Let's imagine the above architecture. And suppose from your computer you need "Get-WmiObject -class Win32_Service". Suppose you configure everything ok, and final try to send the following command:
$server = "pc01.xxxx.yyy" $User = "$server\admin_pc01" $PWord = ConvertTo-SecureString -String "p4ssw0rd" -AsPlainText -Force $Credential = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $User, $PWord Get-WmiObject -class Win32_Service -ComputerName $server -Credential $Credential
But you receive: Get-WmiObject : Access denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
I do some research and in the Event Viewer of pc01.xxxx.yyy I found three events: 4776,4672,4624 with the credential request, credential validation and the access. Code error: 0x0 => no error, credential valid. On the Event Id 4624 on the network information I found my Workstation name, my IP e my tcp source port: (ex: 17380)
Nice .. but even mad!
Then I deep dive into firewall (part of the green Routing Circle) and found a funny things.
From my PC I have two connection: 1) from mypc to 192.168.1.1 to port 135 from port 17380 2) from mypc to 10.10.10.1 to port 135 from port 17381
Hahaha...then I understood!!!
Mypc is on the same domain zzzz.nnn of pc01.zzzz.nnn When I send the command Get-WmiObject open an auth session (source port 17380) with pc01.xxxx.yyy (and all work good) but after that Get-WmiObject open another port to transimit the data (source port 17381) but in this case the command NOT USE THE FQDN but ONLY the Hostname!!!! This means Get-WmiObject send command to pc01, my computer add the default domain for dns resolution (zzzz.nnn) and...et volià...it send the second request to 10.10.10.1 !!!!
Obviously if on my hosts file I add the row pc01 192.168.1.1 the Get-WmiObject request work.
But this not is an acceptable solution for me.
User contributions licensed under CC BY-SA 3.0