none
Powershell 5.0 and workflow Restart-Computer over an SSL connection RRS feed

  • General discussion

  • Hi all,

    I've started exploring PowerShell workflows for our remote administration needs and I've hit what I think might be a bug in the Restart-Computer workflow activity. Here's the walkthrough of our steps. PS functions and workflows are run from an "admin" machine, targeting remote servers (from step 2):

    1. Spin up a new Windows 2012R2 VM.

    2. Install a server SSL certificate.

    3. Enable SSL PS remoting (enable a WinRM HTTPS listener, add a firewall rule, remove the HTTP listener and disable WinRM HTTP firewall rules).

    4. Register a client SSL certificate on the server, so that we can use PSUseSsl and PSCertificateThumbprint instead of PSCredential for running remote workflows.

    5. Run a workflow that will download and install WMF 5.0, reboot the machine, wait for it and install some additional prerequisites.

    Now, I've hit the problem with step #5: it looks like Restart-Computer workflow activity does not pick up the PSCertificateThumbprint workflow parameter and throws an "access denied" error when run and there is an audit failure logged in the Windows Security event log.

    If I don't use the PSCertificateThumbprint and pass in a PSCredential to the workflow, the computer reboots. However, Restart-Computer seems to be using the WinRM HTTP endpoint to check if the target machine is back up when using the -Force parameter, since the command hangs there until I RDP into the target machine and re-enable the HTTP listener (by simply running winrm qc).

    As a side note, PSCertificateThumbprint parameter works perfectly well for authentication with our workflows, as well as CertificateThumbprint parameter when using Invoke-Command.

    Am I doing something wrong here, or is this indeed a bug?

    Thank you,
    Marko

    Wednesday, October 26, 2016 3:24 PM

All replies

  • We'd have to reproduce your environment to see if we get the same behavior.

    You may need to open a support incident. (Reminder: This is a peer support forum, not an official support channel.)

    I would also recommend searching the PowerShell uservoice and GitHub resources.


    -- Bill Stewart [Bill_Stewart]

    Wednesday, October 26, 2016 3:49 PM
    Moderator
  • Hi Bill,

    Thanks for a quick reply. I just did a bit more testing and confirmed the same behaviour with a test workflow when Powershell 5.0 is already installed on a Win2012R2 server.

    Where would be the best place to report this?

    Also, how detailed should the report be? For example, do I need to specify how to configure HTTPS listener and client SSL certificate connectivity?

    Thank you,
    --
    Marko

    Wednesday, October 26, 2016 4:09 PM
  • I already posted links where you can report your issue. Also, remember this is a scripting forum rather than a configuration support or bug reporting forum.

    -- Bill Stewart [Bill_Stewart]

    Wednesday, October 26, 2016 4:21 PM
    Moderator
  • Restart the computer after installing and configuring SSL.

    \_(ツ)_/

    Wednesday, October 26, 2016 6:40 PM