PowerShell Access is denied. PSRemotingTransportException + FullyQualifiedErrorId : PSSessionStateBroken

Ajmal Moideen picture Ajmal Moideen · Jun 16, 2017 · Viewed 26.9k times · Source

I was trying to establish a remote connection to another system and execute some basic commands.

Below are the steps that I have done :

  • Configured the remote machine to accept Shell commands - Enable-PSRemoting – Force
  • Tested the configuration on remote machine - Test-WsMan COMPUTERNAME.
  • Executed the following commands on the host machine :

1.Invoke-Command -ComputerName COMPUTERNAME -ScriptBlock { Get-ChildItem C:\ } -credential USERNAME.

2.Invoke-Command -ComputerName COMPUTERNAME -ScriptBlock { Get-ChildItem C:\ } -credential $Credentials.

3.Invoke-Command -ComputerName COMPUTERNAME -ScriptBlock { Get-ChildItem C:\ }

In all the cases, we were getting access denied error :

Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. + CategoryInfo   : OpenError: (:) [], PSRemotingTransportException 
+ FullyQualifiedErrorId : PSSessionStateBroken

Answer

Moerwald picture Moerwald · Jun 16, 2017

From MSDN:

  1. Start Windows PowerShell as an administrator by right-clicking the Windows PowerShell shortcut and selecting Run As Administrator.

  2. The WinRM service is confi gured for manual startup by default. You must change the startup type to Automatic and start the service on each computer you want to work with. At the PowerShell prompt, you can verify that the WinRM service is running using the following command: get-service winrm The value of the Status property in the output should be “Running”.

  3. To configure Windows PowerShell for remoting, type the following command: Enable-PSRemoting –force

In many cases, you will be able to work with remote computers in other domains. However, if the remote computer is not in a trusted domain, the remote computer might not be able to authenticate your credentials. To enable authentication, you need to add the remote computer to the list of trusted hosts for the local computer in WinRM. To do so, type: winrm s winrm/config/client '@{TrustedHosts="RemoteComputer"}' Here, RemoteComputer should be the name of the remote computer, such as: winrm s winrm/config/client '@{TrustedHosts="CorpServer56"}'

You should check if the winrm is running. Also add your remote hosts to the trusted hosts list (or your local machine).

Hope that helps.