Issues with Web Front End app for background PS scripts with PS remoting inside

Bojan Zivkovic 486 Reputation points
2024-11-09T07:30:47.79+00:00

Hi, I have issues with Web Front End app (running on IIS) for background PS scripts with PS remoting inside:

$session = New-PSSession -ComputerName dcName -ConfigurationName 
           DomainAdmins

Invoke-Command -Session $session -ScriptBlock {...}
                                
Error: Cannot validate argument on parameter 'Session'. The argument is 
null or empty. Provide an argument that is not null or empty, and then try 
the command again. [dcName] An error has occurred which PowerShell cannot 
handle. A remote session might have ended.

Having converted $Error to JSON this line stands out:

"Message": "BinaryFormatter serialization and deserialization are disabled within this application. See aka.ms/binaryformatter for more information."

Is there anything to do here from my end or this is something vendor has to do?

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,580 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Rich Matheisen 47,466 Reputation points
    2024-11-09T16:15:17.6333333+00:00

    I think the depends on what the contents of the script block used in the Invoke-Command is doing.

    Is it returning an object or, for example, a simple string?

    Can you try returning the data as a JSON or XML string?

    0 comments No comments

  2. Bojan Zivkovic 486 Reputation points
    2024-11-09T18:03:49.2433333+00:00

    Well, I am not sure about this since it says Cannot validate argument on parameter 'Session'. The argument is null or empty.

    Having monitored outbound tcp/5985 I see no entries in WireShark so definitely remote session has not been established.

    For testing purposes whoami is the command in the ScriptBlock but even this fails:

    $result = Invoke-Command -ComputerName dcName -ScriptBlock {
            $data = whoami.exe
            $data | ConvertTo-Json
    } -ConfigurationName DomainAdmins -Credential $cred 
      -ErrorAction Stop
    

  3. Rich Matheisen 47,466 Reputation points
    2024-11-10T16:24:02.9233333+00:00

    You're using .Net version 6. The BinaryFormatter is disabled by default in that version (and every version from 5 and up).

    You can refer to this link for Preferred Alternatives and/or Recommended Actions regarding this breaking change:

    https://learn.microsoft.com/en-us/dotnet/core/compatibility/serialization/8.0/binaryformatter-disabled

    The BinaryFormatter can be reenabled at least up to and including .Net version 8.


  4. Bojan Zivkovic 486 Reputation points
    2024-12-05T18:13:50.6+00:00

    I have collected all event logs from source and target systems - nothing related to failed PS session ... I can't believe that reason why it failed is nowhere to be found.


  5. MotoX80 34,761 Reputation points
    2024-11-10T01:25:47.7033333+00:00

    Refer to

    https://learn.microsoft.com/en-us/answers/questions/2087893/web-front-end-for-ps-script-issues-with-ps-remotin?orderby=newest&page=1#answers

    I believe that we have already established that you are getting this error: OpenError: An error has occurred which PowerShell cannot handle. A remote session might have ended.

    image

    In my comment dated Oct 12, 2024, 11:39 AM to your first question, I made 4 suggestions. You replied to #1, but not to 2, 3, or 4.

    User's image

    It would seem logical to me that an analysis of the eventlogs on the target server (#4 that I posted) would be a good place to start troubleshooting.

    User's image

    or this is something vendor has to do?

    We forum users have no way of knowing what that 3rd party software is doing. We also have no way of knowing what security restrictions you have defined in AD or on individual machines.

    I don't have access to an AD environment so I used a local account to test with. I have my Win11 laptop running IIS and a Win10 VM that has remoting enabled. Both machines have an account named admin that has the same password. That account is in the Administrators group on both machines. I set up a one page site in IIS and set its worker process to run as the admin account. The site is set for anonymous access. I would think that any flavor of DotNet would work.

    This works because I set the app pool to run as the admin account end entered the password into the IIS config. That allows that account to authenticate to my test10 machine.

    Here is PSTest.ps1.

    $sb = {
        "<br>Running on {0}" -f $env:COMPUTERNAME
        "<br>Your name is {0}" -f  $env:USERNAME     
    }
    "<br>"
    get-date
    "<br>Whoami says that this script is running as: "
    whoami.exe
    "<br>Calling Invoke-Command<br> "
    Invoke-Command -ComputerName test10 -ScriptBlock $sb    
    

    Here is default.aspx.

    <%@ PAGE LANGUAGE="VB" EnableViewState="false" %>
    <%@ Import Namespace="System.Diagnostics" %>
    
    <SCRIPT RUNAT="SERVER">
        Dim LastFunc As String = ""
        
        Sub Say(ByVal m As String)
            Response.Write("<br>" & m)
        End Sub
    
        Sub Tester()    
            Try
                say ("IIS says that you are: " & Me.User.Identity.Name)
                Say (" ")
                Say ("Calling the Powershell script.")
                LastFunc = "Powershell"
                Dim consoleApp As New Process
                With consoleApp
                    .StartInfo.UseShellExecute = False
                    .StartInfo.RedirectStandardOutput = True
                    .StartInfo.RedirectStandardError = True
                    .StartInfo.FileName = "powershell.exe"
                    .StartInfo.Arguments = "c:\temp\PSTest.ps1"
                    .Start()
                    .WaitForExit()
                End With
    
                Say (consoleApp.StandardError.ReadToEnd())
                Say (consoleApp.StandardOutput.ReadToEnd())
        
            Catch ex As Exception
                Response.Write("<br>Fatal error in Tester<br>Last function was: " & LastFunc)
                Response.Write("<br>" & ex.Message)
                Response.End()
            End Try
        End Sub
    </SCRIPT>
     
    <html><body>
      <table align=center width=700px>
        <tr><td>Powershell Tester</td></tr> 
      </table>
      <table align=center width=700px>
        <tr><td><hr />
          <form id="frmMain" runat="server">    
             <%
                 Call Tester()  
             %>
          <br /><br /> <hr />
        </form>
      </td></tr> 
      </table>
    </body></html>
      
      
    

    The result should look like this.

    User's image

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.