PowerShell 远程处理 Lync、Active Directory 错误“-2147016672”搜索域控制器时发生
我正在尝试通过 WcfService 配置 LyncServer,该 WcfService 本身执行 PowerShell 远程处理以在 Lync 计算机上运行 Cmdlet。我成功导入 Lync 模块,但当我尝试调用 Lync cmdlet(例如 Get-CsUser)时,我在 powershell.Streams.Error 中收到错误:
搜索域控制时发生 Active Directory 错误“-2147016672” 域“my.test.domain”中的用户:“发生操作错误。”
这就是我创建 Runspace 的方式:
PSCredential psCred = new PSCredential(this.Credentials.Domain + "\\" + this.Credentials.UserName, this.Credentials.SecurePassword);
WSManConnectionInfo wsman = new WSManConnectionInfo(uri, c_powerShellShema, psCred);
wsman.AuthenticationMechanism = AuthenticationMechanism.Default;
//wsman.AuthenticationMechanism = AuthenticationMechanism.Kerberos;
//wsman.ProxyAuthentication = AuthenticationMechanism.Negotiate;
Runspace retval = RunspaceFactory.CreateRunspace();//wsman);
retval.Open();
我的 powershell 调用
PowerShell powerShell = PowerShell.Create();
powerShell.Runspace = this.Runspace;
powerShell.AddScript("Import-Module Lync");
powerShell.Invoke();
powerShell.Streams.ClearStreams();
powerShell.AddScript("Get-CsUser);
powerShell.Commands.AddCommand("Out-String");
var retval = powerShell.Invoke();
foreach (var o in retval)
Console.WriteLine(o.ToString());
foreach (var e in powerShell.Streams.Error)
Console.WriteLine(e.ToString());
有什么想法吗? Runspace 中使用的用户与我用于通过 lync 管理控制台执行所有 lync 配置的用户相同,因此他拥有所需的所有访问权限。
I'm trying to configure my LyncServer via a WcfService that itself does PowerShell remoting to run Cmdlets on the Lync machine. I successfully import the Lync module, but when i try to call and Lync cmdlet, e.g. Get-CsUser i receive a error in powershell.Streams.Error:
Active Directory error "-2147016672" occurred while searching for domain control
lers in domain "my.test.domain": "An operations error occurred."
This is how i create my Runspace:
PSCredential psCred = new PSCredential(this.Credentials.Domain + "\\" + this.Credentials.UserName, this.Credentials.SecurePassword);
WSManConnectionInfo wsman = new WSManConnectionInfo(uri, c_powerShellShema, psCred);
wsman.AuthenticationMechanism = AuthenticationMechanism.Default;
//wsman.AuthenticationMechanism = AuthenticationMechanism.Kerberos;
//wsman.ProxyAuthentication = AuthenticationMechanism.Negotiate;
Runspace retval = RunspaceFactory.CreateRunspace();//wsman);
retval.Open();
and my powershell calls
PowerShell powerShell = PowerShell.Create();
powerShell.Runspace = this.Runspace;
powerShell.AddScript("Import-Module Lync");
powerShell.Invoke();
powerShell.Streams.ClearStreams();
powerShell.AddScript("Get-CsUser);
powerShell.Commands.AddCommand("Out-String");
var retval = powerShell.Invoke();
foreach (var o in retval)
Console.WriteLine(o.ToString());
foreach (var e in powerShell.Streams.Error)
Console.WriteLine(e.ToString());
Any idea? the User that is used in the Runspace is the same user that i used to do all the lync configuration via the lync management console, so he has all access permissions he need.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您没有使用 ASP.NET,但可能如何使用系统ASP.NET 中的 .DirectoryServices 命名空间 可以解释您的问题。
您当然知道,但是当您遇到类似 -2147016672 的错误时,请将其转换为十六进制 (0x80072020) 并通过 google 搜索 Micosoft 技术名称和十六进制代码“Active-Directory 0x 80072020”以获取有关该问题的在线帮助。
You are not working with ASP.NET but perhaps How to use the System.DirectoryServices namespace in ASP.NET can explain your problem.
You certainly know but when you've got an error like -2147016672, convert it in hexa (0x80072020) and google the Micosoft thechnologie name and the Hexa code "Active-Directory 0x 80072020" for online help on the problem.
我终于在这里找到了答案:Powershell v2 远程处理和委托。所以我在他们的服务器上调用了Enable-PsRemoting,并且工作正常。
i finally found the answer here: Powershell v2 remoting and delegation. so i called
Enable-PsRemotingon ther server and i works fine.您正在使用默认身份验证
当任何 lync/skype for Business 命令(例如 Get-CsUser、Enable-CsUser 或 Disable-CsUser)从您的服务器连接域控制器时,
。因此,在连接到 DC 时,调用不会指定用户的凭据,因为您提供的凭据仅用于目标(Skype 服务器)而不是 DC。
因此,只要涉及多个跃点,您就必须使用 CredSSP,因为 CredSSP 要求在连接到下一跃点时使用相同的凭据。
您可以参考这篇文章,它比我可能的方式解释得更好。:p
https://sysnetdevops.com/2016/09/16/skype-for-business-server-and-powershell-remoting/
You are using default authentication
While any lync/skype for business command such as Get-CsUser or Enable-CsUser or Disable-CsUser connects the domain controller from your server.
So while connecting to the DC the call doesn't specify which credentials to user because the ones you provided were for the target(Skype server) only not the DC.
Hence you will have to use CredSSP whenever there are multiple hops involved, because CredSSP tells to use the same credential while connecting to the next hop.
You can refer this article, it explains way better than how I might have.:p
https://sysnetdevops.com/2016/09/16/skype-for-business-server-and-powershell-remoting/