PowerShell
The PowerShell forum accepts bug reports as well as feedback and suggestions. For more information, check out the PowerShell Homepage
The following is a list of the states we use to track items.
status | meaning |
---|---|
survey | We saw this and we are considering it. Please upvote if it’s important to you. |
needs more information | We don’t understand the issue and need additional details. |
investigating | We are looking at this internally to understand things like: scenario, reproduction of issue, costing, or other technical details. |
in queue | The issue is understood and in our unprioritized backlog. Your votes will be used to drive prioritization of this work. |
-
Please enable port forwarding within PowerShell
The very cool features on linux is about the port forwarding when we ssh to a remote server.
I hope PowserShell come with these cool things.10 votes -
SeServiceLogonRight is not getting cleaned up after exiting JEA session
I have an issue with Just Enough Administration and Windows 2012 R2, where when I have the 'Run As Virtual account' set to true, it does not clean up after itself. The temporary virtual account is left in 'Logon as a service'. this can be viewed from the local security policy.
2 votes -
Get-WSManCredssp should return an object
Microsoft.WSMan.Management\Get-WSManCredssp currently returns a string describing the WSMan state instead of an object with properties that can be used programmatically. Perhaps something like:
ClientEnabled: $true
ServerEnabled: $false
DelegateComputer: [ "wsman/*.contoso.com" ]1 vote -
WMF/WinRM 5.1 System File version issues after installing KB4103724
My operating system environment is W8.1/WS12R2 with Windows Mangagement Framework 5.1 installed
After installing KB4103724 (May, 2018 Preview of monthly Rollup for NT6.3), I found that some of the files in WMF/WINRM 5.1 were changed, and those changes were not listed on the update history.
Let me say a few questions about this change:
1: Generally speaking, the monthly Summary preview update is used to resolve performance and reliability issues, but this update history does not list the changes in WMF/WINRM 5.1. The affected file in WMF/WINRM 5.1 is listed only in file information for update 4103724.
2: I noticed…
1 vote -
Can we have test-wsman available?
Running PS in mac
1 vote -
Possible Bug: Mapping persistent drives with New-PSDrive using WINRM sessions
I am trying to map persistent drives using New-PSDrive on a remote winrm session, but when I opened a new session the mapping driver got the status of "Unavailable". I am using CREDSSP
Session A creating the mapping
$credentials = Get-Credential user
$session = New-PSSession -ComputerName Server1 -Credential $credentials -Authentication CredSSP
$computername = "Server2"
Invoke-Command -Session $session -ScriptBlock {
param($computername)
New-PSDrive -PSProvider FileSystem -Name "X" -Root "\$computername\scripts" -Persist -Verbose -Scope Global
} -ArgumentList $computernameSession B checking the mapping
$credentials = Get-Credential user
$session = New-PSSession -ComputerName Server1 -Credential $credentials -Authentication CredSSP
$computername = "Server2"Invoke-Command -Session $session -ScriptBlock { …
1 vote -
WinRM
Possible Bug WFM 5.1 with WinRM via Command line. (Can provide Screenshots of issue)
When trying to authenticate to WinRM via command line receive the following error using password with ^ as a special character.
Example Command:
winrm id -r:https://servname:5986 -a:Kerberos -u:serviceaccount@localdomain.local -p:gt^qB%CxkaSQ -encoding:utf-8
Error:
WSManFaultMessage = The user name or password is incorrect.
Error number: -2147023570 0x8007052E
When change ^ to ! receive the following output:
C:\Users\shawns>winrm id -r:https://servername:5986 -a
:Kerberos -u:serviceaccount@localdomain.local -p:gt!qB%CxkaSQ -encoding:ut
f-8
IdentifyResponse
…ProtocolVersion = <a rel="nofollow noreferrer" href="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd">http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd</a>
ProductVendor = Microsoft Corporation
ProductVersion = OS: 6.3.9600 SP: 0.0 Stack: 3.01 vote -
Enable WINRM certificate mapping for domain user
Currently I need to manage Windows DNS server. I would like to use a client certificate to connect to WinRM to manage it, since I want to expose it in RESTful interface. But WINRM certificate mapping only allows non-domain account.
2 votes -
Register-PSSessionConfiguration -WarningAction SilentlyContinue does not suppress warning text
When creating a JEA endpoint with the following command:
Register-PSSessionConfiguration -WarningAction SilentlyContinue ...
The warning about restarting the WinRM service is still displayed. The expected action is for the SilentlyContinue argument to suppress any warnings. This occurs every time.
The workaround here is to use the -NoServiceRestart switch and then restart the WinRM service manually.
Behavior is observed on Server 2016 with PSVersion 5.1.14393.0.
Thanks,
J.
1 vote -
PowerShell: Unable to reconnect disconnected PSSession when PSRemotingProtocolVersion does not match
From a win7 or win10 workstation running PS5 I can create a PSRemoting session (new-pssession) to a server running PS4. But if that session should become disconnected, I'm unable to reconnect (or receive) the session, receiving, instead the following error:
Receive-PSSession : Connecting to remote server hsfsrpw001 failed with the following error message : The server that is running
Windows PowerShell does not support connect operations on the protocolversion 2.3 that is negotiated by the client computer. Make
sure the client computer is compatible with the build 6.3.9600.17400 and the protocol version 2.2 of Windows PowerShell. For more
information, see…2 votes -
WMF 5.1 RestrictedRemoteServer session type fails to import the 'Microsoft.PowerShell.Utility' module
When importing this module in a restricted session type or when making a function or a cmdlet from this module visible, i.e:
VisibleFunctions = 'Get-FileHash'
the following message is returned:
WARNING: The 'Microsoft.PowerShell.Utility' module was not imported because the 'Microsoft.PowerShell.Utility' snap-in was already imported.
