none
Remote WDSUtil and "the user has not been authenticated" RRS feed

  • Question

  • Running Windows 2012 with WDS installed. We have a script that works locally. However, I cannot figure out how to execute it remotely from a non-WDS server. It comes down to the WDSUTIL command, when executed remotely via PowerShell like:

    Invoke-Command -ComputerName $WDSServer -Script "WDSutil /Remove-Image /Image:MyTestImage /ImageType:Install /ImageGroup:Windows2008"

    always returns:

    Error Code: 0x4DC
    Error Description: The operation being requested was not performed because the user has not been authenticated.

    I tried specifying -Credentials and -Authentication but did not find a working combination. How does one execute WDSUtil remotely?

    Friday, April 11, 2014 9:40 PM

All replies

  • Hi,

    Please try Enter_PSSession, with it you can start an interactive session with remote computer.

    Enter-PSSession

    http://technet.microsoft.com/en-us/library/hh849707.aspx

    If it still doesn’t help. Please share the entire error message with us.

    Hope this helps.

    Monday, April 14, 2014 3:35 AM
    Moderator
  • I am confused. As mentioned in my question, this is a script, and my understanding is "Enter-PSSession is designed for interactive use only... not for scripting." - This is automation scripting, and is executing from an orchestrator. WDSUtil is useable in a local script, but I have not found out how to use it via a remote script.

    Monday, April 14, 2014 6:11 PM
  • Hi,

    Enter-PSSession is just like Invoke-Command. Enter-PSSession keeps the session, you can run several commands as you type it on remote computer. Invoke-command close the session after running the following command.

    For the difference you can refer to this blog.

    In order to run this script, we should remote to WDS server, then run scripts.

    First, use Enter-PSSession confirm can remote to WDS. Then confirm we can run scripts. I think we can try another computer

    I just found an article about this error, for your information:

    System Error Codes (1000-1299)

    http://msdn.microsoft.com/en-us/library/windows/desktop/ms681383(v=vs.85).aspx

    Hope this helps.

    Wednesday, April 16, 2014 2:07 AM
    Moderator
  • I am sorry, I am not making myself clear. This is automation, no human intervention. A script runs on an orchestrator server (Same domain, full domain admin credentials) and it needs to execute WDSUtil commands on a remote WDS.

    Enter-PSSession does not help, it actually makes it worse, it cannot access WDSUtil even when using the fully qualified path "& C:\Windows\System32\WDSUtil.exe". The documentation I found indicates *-PSSession is for interactive use, I need a non-interactive script solution that does:

    Invoke-Command -ComputerName $WDSServer -Script "WDSutil /Remove-Image /Image:MyTestImage /ImageType:Install /ImageGroup:Windows2008"

    or equivalent...

    The MSDSN error article pointer has the same generic info as the error reported from WDSUtil.

    Wednesday, April 16, 2014 1:10 PM
  • Hi,

    I knew your final purpose. But during troubleshooting, we need address where and why we get the error.

    $s1=New-PSSession -ComputerName FQDN

    Enter-PSSession -Session $s1

    Use full quality domain name of WDS instead of FQDN in the command. You said it doesn’t help, can you tell the result you get, the same error?

    Since this is a system error, I still wonder if it works if you change to another computer.

    Thursday, April 17, 2014 6:47 AM
    Moderator
  • Exactly the script you asked:

    $s1=New-PSSession -ComputerName wds.fqdn.com
    Enter-PSSession -Session $s1
    & C:\Windows\System32\WDSUtil.exe /Get-AllImageGroups
    Exit-PSSession

    Gives this error:

    & : The term 'C:\Windows\System32\WDSUtil.exe' is not recognized as the name of a cmdlet, function, script file, or
    operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
    again.
    At C:\Users\hpadmin\test.ps1:3 char:3
    + & C:\Windows\System32\WDSUtil.exe /Get-AllImageGroups
    +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (C:\Windows\System32\WDSUtil.exe:String) [], CommandNotFoundException
        + FullyQualifiedErrorId : CommandNotFoundException

    Which has nothing to do with the error I get when using the invoke-command

    Friday, April 18, 2014 5:37 PM
  • Hi Frank and Daniel,

    I am facing the same issue. Did you guys find a solution?


    Friday, June 5, 2015 12:49 PM
  • No, it was never resolved and I have not had time to investigate the Windows Server 2012 R2 WDS PowerShell command (https://technet.microsoft.com/en-us/library/dn283416(v=wps.630).aspx). If you find a solution please post it.

    Friday, June 5, 2015 7:13 PM
  • My use-case is a little different, I am trying to invoke this from a Linux machine using Pywinrm. 
    Saturday, June 6, 2015 5:33 PM
  • I struggled with this all day!  Man this was frustrating.  WDSUTIL and all the WDS PowerShell CmdLets were giving the same error

    get-wdsclient : The operation being requested was not performed because the user has not been authenticated.

    I found the answer in my case.  I removed the WDS role and reinstalled it.  I then configured it as non-AD integrated and then remote commands started working.  Fortunately I have no need for AD integration.  I hope this also works for you.

    -Fred

    Sidenote - I tried everything!  different servers / user accounts / enter-pssession / cimsession / psexec and they all gave the same error. 

    Tuesday, August 18, 2015 8:48 PM
  • Wow - Thanks for the input. Unfortunately, I need AD integration. This smells like something related to credential delegation / CredSSP. I will try to find time to investigate that approach.

    It would seem logical that after at least 16 months something about this would be documented.

    Tuesday, August 18, 2015 9:46 PM
  • Hi, 
    I know this old post but I would like share my ideas as I had same issue more than a month while replacing/adding boot.wim in WDS (as like FrankJB). I tried below and its working now. 

    1. The script which will remove old boot.wim and add new boot.wim based on 'boot file name' and placed on all remote server. 
    2. To import scheduled task (which I modified based on need) on remote server & it will be triggered on remote server to execute 1st script. 

    https://github.com/ManikandanBoopathy/Shared_Script_Public
    Thursday, August 3, 2017 4:46 AM
  • Found a way to do this, but its probably not the best. It wouldn't work with Enter-PSSession, Invoke-Command etc. 

    Using Invoke-Command, you can create a bat file and use a Scheduled Run Once task to run that Batch file as system account. It will then do what you want :) 

    Heres how I did it:

    Invoke-Command -ComputerName "$DistributionPoint" -ScriptBlock {
    Set-Itemproperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDSPXE' -Name 'UseDHCPPorts' -value 0 ;
    new-item c:\admin\WDSConfig.bat -ItemType File -Force
    $line = "cmd /c WDSUTIL /Set-Server /UseDHCPPorts:No /DHCPOption60:Yes >> c:\admin\wdsconfig.txt"
    $line2 = "cmd /c wdsutil /initialize-server /reminst:M:\RemoteInstall >> c:\admin\wdsconfig.txt"
    add-content -path c:\admin\WDSConfig.bat -Value $line
    add-content -path c:\admin\WDSConfig.bat -Value $line2
    $StartDate = (get-date).AddMinutes(1).ToString("HH:mm")
    Start-Process -FilePath SchTasks -ArgumentList '/Create /SC ONCE /ST ',$StartDate,'/TN "Run WDSUTIL Config" /TR "c:\admin\WDSConfig.bat" /RU "NT AUTHORITY\SYSTEM" /V1 /Z'
                            } -SessionOption $sessionoptions

    Wednesday, June 19, 2019 1:54 AM