PS脚本成功连接到域机,但无法连接到子域机器
我正在编写一个脚本来远程管理公司网络中的机器。
访问主域机时,我没有问题。 (例如:Machine1.bill.ca)
尝试连接到子域机时,它会失败。 (例如:Machine2.bob.bill.ca)
我首先通过DNS获取完整的主机名:
}elseif($Temp -is [array]){
$Ret = @()
foreach($a in $temp){
try{
$a = [System.Net.Dns]::GetHostByName($a).HostName
$Ret += $a
}catch{ Write-Host '[-]'$a 'unreachable' }
}
if([string]::IsNullOrWhiteSpace($Ret)){ VNCO-Return }
}else{
try{ $Ret = [System.Net.Dns]::GetHostByName($Temp).HostName }catch{
Write-Host '[-]'$Temp 'unreachable'
VNCO-Return
}
}
然后返回目标并用于创建会话:
try{
$ErrorActionPreference = "Stop"
Write-Host '[*] Starting remote connection'
$Sess = New-PSSession -ComputerName $Target -Credential $global:Cred
foreach ($s in $Sess){ USRC($s) }
}catch{
Write-Host '[-] Some targets may not have WinRM configured'
Write-Host '[*] Starting WinRM configuration mode'
foreach($t in $Target){
try{ UST($t) }catch{
try{
WinRM($t)
UST($t)
}catch{ Write-Host '[-] Could not connect to'$t }
然后应该在远程目标上执行东西:
function UST($t){
$s = New-PSSession -ComputerName $t -Credential $global:Cred
USRC($s)
}
function USRC($s){
Invoke-Command -Session $s -ScriptBlock {
*doing stuff*
Write-Host '[+] Settings successfully updated on'$env:COMPUTERNAME
}
}
它可以使用到目前为止我测试过的每台Bill.ca机器(200+)
它在我到目前为止测试的bob.bill.ca机器上都无法使用(30个)
我使用的证书在Bill.ca和Bob.bill.ca.
上具有相同的权利 BOB.BILL.CA上的机器可以被刺穿,DNS返回主机名没有任何问题。
但是,脚本无法连接到bob.bill.ca.
上的任何机器
I am writing a script to remotely manage machines within the company network.
When accessing main domain machines, I have no issue. (Ex: machine1.bill.ca)
When attempting to connect to subdomain machines, it fails. (Ex: machine2.bob.bill.ca)
I first get the full hostname through the DNS:
}elseif($Temp -is [array]){
$Ret = @()
foreach($a in $temp){
try{
$a = [System.Net.Dns]::GetHostByName($a).HostName
$Ret += $a
}catch{ Write-Host '[-]'$a 'unreachable' }
}
if([string]::IsNullOrWhiteSpace($Ret)){ VNCO-Return }
}else{
try{ $Ret = [System.Net.Dns]::GetHostByName($Temp).HostName }catch{
Write-Host '[-]'$Temp 'unreachable'
VNCO-Return
}
}
The target is then returned and used to create a session:
try{
$ErrorActionPreference = "Stop"
Write-Host '[*] Starting remote connection'
$Sess = New-PSSession -ComputerName $Target -Credential $global:Cred
foreach ($s in $Sess){ USRC($s) }
}catch{
Write-Host '[-] Some targets may not have WinRM configured'
Write-Host '[*] Starting WinRM configuration mode'
foreach($t in $Target){
try{ UST($t) }catch{
try{
WinRM($t)
UST($t)
}catch{ Write-Host '[-] Could not connect to'$t }
Stuff is then supposed to be executed on the remote target:
function UST($t){
$s = New-PSSession -ComputerName $t -Credential $global:Cred
USRC($s)
}
function USRC($s){
Invoke-Command -Session $s -ScriptBlock {
*doing stuff*
Write-Host '[+] Settings successfully updated on'$env:COMPUTERNAME
}
}
It works on every bill.ca machine I've tested so far (200+)
It works on none of the bob.bill.ca machines I've tested so far (30-ish)
The credentials I am using have the same rights on bill.ca and bob.bill.ca.
Machines on bob.bill.ca can be pinged and the dns returns the hostname without any issues.
Yet, the script fails to connect to any machine on bob.bill.ca.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这是一个值得信赖的问题。
ran作为管理员并执行此命令:
问题已解决
It was a trustedhost issue.
Ran PS as admin and executed this command:
Issue was resolved
并不是真正的问题的答案,但是想提及以上的第一个块可以简化:
如果
$ temp不是数组,它仍然被视为一个持有单个元素。where-object对待$ null或空字符串作为$ false。( - 不是$ ret)将空数组视为$ false。上方的块会产生一个数组。我用
gethostentry()替换gethostbyname(),因为我看到前者被弃用。还可以尝试一下,看看它是否返回了不同的东西...
Not really an answer to the question, but wanted to mention the first block above could be simplified with:
If
$Tempisn't an array, it's still treated as one holding a single element. AndWhere-Objecttreats$nullor empty string as$false.(-not $ret)treats an empty array as$false. The block above it produces an array.I replaced
GetHostByName()withGetHostEntry()because I saw mention that the former is deprecated.Can also try this to see if it returns something different...