This blog will describe how to connect from one computer.domain and execute script on computer from other domain.
Windows WinRM will be used. It uses session to connect to computer and do remote calls. After a long time session needs to be checked if is alive, if not reconnection should be made.
WinRM is a standard Simple Object Access Protocol, more informaito is avaliable here.
Domains
Two domains:- compaydom.com (jmeter clients)
- perfdom.com ( performance environment like App, DB servers)
Company.com domain is primary domain where are located jmeter clients which are running tests.
perfdom.com domain is performance domain where is performance environment
Perfcl001 from company.com domain will execute powershell script on perfcoreapp server on perfdom.com domain..
Powershell or Powershell ISE windows must be opened as administrator. Powershell ISE is used for editing and execution.
Powershell Remote connection on
Create domain administrator user
In perfdom.com domain create administrator user 'perf'. Add this user as administator on all machines on perfdom.com domain. This user will be used to connection from primary domain to remote internal domain.Configure Powershell
For powershell script execution:Enable-PSRemoting -Force
Assign user to execute powershell
Set-Item wsman:\localhost\client\trustedhosts "perfcl001"
Set execution policy to bypass (click on the button 'Yes' to confirm):
Set-ExecutionPolicy Bypass
Enable to remote computer to connect via credential SSP (click on the button 'Yes' to confirm):
Enable-WSManCredSSP -Role server
With next command enable 'perf' admin user to execute powershell scripts:
Set-PSSessionConfiguration -Name Microsoft.PowerShell -showSecurityDescriptorUI
Last action is to :
Restart-Service WinRm
Check trusted host:
Get-Item –Path WSMan:\localhost\Client\TrustedHosts
Return will be perfcl001
On remote computer is powershell, WINRM configuration done to execute powershell script from other computers with SSP login.
Company domain
'Perf' user is correctly configured to execute powershell scripts on subdomain. On local computer do enable PS remote:Enable-PSRemoting -Force
Set execution policy of powershell scripts:
Set-ExecutionPolicy Bypass
Set trusted hosts:
Set-item wsman:localhost\client\trustedhosts -value *
Set-item wsman:localhost\client\trustedhosts -value *
Enable perfcoreapp to enable autentication SSP:
Enable-WSManCredSSP –Role Client –DelegateComputer PERFcoreapp
Run gpedit.msc in command prompt and navigate to Computer Configuration –> Administrative Templates –> System –> Credential Delegation as shown below:
Open up the “Allow Delegating Fresh
Credentials with NTLM-only Server Authentication” setting. Enable the
setting and then click on the “Show…” button to add a server to the list.
I added mine like so:
First run to test;
$name = "performance"
$pass = "#####"
$securePassword = ConvertTo-SecureString $pass -AsPlainText -force
$credential = New-Object System.Management.Automation.PsCredential("perfdom\$name",$securePassword)
$check = New-PSSession -ComputerName "perfcoreapp" -Credential $credential -Authentication Credssp
$job = Invoke-Command -SessionId $check -ScriptBlock {Get-Process | Select -First 10}
$j = Get-Job
$j | Format-List -Property *
$results = $j | Receive-Job
Wait-Job -Job $job *>&1
Run script
$name = "performance"$pass = "#####"
$securePassword = ConvertTo-SecureString $pass -AsPlainText -force
$credential = New-Object System.Management.Automation.PsCredential("perfdom\$name",$securePassword)
$check = New-PSSession -ComputerName "perfcoreapp" -Credential $credential -Authentication Credssp
$job = Invoke-Command -session $check -ScriptBlock { "\\perfdoomaincontroler.domain.com\SHARE\ps-scripts\Prepare.ps1" }
or
$job = Invoke-Command -ComputerName "perfcoreapp" -ScriptBlock { "\\perfdoomaincontroler.domain.com\SHARE\ps-scripts\Prepare.ps1" } -credential $credential -AsJob
$j = Get-Job
$j | Format-List -Property *
$results = $j | Receive-Job
Wait-Job -Job $job *>&1
Conclusion
Remote in powershell is to use in automation where:- application logs are cleaned.
- IIS logs are cleaned
- IIS is restarted
- Performance counters are started/stopped on performance machines
- logs are copied to one location,
- etc...
