百敬老師之前在推廣活動上說,他認為 PowerShell 是近期最值得投資的技能,相信以他的身份地位及眼光,絕對是不會錯的,可惜的是一直沒有機會可以實際應用,最近剛好有專案可以試試,當然要來感受大師推薦語言的魔力。
未加入 domain 的錯誤
New-PSSession -ComputerName 192.168.31.247
連線時加入 Credential
New-PSSession -ComputerName 192.168.31.247 -Credential
Get-Service WinRm
Start-Service WinRm
可以啟用 WinRM ServiceEnter-PSSession -ComputerName localhost
Enable-PSRemoting –force
電腦名稱
or IP
加入信任清單
winrm s winrm/config/client '@{TrustedHosts="ComputerName"}'
Set-Item WSMan:\localhost\Client\TrustedHosts "ComputerName"
Restart-Service WinRM
WinRM quickconfig
有設定信任清單但未指定 Credential
New-PSSession : [Yowko-Server2016] Connecting to remote server Yowko-Server2016 failed with the following error message : Wi
nRM cannot process the request. The following error with errorcode 0x8009030e occurred while using Negotiate authentication:
A specified logon session does not exist. It may already have been terminated.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTT
PS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information, see
the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ComputerName Yowko-Server2016
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTran
sportException
+ FullyQualifiedErrorId : 1312,PSSessionOpenFailed
Access is denied.
Win 10 --> Server 2016
Server 2016 --> Win 10
New-PSSession : [192.168.31.102] 連線到遠端伺服器 192.168.31.102 失敗,傳回下列錯誤訊息: 存取被拒。 如需詳細資訊,請參閱 about_Remote_Troubleshooting 說明主題。位於 線路:1 字元:1 + New-PSSession -ComputerName 192.168.31.102 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTran sportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
New-PSSession : [Yowko-Server2016] Connecting to remote server Yowko-Server2016 failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:1 + New-PSSession -ComputerName Yowko-Server2016 -Credential administrato ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTran sportException + FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
The WinRM client cannot process the request
New-PSSession : [192.168.31.102] 連線到遠端伺服器 192.168.31.102 失敗,傳回下列錯誤訊息: WinRM 用戶端無法處理該要求。若驗證配置與 Kerberos 不同,或是用戶端電腦沒有加入網域, 則必須使用 HTTPS 傳輸,或是將目標電腦新增到 TrustedHosts 組態設定中。 請使用 winrm.cmd 來設定 TrustedHosts。請注意,可能不會驗證在 TrustedHosts 清單中的電腦。 您可以執行下列命令,以取得相關的詳細資訊: winrm help config。 如需詳細資訊,請參閱 about_Remote_Troubleshooting 說明主題。位於 線路:1 字元:1 + New-PSSession -ComputerName 192.168.31.102 -Credential "y****** ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException + FullyQualifiedErrorId : ServerNotTrusted,PSSessionOpenFailed
New-PSSession : [Yowko-Server2016] Connecting to remote server Yowko-Server2016 failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.At line:1 char:1 + New-PSSession -ComputerName Yowko-Server2016 -Credential administrato ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTran sportException + FullyQualifiedErrorId : ServerNotTrusted,PSSessionOpenFailed
WinRM cannot complete the operation.
連線時加上
-UseSSL
New-PSSession : [YowkoMac-WIN10] 連線到遠端伺服器 YowkoMac-WIN10 失敗,傳回下列錯誤訊息: WinRM 無法完成作業。 請確認指定的電腦名稱有效、可經由網路連接電腦,而且 WinRM 服務的防火牆例外已啟用且可從這部電腦存取。 依預設,公用設定檔的 WinRM 防火牆例外會限制相同本機子網路內對遠端電腦的存取。 如需詳細資訊,請參閱 about_Remote_Troubleshooting 說明主題。位於 線路:1 字元:1 + New-PSSession -UseSSL -ComputerName YowkoMac-WIN10 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTran sportException + FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionOpenFailed
New-PSSession : [192.168.31.247] Connecting to remote server 192.168.31.247 failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.At line:1 char:1 + New-PSSession -UseSSL -ComputerName 192.168.31.247 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTran sportException + FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionOpenFailed
PowerShell 不用編譯相當棒,百敬老師也非常推崇,可以直接看到程式碼,可以馬上做調整。
就我自己使用上來看,PowerShell 進入障礙是比較高的,相當於 Microsoft 的 VB 及 C# 而言,學習資料不僅較少也較沒系統性,容易造成卡關。雖然 ISE 開發工具已經非常好用,但被 Visual Studio 慣壞的我 還是覺得 intellisense 效果及提示相當不足。
而實際設定上也容易出現提示不明確與文件難以搜尋的困難。
不過我還是相當推薦來當作 Server 管理工具,還是方便許多。