login vsi company logo login vsi company logo 250x40

 

Avoid VDI problems. Test with Login VSI.

Learn how our industry-standard software solutions can benefit your business

Learn more about our products

Enabling Remote PoSh for Maintenance with Login AM PowerFlow

Enabling Remote PoSh for Maintenance with Login AM PowerFlow

In the environment of our customer we were experiencing issues with WMI when using the Login AM 2012 maintenance framework (S4Matic). WMI operation on Windows Server 2008R2 has been, to say the least, not great. Microsoft has released a list of hotfixes for different operating systems to fix WMI operation.

Even after applying these hotfixes the problem remained. This was mainly due to multiple programs already doing WMI queries on the machines (RES Workspace Manager and the SCOM Agent). We frequently experienced time-outs when S4Matic performed WMI queries during maintenance. Resulting in machines that were unavailable after the maintenance run or not running maintenance at all.

So we needed to transfer away from the current S4Matic maintenance which uses a lot of WMI queries. To something that relies on a more dependable method of retrieving information and sending commands. That’s where PowerFlow enters the scene. PowerFlow (or Login AM Tasks) is the new maintenance engine that is distributed with Login AM 2012 R2. PowerFlow heavily relies on remote PowerShell to execute commands on remote servers. It still uses WMI for some parts of maintenance (like checking the uptime of a server) but the amount of WMI queries used in PowerFlow is much less.

The first and only challenge with this customer was enabling remote PoSh. This is enabled by default on Windows Server 2008 R2 but it didn’t function. When performing an PoSh invoke-command I’d get the following response:

PS C:\> INVOKE-COMMAND -COMPUTERNAME %COMPUTERNAME% {IPCONFIG}
[%COMPUTERNAME%] CONNECTING TO REMOTE SERVER FAILED WITH THE FOLLOWING ERROR MESSAGE : THE CLIENT CANNOT CONNECT TO THE DESTINATION SPECIFIED IN THE REQUEST. VERIFY THAT THE SERVICE ON THE DESTINATION IS RUNNING AND IS ACCEPTING REQUESTS. CONSULT THE LOGS AND DOCUMENTATION FOR THE WS-MANAGEMENT SERVICE RUNNING ON THE DESTINATION, MOST COMMONLY IIS OR WINRM. IF THE DESTINATION IS THE WINRM SERVICE, RUN THE FOLLOWING COMMAND ON THE DESTINATION TO ANALYZE AND CONFIGURE THE WINRM SERVICE: "WINRM QUICKCONFIG". FOR MORE INFORMATION, SEE THE ABOUT_REMOTE_TROUBLESHOOTING HELP TOPIC.
    + CATEGORYINFO          : OPENERROR: (:) [], PSREMOTINGTRANSPORTEXCEPTION
    + FULLYQUALIFIEDERRORID : PSSESSIONSTATEBROKEN

When you check the remote server Windows Remote Management (or WinRM) is seems to be up and running. However when you check it using the winrm command you get the following:

PS C:\> WINRM QC -Q
WINRM ALREADY IS SET UP TO RECEIVE REQUESTS ON THIS MACHINE.
WSMANFAULT
    MESSAGE = THE WINRM CLIENT CANNOT PROCESS THE REQUEST. IT CANNOT DETERMINE THE CONTENT TYPE OF THE HTTP RESPONSE FROM THE DESTINATION COMPUTER. THE CONTENT TYPE IS ABSENT OR INVALID.
ERROR NUMBER:  -2144108297 0X803380F7
THE WINRM CLIENT CANNOT PROCESS THE REQUEST. IT CANNOT DETERMINE THE CONTENT TYPE OF THE HTTP RESPONSE FROM THE DESTINATION COMPUTER. THE CONTENT TYPE IS ABSENT OR INVALID.

To make a long researching story short. This error has to do with the Kerberos max token size and HTTP max field length. At our customer we had Kerberos max token size of 48.000. This is also the default as of Windows Server 2012 (Microsoft article).

Apparently remote PoSh uses HTTP to communicate with the remote server. I found a Microsoft article regarding to setting the HTTP max field length in correspondence to the Kerberos max token size. Which translates to the following formula:

KerberosTicketSize * 0,75 = HttpMaxFieldLength

I finally settled for these settings:

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HTTP\PARAMETERS
DWORD name DWORD value
MaxFieldLength 65534
MaxRequestBytes 65534

I used a regimport in AM2012 to configure the registry settings on the server and a custom actionitem to perform this command: winrm qc –q

After setting the registry settings (reboot needed) and running the command, all my servers responded the remote PoSh commands and I could continue implementing PowerFlow at our customer.

Hope this works for you.

 


 

Start using Login VSI today

Our industry-standard software is built to help you avoid problems, lower costs and improve performance. Request a Quote or get your free Trial below, and benefit from our award-winning services.

Free Price Request  Your Free Trial

 


About the company Login VSI

The company Login VSI provides end-user performance insights for virtualized desktop and server-based computing environments. Enterprise IT departments use flagship product Login VSI (for load testing) and Login PI (for continuity testing) in all phases of their virtual desktop deployment—from planning to deployment to change management—to build and safeguard a good performance, a high availability, and (as a result) a good and consistent end-user experience. For more information about Login VSI or for a free test license contact us.

Tags: How-to, Login AM

Popular Blogs

Login VSI Blog - Ongoing Effects CPU Flaws

The Ongoing Effects of Intel CPU Flaws

The Ongoing Effects of Intel CPU Flaws Over the last year, we’ve seen many Intel CPU hardware flaws come to light and when news first broke about Meltdown & Spectre there was a lot of panic: "should we patch?", "What’s the performance impact?", "Can we still rely on this hardware?" Continue Reading
Login VSI Blog - Updating to Windows 10 1903? Make Sure to Test!

Updating to Windows 10 1903? Make Sure to Test!

Updating to Windows 10 1903? Make Sure to Test! It’s that time of the year again. Microsoft have released their spring update and the first IT-Pro’s are getting ready to move their VDI environment over. Continue Reading
Login AT Express offers Application Compatibility Testing for up to 50 applications for FREE

[Press Release] Login VSI introduces free license for award winning solution, Login AT

Login AT Express offers Application Compatibility Testing for up to 50 applications for FREE Atlanta, USA, May 22, 2019: Login VSI, the industry standard for VDI and SBC performance testing, announced today the availability of a new, free version of Login AT for Bulk Application Compatibility Testing. Continue Reading
Login VSI Blog - LVTE 2109 - Technology Advocates & Experts

Login VSI Technology Advocates and Experts 2019

About a year ago Login VSI, the industry standard in VDI performance testing, announced a new program Recognizing those individuals that have built and displayed extensive knowledge of the Login VSI software solutions, and visibly contribute to the End-User Computing (EUC) Community. Continue Reading
Introducing Login PI 3.4

Introducing Version 3.4 of Login PI

What’s New & Different - Introducing Version 3.4 of Login PI We've updated Login PI, the benchmark in unplanned-change and gradual-deterioration detection for VDI. New features include improving the way information is collected & distributed, the way customized workloads are created & the way actual tests are executed. Continue Reading
Login VSI Blog - What's New in Login PI 3.5

What's New in Login PI 3.5?

What's New in Login PI 3.5? Netscaler, SLA Reporting, Event Logging features and so much more! At the end of June, we released a new version of Login PI 3 bursting with new features and enhancements. There are so many that I could write pages of blog about it, but let’s just keep it simple and focus on some of the big items. Continue Reading
Cookie Settings