Enter-PSSession : Connecting to remote server failed…

A while ago I came across an interesting problem I’d like to share with you. Running Enter-PSSession command from one particular terminal server always failed with following error message:
Enter-PSSession_01
To make the matters worse, that terminal server was our management server, that is the single server that is used to manage a few thousand workstations. I was pretty sure that the remote host client2 was reachable, and configured correctly, because I was able to connect to it from other servers using the same command. But still this single terminal server refused to connect to the client. I tried everything I could come up with or find on the Internet, but to no avail. I was determined to fix this, so I waited for the night hours to have management server free of users and I sniffed the network communication while running the Enter-PSSession repeatedly. In the network sniff I saw a very strange DNS queries for some host “proxy-server” which did not exist in our network.
Enter-PSSession_02
Finally I got some lead and I started to Google for description of how PowerShell uses proxy server configuration. I found out that it is using proxy setting configured for the “SYSTEM” account. I checked the proxy configuration for that account and I found out that my colleague has accidentally configured a non existing proxy server on this management server.
Enter-PSSession_03
I changed the settings back to “none” proxy server using the netsh native command.
Enter-PSSession_04
Running the Enter-PSSession command again I immediately saw that the server was able to reach “client2” and that the communication was successfully started:
Enter-PSSession_05
Enter-PSSession_06
In the screenshot you can see a Kerberos ticket request for client2, followed by DNS query for client2 and finally HTTP communication for the Enter-PSSession command.

This also meant that I was finally able to enter a PSSession and the problem was fixed.

Advertisements

Windows machine as a router

ImWindows machine as a routeragine that you have your home network connected with your friend’s network using OpenVPN open source VPN solution. Your friend want to access your media server in your network to see pictures from the party, or access your game server running on your laptop. VPN is connected, but he is not able to reach your computer…

It’s because on your windows machine running OpenVPN server you didn’t enable routing, so windows machine is not acting as a router and all packets end on the OpenVPN server itself without being forwarded to your home network.

To enable routing functionality of your windows machine create in reg key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters value of type REG_DWORD IpEnableRouter =1. After reboot of the system it will act as router and start routing packets according to it’s routing table.