is really what you are looking for, so a couple of options that I can think of for accessing the Windows host services by hostname in WSL2:
First, and hopefully the easiest, WSL2 supports mDNS (WSL1 did not), so you should be able to access the Windows host as {hostname}.local (where {hostname} is the name of the Windows host (literally, in bash, ping $(hostname).local, since the assigned WSL2 hostname is that of the host Windows 10 computer). That works for me. While I don't recall having to do anything special to enable this, this Super User answer seems to indicate that you have to turn it on manually.
The second option would be to add your Windows host IP to /etc/hosts. If your Windows IP is static, then you could just add it manually to /etc/hosts and be done. If it's dynamic, then you might want to script it. You can retrieve it from inside WSL2 via:
powershell.exe "(Test-Connection -ComputerName (hostname) -Count 1).IPV4Address.IPAddressToString" (and other methods) and then use something like sed to change /etc/hosts.
Add the following code to ~/.bashrc or ~/.zshrc, and then use winhost to access the host ip。
sed -i -e '/winhost/d' /etc/hosts
win_ip=$(cat /etc/resolv.conf | grep nameserver | awk '{ print $2 }')
win_host="$win_ip winhost"
echo $win_host >> /etc/hosts
The last time I was facing this issue,
I downgraded to WSL1, and all the connections started working perfectly.
You can use:
wsl --set-version Ubuntu 1
This is the easiest approach to fix all connection related issues in WSL2.
I want to run some commands from a Linux server to remotely execute PowerShell module like DNSserver on a Windows machine to retrieve DNS information. I am using OpenSSH to SSH from Linux to Windows.
I have PowerShell 6.2.3 on both Windows server and Linux server. I started from Linux:
>pwsh
PS /home/user1> Enter-PSSession -HostName WinServer-IP -UserName user2
If I don't setup the key authentication on the Windows site (add public key in the C:\ProgramData\ssh\administrators_authorized_keys file, and set the correct permissions on the file), PowerShell will ask me for user2 password. After I enter the password, I am on the Windows server, and I can run my PowerShell scripts and they all working fine.
But if I setup the key auth - add public key in the C:\ProgramData\ssh\administrators_authorized_keys file, and set the correct permissions on the file. PowerShell will not ask for user2 password and I get the same prompt as above,
I can do something like Get-Module etc. but when I run my script that does:
Get-DnsServerResourceRecord -ComputerName 'DNSServer-IP' -ZoneName 'example.net' -RRType A
I got the error:
Get-DnsServerResourceRecord : Failed to get the zone information for
example.net. on server DNSServer-IP.
At C:\Users\user2\scripts\retrieve_ips.ps1:1 char:1
+ Get-DnsServerResourceRecord -ComputerName 'DNSServer-IP' -ZoneName 'ex ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (example.net.:root/Microsoft/Wind\u2026erverResourceRecord) [Get-DnsServerResourceRecord], CimException
+ FullyQualifiedErrorId : WIN32 5,Get-DnsServerResourceRecord
It seems like the SSH public key authentication does not really get me in as "users", but I can not find out what it is.
user2 is a local user on the Windows server, but I have to add it to the Active Directory as AD needs to know this user before it will allow user2 to run DNSserver module...
What did I do wrong, or missed?
Without the SSH public key authentication, the same script works and I could get the A records our of the DNS server.
I need to launch an openconnect VPN on a linux router from a powershell script on Windows.
I have a working script on the linux router:
echo PASSWORD | sudo openconnect -b --no-dtls --interface=sslvpn host.isp.com --authgroup=SharedVPN --user=username --passwd-on-stdin
When I run the script locally on the router, the vpn launches perfectly.
Here is my powershell script from the windows machine:
Import-Module SSH-Sessions
New-SshSession -ComputerName "10.1.43.11" -Username "ubuntu" -KeyFile "C:\keys.pem"
Invoke-SshCommand -ComputerName "10.1.43.11" -Command '/usr/local/sbin/InitializeVPN'
Remove-SshSession -computername "10.1.43.11"
When I run the powershell script, it does launch the VPN, but freezes there, waiting for the VPN to end. I can kill the process on the router and then the powershell script finishes. I need the VPN to run in the background. So I modified the script on the router like this:
echo PASSWORD | sudo openconnect -b --no-dtls --interface=sslvpn host.isp.com --authgroup=SharedVPN --user=username --passwd-on-stdin &
Now when I run the powershell script, it does seem to send it into the background, but the VPN doesn't stay up and I only get partial output to the screen:
Key file specified. Will override password. Trying to read key file...
Successfully connected to 10.1.43.11
10.1.43.11: POST https://host.isp.com/
Connected to ip_addr:443
SSL negotiation with host.isp.com
Connected to HTTPS on host.isp.com
XML POST enabled
POST https://host.isp.com/
Connected to ip_addr:443
SSL negotiation with host.isp.com
Connected to HTTPS on host.isp.com
XML POST enabled
10.1.43.11 should now be disconnected and disposed.
When I run it directly on the router, there is more after the last "XML POST enabled":
Please enter your username and password.
POST https://host.isp.com/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected as 10.251.0.29, using SSL
Continuing in background; pid 11049
Connect Banner:
| Access to this system is restricted to authorized users. Unauthorized use is strictly prohibited. Information on this system may be intercepted, recorded, read, copied, and disclosed by and to authorized personnel for official purposes, including criminal investigations. Access or use of this system whether authorized or unauthorized, constitutes your awareness and consent to these terms. DISCONNECT IMMEDIATELY if you do not agree to the conditions stated in this warning.
|
How do I get the VPN to launch in the background?
