question

GlennMaxwell-2309 avatar image
0 Votes"
GlennMaxwell-2309 asked RachelGomez-6867 answered

syntax error

Hi All

i am using the below syntax. i am connected to server01 and trying to execute the below syntax.
i.e i am connected to server01 and remoting it to server02 and executing.
when i directly run on server02 i dont see any issue but facing issue with remoting. i have also installed dns module on server01
I am using Account01 and when prompted for credentials i am giving it.
i am getting error Failed to get the zone information for mydomain.com mydc01

azure-active-directorywindows-server-powershellwindows-server-2019windows-server-2016windows-dhcp-dns
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RichMatheisen-8856 avatar image
0 Votes"
RichMatheisen-8856 answered

I think you'll find that you're encountering the "Second Hop" problem. You can't use the credentials passed from local machine to SERVER02 when your Get-DnsServerResourceRecord tries to connect to MYDC01. The cmdlet uses WMI/CIM and it's probably being denied permission. The reason, I'm guessing, is probably an error "5" or "1722".

 # create session from local machine (machine #1) to SERVER02 (machine #2)
 $session = New-PSSession -ComputerName server02 -Credential Account01
 # Run Invoke-Command on SERVER02 (machine #2)
 Invoke-Command -Session $session -ScriptBlock {
     try {
         Write-Host $env:COMPUTERNAME;
         # Try connecting to MYDC01 (machine #3) from Server02 (machine #2)
         $dnsrecords = Get-DnsServerResourceRecord -ZoneName mydomain.com -ComputerName mydc01 -ErrorAction Stop | 
             Where-Object { $_.RecordType -eq "A" -Or $_.RecordType -eq "CNAME" } | 
                 ConvertTo-Json
         Write-Host $dnsrecords
         # Note: $dnsrecords never returned to SERVER02!
     }
     catch {
         $_  # return $Error[0] to Server02
     }
 }
 # remove session with SERVER02 (machine #2)
 Remove-PSSession -session $session
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RichMatheisen-8856 avatar image
0 Votes"
RichMatheisen-8856 answered

This looks just like the problem posted by @MdaKhmm-4292 with the subject "unable to fetch the information" (unable-to-fetch-the-information.html)

I'll ask for the same information I did in that topic:

How about posting the error message? The FullyQualifiedErrorId might be telling you what the problem is.

Change line 9 in your script to just "$<underbar>" instead of "Failed".




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GlennMaxwell-2309 avatar image
0 Votes"
GlennMaxwell-2309 answered RichMatheisen-8856 commented

line 9 can i use in this format
return "Failed: $Error[0]"

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

True, but "Failed: " doesn't add any information. Also, in the case of a "Catch" block "$<underbar>" is the same as "Error[0]".

Also, you haven't used "ErrorAction STOP" on the Get-DnsServerResourceRecord cmdlet. Your catch block won't be run in the case of a non-terminating error -- and the Invoke-Command won't receive the DNS data you expect, or the "Failed" string.

0 Votes 0 ·
GlennMaxwell-2309 avatar image
0 Votes"
GlennMaxwell-2309 answered

please help in editing the syntax

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GlennMaxwell-2309 avatar image
0 Votes"
GlennMaxwell-2309 answered RichMatheisen-8856 commented

i am using domain admin account but still i am getting the below error

$session = New-PSSession -ComputerName server02 -Credential account1
Invoke-Command -Session $session -ScriptBlock {
try {
Write-Host $env:COMPUTERNAME;
$dnsrecords = Get-DnsServerResourceRecord -ZoneName mydomain.com -ComputerName mydc01 -ErrorAction Stop | Where-Object { $.RecordType -eq "A" -Or $.RecordType -eq "CNAME" } | ConvertTo-Json
Write-Host $dnsrecords
}
catch {
$_
}
}
Remove-PSSession -session $session
server02
Get-DnsServerResourceRecord : Failed to get the zone information for mydomain.com on server mydc01.
At line:4 char:15
+ ... nsrecords = Get-DnsServerResourceRecord -ZoneName mydomain.com ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (mydomain.com:root/Microsoft/...rResourceRecord) [Get-DnsServerResourceRecord], CimException
+ FullyQualifiedErrorId : WIN32 5,Get-DnsServerResourceRecord

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Well, there's your answer: WIN32 5. Error 5 is Permission denied.

Use what ever account you want but you cannot reuse that credential to connect to another machine. That's not the way Kerberos works.

ps-remoting-second-hop

Why aren't you just using Invoke-Command mydc01 -credential (Get-Credential) -ScriptBlock {...}? Why use Server2?



0 Votes 0 ·
JamesHamil-MSFT avatar image
0 Votes"
JamesHamil-MSFT answered

Hi @GlennMaxwell-2309 , did you see the follow up from Rich? Try using Invoke-Command mydc01 -credential (Get-Credential) -ScriptBlock .

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RachelGomez-6867 avatar image
0 Votes"
RachelGomez-6867 answered

Syntax errors are mistakes in the source code, such as spelling and punctuation errors, incorrect labels, and so on, which cause an error message to be generated by the compiler. These appear in a separate error window, with the error type and line number indicated so that it can be corrected in the edit window.If a syntax error appears, check to make sure that the parentheses are matched up correctly. If one end is missing or lined up incorrectly, then type in the correction and check to make sure that the code can be compiled. Keeping the code as organized as possible also helps.

Regards,
Rachel Gomez

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.