Asked by:
Active Directory error "-2147016672"
Question
-
Hi,
I am creating a script in ASP.NET C# to invoke cmdlets from Lync Server.
I want just list a user : Get-CsUSer and when i run the script i received the follow error code:
Active Directory error "-2147016672" occurred while searching for domain controllers in domain .
I run my script from my local machine developer (it is remote) to the server. The script is :
Runspace remoteRunspace = null; openRunspace("servidor:5985/wsman", "http://schemas.microsoft.com/powershell/Microsoft.PowerShell", @"\user", "senha", ref remoteRunspace); using (PowerShell powershell = PowerShell.Create()) { powershell.Runspace = remoteRunspace; powershell.AddScript("Import-Module Lync"); //funciona powershell.Invoke(); Pipeline pipeline = remoteRunspace.CreatePipeline(); string remoteScript = "Get-CsUser -Identity mmiranda"; pipeline.Commands.AddScript(remoteScript); Collection<PSObject> results = pipeline.Invoke(); remoteRunspace.Close(); return results; } public static void openRunspace(string uri, string schema, string username, string livePass, ref Runspace remoteRunspace) { System.Security.SecureString password = new System.Security.SecureString(); foreach (char c in livePass.ToCharArray()) { password.AppendChar(c); } PSCredential psc = new PSCredential(username, password); WSManConnectionInfo rri = new WSManConnectionInfo(new Uri(uri), schema, psc); //rri.AuthenticationMechanism = AuthenticationMechanism.Default; //rri.AuthenticationMechanism = AuthenticationMechanism.Kerberos; //rri.AuthenticationMechanism = AuthenticationMechanism.Basic; //rri.NoEncryption = true; rri.ProxyAuthentication = AuthenticationMechanism.Negotiate; remoteRunspace = RunspaceFactory.CreateRunspace(rri); remoteRunspace.Open(); }i don't know what to do anymore.
Help me.
My e-mail gersonczjr@hotmail.com
thx
All replies
-
Look at this blog post: http://gotspeechguy.com/2012/01/05/remote-powershell-and-lync/
.
Drago
http://www.lynclog.com
-
I tried it and the error persist.
Thanks
Now the error is :
((System.Management.Automation.ParentContainsErrorRecordException)(((System.Management.Automation.PSNotImplementedException)(remoteRunspace.Debugger)).ErrorRecord.Exception))
'remoteRunspace.InitialSessionState' threw an exception of type 'System.Management.Automation.PSNotImplementedException'
{Não é possível realizar a operação porque a operação "NewNotImplementedException at offset 143 in file:line:column <filename unknown>:0:0
" não está implementada.}- Edited by gersonczjr Saturday, September 15, 2012 2:44 PM
-
Hi,gersonczjr
Would you please verify that the user account you used has all the required permission?
Would you please use DCDiag tool to check the DC connectivity?
Although I am not very familar with scripts,I remeber I have seen a similar case with running Get-CsUser using C# is fixed by called
Enable-PsRemotingon ther server,you can try it to see if it also works for you.Regards,
Sharon
Sharon Shen
TechNet Community Support
************************************************************************************************************************Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.
-
-
Sorry,I am getting stuck now.Will do further research if I found any information will let you know.
Regards,
Sharon
Sharon Shen
TechNet Community Support
************************************************************************************************************************Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.
-
-
This is very old, but I came across this thread when I was trying to solve a similar issue. I believe this is the "dreaded" double-hop delegate credential issue. I believe PowerShell is not setup to pass your credentials to the remote computer and is trying to run everything from the local context. CredSSP has to be enabled on the client and the server to allow your credentials pass through the remote session.
This may not be specifically tied to C#, but it should get PowerShell remoting working, so that your C# script should work.
From the server:
Enable-WSManCredSSP -Role server
From the client:
Enable-WSManCredSSP -Role Client -DelegateComputer *
If the Enable command doesn't work on the client, I believe WinRM has to be enabled first. Go to Services, Locate "Windows Remote Management (WS-Management)" and start the service. Now try to re-run the enable command on the client.
Note, DelegateComputer can be used to make sure that you are only passing Credentials to the appropriate computer(s). In this case, we are specifying that any computer is okay, you may want to isolate it to only specific servers or domains.
Once CredSSP is successfully setup, attempt to create your PowerShell remote session again. However, this time, set the authentication to CredSSP.
$lyncSession = New-PSSession -ComputerName <Server Name> -Credential (Get-Credential) -Authentication Credssp
You may continue to have problems if you don't have the appropriate rights to run PowerShell commands. At this point, add your account to RTCUniversalServerAdmins in Active Directory. I have heard RTCUniversalServerReadOnlyGroup works as well, but I have not tested it.
More Information on that here: Group membership requirements for Lync
- Proposed as answer by AndyHJ Wednesday, January 6, 2016 3:00 PM
-
We still encounter the same problem. DC and lync server are on different servers.
If we call Get-CsRgsAgentGroup in a powershell on the lync server we get the correct response but if i create a pssession to the lync server we get the Active Directory error "-2147016672".
Remote-pssession is enabled and Enable-WSManCredSSP has run on both local pc and remote server.
We also have added the user to the RTCUniversalServerAdmins but still no luck. also the authentication of the pssession has been set to Credssp- Edited by Sam Van Daele Thursday, January 14, 2016 12:56 PM
-