I'm using ubuntu 16.04, openconnect 7.08, powershell 5.1, windows server 2016,
downloaded SSH-Sessions from http://www.powershelladmin.com/wiki/SSH_from_PowerShell_using_the_SSH.NET_library#Downloads
Well, I got it working using plink:
C:\bin\plink.exe -i C:\key.ppk ubuntu#10.1.43.11 "nohup /usr/local/sbin/InitializeVPN >/home/ubuntu/VPN.out 2>/home/ubuntu/VPN.err </dev/null &"
stdin, stdout, and stderr had to be redirected and use nohup.
I found it here: Getting ssh to execute a command in the background on target machine
Don't know if I'll take the time to get it working with PowerShell and SSH-Sessions now. Maybe if I need something more complex in the future.
Running chefdk on Windows 10 with hyperv.
I can use kitchen create to create Windows VMs and it works fine but I just tried a Linux VM and I'm getting this errror:
PS> kitchen create
-----> Starting Kitchen (v1.10.0)
-----> Creating <default-centos-72>...
Creating differencing disk for default-centos-72.
Created differencing disk for default-centos-72.
Checking for existing virtual machine.
Creating virtual machine for default-centos-72.
Created virtual machine for default-centos-72.
QBiA...AA== -outputformat Text ----
STDOUT:
STDERR: #< CLIXML
---- End output of c:\windows\sysnative\windowspowershell\v1.0\powershell.exe -noprofile -executionpolicy bypass -encodedcommand LgAg...AA== -outputformat Text ----
ProcessId: 18780
app_name: c:\windows\sysnative\windowspowershell\v1.0\powershell.exe
command_line: c:\windows\sysnative\windowspowershell\v1.0\powershell.exe -noprofile -executionpolicy bypass -encodedcommand LgAgAEM...BjADC0ASgBzAG8AbgAKAA== -outputformat Text
timeout: 600] on default-centos-72
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration
Now it does create a VM which I can manually ssh into via PuTTY or from cmd via openssh for Windows so I don't know why its hanging- looks like it can't access it.
This is my .kitchen.yml:
---
driver:
name: hyperv
parent_vhd_folder: c:\HyperV\VHDs\
parent_vhd_name: CentOS-7.vhdx
vm_switch: NAT
memory_startup_bytes: 2GB
provisioner:
name: chef_zero
transport:
password: MyPassw1!##
platforms:
- name: centos-7.2
suites:
- name: default
run_list:
- recipe[myrecipe::default]
attributes:
Edit- More info:
The server is configured for DHCP
When I look in .kitchen folder the logs are empty
.kitche\default-centos-72.yml only lists an id (don't know if thats supposed to have the admin name and IP in it like with rdp files?
I also tried pointing to a static IP in .kitchen.yml
#red888 Does the vm have the latest guest components? Does Hyper-V manager see the ip address associated to the vm nic? You can check that either in hyper-v manager or via Powershell
(get-vm 'your vm name').networkadapters[0].ipaddresses
If it does, please file an issue at https://github.com/test-kitchen/kitchen-hyperv and I'll be happy to dig deeper.
You'll want the latest integration components (I think 4.1 is the latest - https://www.microsoft.com/en-us/download/details.aspx?id=51612)
OK Steven was right, should have look into to this sooner.
This looks like it might be related to this bug.
As he suggested I found Hyper-V wasn't reporting the IP on the guest and I see this:
Disabling SELinux and rebooting seems to solve this error, I can see the guest's IP in Hyper-V and kitchen create works.
Is there a way to allow this service access without completely disabling selinux?
I suddenly started to recceive this warning when running any script on my computer:
Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your computer...
Screenshot:
The files are not blocked.
I have
checked in File Explorer > Properties.
used the Unblock-File cmdlet to unblock as well.
checked streams using cmdlet: Get-Content -Path '\\Path\Script.ps1' -Stream Zone.Identifier. No Streams found.
used Streams.exe from Sysinternals: streams.exe -d \\Path\Script.ps1. No files with streams found.
Also tried to remove streams with Powershell:
Remove-Item -Path \\Path\Script.ps1 -Stream Zone.Identifier
Of course without success as there are no streams.
Execution policy is Unrestricted.
When I run Set-ExecutionPolicy Bypass it works without warning.
It should, however, also work when it's unrestricted.
I honestly don't know what's going on.
After searching i found someone with similar issues and it was explained that Classic UNC paths will work without prompting to unblock the file:
\\Servername\Path...
However FQDN paths are not seen as safe by default and will prompt:
\\Servername.foo.local\Path...
My own testing confirms this to be correct as removing the .foo.local from the path causes the Unblock-File prompts to stop.
LGPE > gpedit.msc
Computer Configuration > Administrative Templates, > Windows Components, > Internet Explorer>expand Internet Control Panel.
Security Page > Intranet Sites: Include all local (intranet) sites not listed in other zones, and then click Properties.
Click Enabled.
Turn on automatic detection of the intranet, and then click Properties.
Click Disabled, and then click OK.
or registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"UNCAsIntranet" = "0"
The correct registry keys, name and value, to treat all local sites as part of the intranet zone, are:
Keys:
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Name: IntranetName
Type: DWORD
Value: 1
You can set this via PowerShell for the local machine (in an elevated prompt) like this:
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" -Name "IntranetName" -Type DWord -Value 1
See Intranet Sites: Include all local (intranet) sites not listed in other zones for more information about the group policy.
PS doesnot allow Scripts to run on system ENV by default.
you need to set the policy to unrestricted or remote signed
Use:
Set-ExecutionPolicy Remotesigned
OR
Set-ExecutionPolicy Unrestricted
Open the PS console and type this and press enter and then try running your script.