locked
Invoke-Command not working with App-v Server Refresh for RTSP RRS feed

  • Question

  • Hi,
    We tried to run the command "Invoke-Command -ComputerName DestComp -ScriptBlock {sftmime refresh server:test}; where test is a softgrid publishing RTSP server using 554 port.

    The Refresh is being unsuccessful with the error "The server will not allow a connection without valid NTLM credentials " xxxxxx0A-00002002

    when "test" is a http server the Server Refresh is working properly. 80 port

    Our Winrm configuration has been set with http:80 to run commands remotely. We tried to set Winrm to 554 port and the refresh is again unsuccessful.

    Any help will be appreciated.

    Thanks,
    Subrat,Ravi
    Friday, February 19, 2010 9:45 AM

Answers

  •  Below steps need to be followed to resolve this issue.

     

    1.       Open “Local Group Policy Editor”  (Gpedit.msc)

    2.       Go to Computer Configuration -> Administrative Templates ->System-> Credential Delegation-> Allow Delegating Fresh Credentials.

    3.       Enable above setting and configure for the server as "myserver.domain.com", the SPN cmyserver.domain.com or WSMAN/*.domain.com.

    (I am not sure if above configuration alone will work. So I configured all the settings under Credential Delegation Node)

    4.       Refresh server using below command

    Invoke-Command -ComputerName localhost -ScriptBlock { sftmime refresh server:test } -Authentication Credssp -Credential "dom5\administrator"

    • Proposed as answer by znack Thursday, February 25, 2010 9:32 AM
    • Marked as answer by Aaron.ParkerModerator Saturday, November 17, 2012 1:49 PM
    Thursday, February 25, 2010 7:33 AM

All replies

  • Hi Znack,

    Thanks for the quick reply.  unfortunately, this is not my issue. If I try to execute server refresh with APPV client or with APPV commandline,  It was successful.

    Issue is with the execution of server refresh through "Inovke-Command" and using Winrm settings for Remote scenario.

    Invoke-Command -ComputerName DestComp -ScriptBlock {sftmime refresh server:test}

    In some posts related to powershell winrm, I found that transmission of packets are through HTTP for remote scenario for the commands executed. I am curious to know if the packets formed by APPV client RTSP transport are being wrapped by HTTP headers.

    Thanks,
    Subrat
    Friday, February 19, 2010 10:05 AM
  • Hello,

    Under what user-context would that command be running?

    /Znack
    Friday, February 19, 2010 10:07 AM
  • Hi Znack,
    Under Administrator User Context Command will be running.
    Friday, February 19, 2010 10:09 AM
  • Hello,

    Well - would that be a local account or a domain account?

    /Znack
    Friday, February 19, 2010 10:43 AM
  • That is Domain Account, The same account has been added in the Administrator group of local Account
    Friday, February 19, 2010 11:35 AM
  • On the server, there is a log file, too (sft-server.log in the App-V Management Server's program folder). This might state some more usefull information.
    The http-queries are not "just wrapping RTSP", they use different mechanisms. As you just experience, RTSP encorporates Autehtnication and Authorization, whereas http-queries don't use that (normally).


    Falko
    Friday, February 19, 2010 3:17 PM
    Moderator
  • Below steps need to be followed to resolve this issue.

     

    1.       Open “Local Group Policy Editor”  (Gpedit.msc)

    2.       Go to Computer Configuration -> Administrative Templates ->System-> Credential Delegation-> Allow Delegating Fresh Credentials.

    3.       Enable above setting and configure for the server as "myserver.domain.com", the SPN cmyserver.domain.com or WSMAN/*.domain.com.

    (I am not sure if above configuration alone will work. So I configured all the settings under Credential Delegation Node)

    4.       Refresh server using below command

    Invoke-Command -ComputerName localhost -ScriptBlock { sftmime refresh server:test } -Authentication Credssp -Credential "dom5\administrator"

    Thursday, February 25, 2010 7:33 AM
  •  Below steps need to be followed to resolve this issue.

     

    1.       Open “Local Group Policy Editor”  (Gpedit.msc)

    2.       Go to Computer Configuration -> Administrative Templates ->System-> Credential Delegation-> Allow Delegating Fresh Credentials.

    3.       Enable above setting and configure for the server as "myserver.domain.com", the SPN cmyserver.domain.com or WSMAN/*.domain.com.

    (I am not sure if above configuration alone will work. So I configured all the settings under Credential Delegation Node)

    4.       Refresh server using below command

    Invoke-Command -ComputerName localhost -ScriptBlock { sftmime refresh server:test } -Authentication Credssp -Credential "dom5\administrator"

    • Proposed as answer by znack Thursday, February 25, 2010 9:32 AM
    • Marked as answer by Aaron.ParkerModerator Saturday, November 17, 2012 1:49 PM
    Thursday, February 25, 2010 7:33 AM
  • Gud Job Ravi.... Thanx for coming up with a resolution....
    Friday, February 26, 2010 6:22 AM