Home > other >  PS script successfully connects to domain machines but cannot connect to subdomain machines
PS script successfully connects to domain machines but cannot connect to subdomain machines

Time:04-21

I am writing a script to remotely manage machines within the company network.
When accessing main domain machines, I have no issue. (Ex: machine1.bill.ca)
When attempting to connect to subdomain machines, it fails. (Ex: machine2.bob.bill.ca)

I first get the full hostname through the DNS:

        }elseif($Temp -is [array]){
            $Ret = @()
            foreach($a in $temp){
                try{
                    $a = [System.Net.Dns]::GetHostByName($a).HostName
                    $Ret  = $a
                }catch{ Write-Host '[-]'$a 'unreachable' }
            }
            if([string]::IsNullOrWhiteSpace($Ret)){ VNCO-Return }
        }else{
            try{ $Ret = [System.Net.Dns]::GetHostByName($Temp).HostName }catch{
                Write-Host '[-]'$Temp 'unreachable'
                VNCO-Return
            }
        }

The target is then returned and used to create a session:

                try{
                    $ErrorActionPreference = "Stop"
                    Write-Host '[*] Starting remote connection'
                    $Sess = New-PSSession -ComputerName $Target -Credential $global:Cred
                    foreach ($s in $Sess){ USRC($s) }
                }catch{
                    Write-Host '[-] Some targets may not have WinRM configured'
                    Write-Host '[*] Starting WinRM configuration mode'
                    foreach($t in $Target){
                        try{ UST($t) }catch{
                            try{
                                WinRM($t)
                                UST($t)
                            }catch{ Write-Host '[-] Could not connect to'$t }

Stuff is then supposed to be executed on the remote target:

function UST($t){
    $s = New-PSSession -ComputerName $t -Credential $global:Cred
    USRC($s)
}
function USRC($s){
    Invoke-Command -Session $s -ScriptBlock {
        *doing stuff*
        Write-Host '[ ] Settings successfully updated on'$env:COMPUTERNAME
    }
}

It works on every bill.ca machine I've tested so far (200 )
It works on none of the bob.bill.ca machines I've tested so far (30-ish)
The credentials I am using have the same rights on bill.ca and bob.bill.ca.
Machines on bob.bill.ca can be pinged and the dns returns the hostname without any issues.
Yet, the script fails to connect to any machine on bob.bill.ca.

CodePudding user response:

It was a trustedhost issue. Ran PS as admin and executed this command:

PS C:> Set-item wsman:localhost\client\trustedhosts -value *

Issue was resolved

CodePudding user response:

Not really an answer to the question, but wanted to mention the first block above could be simplified with:

$ret = $Temp | ForEach-Object {
               $a = $_; $n = $null
               try   { $n = [System.Net.Dns]::GetHostEntry($a).HostName }
               catch { Write-Host "[-] $a 'unreachable'" }
               Write-Output $n
             } | Where-Object {$_}

if (-not $ret) { Vnco-Return }

If $Temp isn't an array, it's still treated as one holding a single element. And Where-Object treats $null or empty string as $false. (-not $ret) treats an empty array as $false. The block above it produces an array.

I replaced GetHostByName() with GetHostEntry() because I saw mention that the former is deprecated.

Can also try this to see if it returns something different...

function Get-MyHost($IPOrName) {
    $comp = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $IPOrName
    return (@($comp.Name, $comp.Domain) -Join '.')
}
  • Related