Unable to execute powershell scripts on few production servers.

[gangadhar01a]

Hi,

I am able to execute commands on remote nodes via Rundeck, except powershell scripts and we are using winRM for file copier. As I am able to execute the commands which means no firewall issues, can you please point me to the right direction to fix the issue.

Below I will provide the rundeck project configuration, winRM and error details

Rundeck project configuration:

"#Thu Feb 14 19:19:05 PST 2019
#edit below
project.description=
project.disable.executions=false
project.disable.schedule=false
project.file-copy-destination-dir=C:\Users\rundeck.svc\
project.jobs.gui.groupExpandLevel=1
project.label=
project.name=WMS
project.nodeCache.delay=30
project.nodeCache.enabled=true
project.winrm-auth-type=kerberos
project.winrm-cert-trust=all
project.winrm-cmd=CMD
project.winrm-hostname-trust=all
project.winrm-password-storage-path=keys/demo/rundeck
project.winrm-protocol=https
project.winrm-user-option=rundeck.svc
resources.source.1.config.cache=true
resources.source.1.config.timeout=30
resources.source.1.type=url
resources.source.2.config.file=/var/rundeck/projects/wms/etc/resources.xml
resources.source.2.config.format=resourcexml
resources.source.2.config.generateFileAutomatically=false
resources.source.2.config.includeServerNode=false
resources.source.2.config.requireFileExists=false
resources.source.2.type=file
service.FileCopier.default.provider=overthere-winrm
service.NodeExecutor.default.provider=overthere-winrm"

winRM config on remote node:
PS C:\Windows\system32> winrm g winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = * [Source="GPO"]
IPv6Filter = * [Source="GPO"]
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true [Source="GPO"]
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 10
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 25
MaxMemoryPerShellMB = 1024
MaxShellsPerUser = 30

Error:
[overthere-winrm:prod-sb-wmsapp2.hautelook.local] failed: WinRM Error: Error when sending request to https://prod-sb-wmsapp2.hautelook.local:5986/wsman Request: <env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope">

Note: I am able to execute the commands on remote node except the powershell script.

My Rundeck detail

• Rundeck version: [ 2.11.3-1]
• install type: [rpm]
• OS Name/version: [centos 7]
• DB Type/version: [choose: mysql ]

To Reproduce
Steps to reproduce the behavior:
set up project with
Default node executor: winRM
Default node file copier: winRM
Workflow has the following command to execute
powershell.exe -File "//corpshares/tech/servicerestart.ps1"
(servicerestart.ps1 - Script placed on share)

[v-2vinty]

@gangadhar01a Did you find solution to this problem yet? So far i have narrowed the issue down to rundeck server looking up for wrong kerberos service record in DNS. In my case its trying to lookup "_kerberos._udp.IS01-RUNDEK-003.CVENT.NET" where is01-rundek-003 is not the name of a domain controller. Any idea how rundeck server comes up with this srv record name??

[ltamaster]

Hi @gangadhar01a,
Are you using an administrator user?