login vsi company logo login vsi company logo 250x40

Enabling Remote PoSh for Maintenance with Login AM PowerFlow

Enabling Remote PoSh for Maintenance with Login AM PowerFlow

In the environment of our customer we were experiencing issues with WMI when using the Login AM 2012 maintenance framework (S4Matic). WMI operation on Windows Server 2008R2 has been, to say the least, not great. Microsoft has released a list of hotfixes for different operating systems to fix WMI operation.

Even after applying these hotfixes the problem remained. This was mainly due to multiple programs already doing WMI queries on the machines (RES Workspace Manager and the SCOM Agent). We frequently experienced time-outs when S4Matic performed WMI queries during maintenance. Resulting in machines that were unavailable after the maintenance run or not running maintenance at all.

So we needed to transfer away from the current S4Matic maintenance which uses a lot of WMI queries. To something that relies on a more dependable method of retrieving information and sending commands. That’s where PowerFlow enters the scene. PowerFlow (or Login AM Tasks) is the new maintenance engine that is distributed with Login AM 2012 R2. PowerFlow heavily relies on remote PowerShell to execute commands on remote servers. It still uses WMI for some parts of maintenance (like checking the uptime of a server) but the amount of WMI queries used in PowerFlow is much less.

The first and only challenge with this customer was enabling remote PoSh. This is enabled by default on Windows Server 2008 R2 but it didn’t function. When performing an PoSh invoke-command I’d get the following response:

PS C:\> INVOKE-COMMAND -COMPUTERNAME %COMPUTERNAME% {IPCONFIG}
[%COMPUTERNAME%] CONNECTING TO REMOTE SERVER FAILED WITH THE FOLLOWING ERROR MESSAGE : THE CLIENT CANNOT CONNECT TO THE DESTINATION SPECIFIED IN THE REQUEST. VERIFY THAT THE SERVICE ON THE DESTINATION IS RUNNING AND IS ACCEPTING REQUESTS. CONSULT THE LOGS AND DOCUMENTATION FOR THE WS-MANAGEMENT SERVICE RUNNING ON THE DESTINATION, MOST COMMONLY IIS OR WINRM. IF THE DESTINATION IS THE WINRM SERVICE, RUN THE FOLLOWING COMMAND ON THE DESTINATION TO ANALYZE AND CONFIGURE THE WINRM SERVICE: "WINRM QUICKCONFIG". FOR MORE INFORMATION, SEE THE ABOUT_REMOTE_TROUBLESHOOTING HELP TOPIC.
    + CATEGORYINFO          : OPENERROR: (:) [], PSREMOTINGTRANSPORTEXCEPTION
    + FULLYQUALIFIEDERRORID : PSSESSIONSTATEBROKEN

When you check the remote server Windows Remote Management (or WinRM) is seems to be up and running. However when you check it using the winrm command you get the following:

PS C:\> WINRM QC -Q
WINRM ALREADY IS SET UP TO RECEIVE REQUESTS ON THIS MACHINE.
WSMANFAULT
    MESSAGE = THE WINRM CLIENT CANNOT PROCESS THE REQUEST. IT CANNOT DETERMINE THE CONTENT TYPE OF THE HTTP RESPONSE FROM THE DESTINATION COMPUTER. THE CONTENT TYPE IS ABSENT OR INVALID.
ERROR NUMBER:  -2144108297 0X803380F7
THE WINRM CLIENT CANNOT PROCESS THE REQUEST. IT CANNOT DETERMINE THE CONTENT TYPE OF THE HTTP RESPONSE FROM THE DESTINATION COMPUTER. THE CONTENT TYPE IS ABSENT OR INVALID.

To make a long researching story short. This error has to do with the Kerberos max token size and HTTP max field length. At our customer we had Kerberos max token size of 48.000. This is also the default as of Windows Server 2012 (Microsoft article).

Apparently remote PoSh uses HTTP to communicate with the remote server. I found a Microsoft article regarding to setting the HTTP max field length in correspondence to the Kerberos max token size. Which translates to the following formula:

KerberosTicketSize * 0,75 = HttpMaxFieldLength

I finally settled for these settings:

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HTTP\PARAMETERS
DWORD name DWORD value
MaxFieldLength 65534
MaxRequestBytes 65534

I used a regimport in AM2012 to configure the registry settings on the server and a custom actionitem to perform this command: winrm qc –q

After setting the registry settings (reboot needed) and running the command, all my servers responded the remote PoSh commands and I could continue implementing PowerFlow at our customer.

Hope this works for you.

Tags: How-to, Login AM

Popular Blogs

login-vsi-vdi-performance-summit

The VDI Performance Summit - Virtual Conference and Expo

Visit the VDI Performance Summit to gain knowledge and experience about performance and tuning VDI, improving End-User Experience and IT service. Join us at the ONLY virtual event 100% dedicated to VDI performance and tuning | May 2, 2019 This 1-day event offers key-notes presented by the best VDI performance experts in the world, technical and business oriented breakout sessions, the possibility to chat with experts directly to discuss your own situation, and a virtual exhibit hall featuring… Continue Reading

Scalability testing Parallels Remote Application Server with Login VSI

Recently I went to VMworld in Barcelona where Login VSI had a booth on the expo... While I can’t remember exactly how many conversations I had - there had been so many that I lost my voice on day one. What was new this year is that quite a few people asked if our software is compatible with the solutions from Parallels specifically their Remote Application Server (RAS) (Datasheet). Continue Reading
Login VSI Blog Article - Microsoft Windows 10 Default FTA Associations - Teaser Image

Windows 10 Default File Type Associations and Login VSI

When Login VSI 4.1 was released, the majority of desktops were running Windows 7 and life was easy. We’d set the default filetype for an application and it would simply work. The default and industry standard workloads in Login VSI include launching and using Adobe Reader as part of the virtual user simulation. Because Login VSI doesn’t always know which version of Adobe Reader is installed, or where it’s installed, the workload relies on the file type association (FTA) for .pdf documents to be… Continue Reading
Login VSI - Press Release - IGEL - Login VSI Partner to Optimize End User Computing Experience Image

[Press Release] IGEL Partners with Login VSI to Optimize the End User Computing Experience

Login PI enables organizations to better protect the performance and availability of their IGEL OS-powered virtual desktop environments San Francisco, USA, Feb. 6, 2019: IGEL, a world leader in software-defined endpoint optimization and control solutions for the secure enterprise, today announced that it is partnering with Login VSI, provider of software solutions to test and actively monitor the performance and availability of virtual desktop environments, including VDI and… Continue Reading
Login VSI - Blog - Login PI Blog Teaser Image - Windows Virtual Desktop: How To Monitor User Experience With Login PI

Windows Virtual Desktop – How to Monitor User Experience?

Microsoft has just announced the public preview of their new Windows Virtual Desktop (WVD) offering at Microsoft Ignite on Tour in Amsterdam today. For those of you who’ve not followed the rumors or the private beta, here’s the outline... Continue Reading
Investigating Online Application Performance with Login PI

Investigating Online Application Performance with Login PI

As many companies do, we use a CRM system. Recently, I have been getting complaints about our cloud CRM system, Microsoft Dynamics, being slow. I tried to investigate this by shadowing one of our users to see what was wrong. As expected, everything was fast. 15 minutes later, the same user reported slowness again. How could I investigate this without bothering the users? Continue Reading
Cookie Settings