none
PowerShell Remoting - Cannot access the local farm

    Question

  • Hi,

    I'm trying the access my SharePoint 2013 farm with a PowerShell Remote Session.

    But it won't work.

    Here's what I've tried/done so far:

    On the server I've entered theses commands to enable remote sessions.

    try{Enable-PSRemoting -Confirm:$false}catch{$Error}
    Set-Item WSMan:\localhost\Client\TrustedHosts "RemoteComputer" -Force
    Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 1024
    restart-Service WinRM -Confirm:$false

    On the client I enter this commands to access the remote server.

    PS E:\PowerShell-PowerUp> $Session = New-PSSession -ComputerName spserver
    -Credential (Get-Credential)
    
    cmdlet Get-Credential at command pipeline position 1
    Supply values for the following parameters:
    Credential
    PS E:\PowerShell-PowerUp> Enter-PSSession $Session
    [spserver]: PS C:\Users\SP1_Admin\Documents> Add-PSSnapin Microsoft.ShareP
    oint.PowerShell
    [spserver]: PS C:\Users\SP1_Admin\Documents> Get-SPFarm
    Cannot access the local farm. Verify that the local farm is properly
    configured, currently available, and that you have the appropriate permissions
    to access the database before trying again.
        + CategoryInfo          : InvalidData: (Microsoft.Share...SpCmdletGetFarm:
       SpCmdletGetFarm) [Get-SPFarm], SPCmdletException
        + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SpCmdletGetFarmAn

    In addtion I can give these informations:

    • The user is psshell admin, is local administrator and has enough privilegs on the sharepoint.
    • This worked well before on SharePoint 2010 I've updates to SharePoint 2013

    I appreciate every kind of help, a good tip, hint or even the right solution.

    kind regards

    Janik

    vendredi 11 avril 2014 06:58

Toutes les réponses

  • You need to run the commands in an invoke-Command script block. See here for a full guide:

    http://blogs.msdn.com/b/varun_malhotra/archive/2010/06/10/configure-power-shell-for-remote-use-of-sp-2010.aspx

    The solution for your situation starts at 'Store and use credentials for scripting'

    vendredi 11 avril 2014 08:33
  • The code I've showed you is a simplified version of the original script. Indeed I'm already executing these commands in an invoke-command script block.

    However the output is the same.

    One presumption for this problem could be the different PowerShell versions I'm using.

    Server has got PS v4

    and the client has got PS v2

    Could this be a problem?

    I'm also not shure about the CredSSP configurations. As you can see I don't configure anything related to CredSSP. Is this a requirement for remote access in Windows Server 2012 R2?

    Thanks for your help.

    vendredi 11 avril 2014 10:56
  • The version of PowerShell shouldn't be a problem, although i can't remember if i've used PS v4 with 2013, by default it only shipped with v3.

    What happens if you run the following line to replace your current Add-PSSnapin..

    Invoke-Command -Session $session -ScriptBlock{Add-PsSnapin Microsoft.SharePoint.PowerShell}

    Since you're authenticating seperately you might not need the CredSSP part, it's something you configure once rather than each time.
    vendredi 11 avril 2014 13:10
  • Thanks for your help Alex

    But sadly as I expected it didn't work.

    PS C:\Users\vonrotz> $Session = New-PSSession -ComputerName spserver -Credential (Get-Credential)
    
    Cmdlet Get-Credential an der Befehlspipelineposition 1
    Geben Sie Werte für die folgenden Parameter an:
    Credential
    PS C:\Users\vonrotz> Invoke-Command -Session $session -ScriptBlock{Add-PsSnapin Microsoft.SharePoint.PowerShell}
    PS C:\Users\vonrotz> Invoke-Command -Session $session -ScriptBlock{Get-SPFarm}
    Cannot access the local farm. Verify that the local farm is properly
    configured, currently available, and that you have the appropriate permissions
    to access the database before trying again.
        + CategoryInfo          : InvalidData: (Microsoft.Share...SpCmdletGetFarm:SpCmdletGetFarm) [Get-SPFarm], SPCmdletE
       xception
        + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SpCmdletGetFarm
    
    PowerShell v4 comes with Windows Server 2012 R2.

    vendredi 11 avril 2014 13:35
  • Hi Alex,

    Have you ever heard of double hopping?

    http://social.technet.microsoft.com/Forums/scriptcenter/en-US/f5cec410-817c-43ec-a93d-4ff43c7a489e/invokecommand-lose-credentials

    I'm going to install the credssp for authentication, mybe that's the solution.

    mardi 29 avril 2014 10:48
  • Hi Janik,

    do you still need a solution for this issue?

    Regards,
    Friedrich 

    1. Configure SharePoint Server with

    Enable-PSRemoting -Force
    Enable-WSManCredSSP -Role Server -Force

    2. Configure Client with

    Enable-PSRemoting -Force
    Enable-WSManCredSSP -Role Client -DelegateComputer * -force

    3. Create an SPN for the SharePoint computer account with (you can also work with GPOs or certificates)

    setspn -a WSMAN/<SharePoint Computer Account> <SharePoint Computer Account
    setspn -a WSMAN/<SharePoint Computer Account FQDN> <SharePoint Computer Account>

    Here is a demo code for the remote access:

    $crd = Get-Credential
    $script = { <enter your code here> }
    $session = New-PSSession -computername "<sharepointserver>" -Authentication CredSSP -Credential $crd
     $ret = Invoke-Command -session $session -scriptblock $script
     $session | Remove-PSSession

    mardi 9 décembre 2014 14:42
  • Hi Janik,

    Any conclusion about this issue?

    vendredi 8 juillet 2016 01:21
  • I think this is definitely a double hop issue.  Enable CredSSP on both the server and the client.  That resolved the issue for me.
    mercredi 13 juin 2018 13:07