In practice, the module is not being imported.
Get-PSSnapin shows that a snapin with the same name is indeed loaded:
Name : Microsoft.PowerShell.Utility
PSVersion : 5.1.14409.1005
Description : This Windows PowerShell snap-in contains utility
cmdlets that are used to view and organize data in different ways.
but exposes no commands
Get-PSSnapin from a regular (not remote)…12 votesThis report is a bit confusing, so need some information.
On the system where you received this error, please try running any of the commands from Microsoft.PowerShell.Utility, such as get-member, or get-date. The error message and the information you provided seems to indicate that the module is already loaded, so we are looking for other indications that it is not. -
Remote Invoke-Command Powershell Stop-WebAppPool No Longer Working After Powershell 5 Upgrade
The full details of the issue are already documented on Server Fault here: http://serverfault.com/questions/806794/remote-invoke-command-powershell-stop-webapppool-no-longer-working-after-powersh
The gist of it is that we have Server A which was on WMF 4 / PowerShell 4 and was able to issue Invoke-Command calls to Server B which was on WMF 2 / PowerShell 2. In particular, a call to Stop-WebAppPool. After upgrading Server A to WMF 5, the call to Stop-WebAppPool no longer works. However, issuing this command to other Servers on WMF 4/5 seems to work.
1 vote -
Jea logon fails if the calling account isn't an administrator on the endpoint
jea cannot be used if the calling user isn't an administrator
I have an issue similar to this but slightly different.
I have JEA configured and set up. When I connect to the endpoint with an account that is an administrator where the endpoint is located it works fine. My commands are limited to what I set in my profile etc.
When I try to connect as a non-privileged user that is in the correct group to use the endpoint it fails with "the username or password is incorrect". If I add that SAME account to the local administrator's…
1 vote -
Block WinRM operations during servicing
The WinRM service starts normally and accepts requests during component servicing operations (eg, "Working on Updates", "Working on Features" screens after a post-update/feature-change reboot). This causes problems for configuration management in cases where the servicing process triggers further reboots, especially since there doesn't appear to be a documented way to determine that servicing is underway. WinRM should either wait to accept requests until servicing is complete, or a way for third-party tools to determine that servicing is underway from Powershell should be documented.
1 vote -
Get-PSSessionCapability returns capabilities even when the speficied user doesn't have permissions to connect to the session
The documentation on Get-PSSessionCapability states it returns information (capabilities) on the session configuration the specified username has on it, but it also returns it for a SessionConfiguration (created with a pssc file) when it wasn't created with a RoleDefinition, no matter if the specified user can or cannot access it.
I would expect it not to return any information for that SessionConfiguration, or have a property that indicates the specified doesn't have the required permissions (invoke / fullcontrol).3 votes -
WinRM "concurrent operations" increase to eventual failure
Concurrent operations on an open shell always increase (eg, for each command run) even when the Terminate signal message is sent and (apparently) properly processed after each command. This eventually causes the MaxConcurrentOperationsPerUser quota to be hit, requiring a new shell to be created.
A simple reproduction using pywinrm is available at: https://github.com/diyan/pywinrm/issues/124. I'm guessing there's just something wrong with the way the Terminate signal is being sent by pywinrm, but the server appears to be happy with it.
To run the repro, ensure python and pip are available, create a file with the repro code (and adjust the…
2 votes -
Add A "Start In" Directory for Enter-PSSession
By default, we are placed into Documents (at least I am), then have to change directories. It would be nice to be able to specify a directory we'd like to start in using Enter-PSSession.
18 votes -
JEA is difficult for delegates to use without tab completion
By default tab completion is disabled in JEA endpoints- and there is no guidance on how (or if) it can be enabled safely.
Without tab completion it is
1. Harder to discover available commands (no Get-<tab>)
2. Harder to execute available commands with correct parameter name spelling etc.
3. Harder to populate correct values (e.g., no help with ValidateSet scenarios)
This all works against the applicability of JEA for delegation scenarios where a less expert sub-admin has to blindly type out a potentially complex and unfamiliar command.
Please make some basic level of tab completion work by default, and please…6 votes -
WinRM should register it's proper SPN
The WinRM service should register the HTTP/computername:5985 and HTTP/computername.fqdn:5985 (or configured port) SPNs so that clients can locate the proper Kerberos principal to authenticate against. Currently anything that uses Kerberos over http:80 can claim its valid SPN and break Kerberos authentication for WinRM.
26 votes -
Server 2012R2 winrm https listener autocertificate reneval
If you enable an https listener on a server and use it with an autoenrolled certificate, the listener will not be updated when the new autoenrollment takes place as the thumbprint will be hardcoded to the listener. This makes the technologie to use an https listener on all your servers to a big administrative burden as you have to keep the listeners up-to-date. Please develop some solution that this certificate will stay up-to-date with each new autoenrollment (like with a scheduled task which starts after autoenrollment scheduled task)
Thanks
Max
37 votes
- Don't see your idea?