New-PsDrive Remote copy from DFS share errors: A specified logon session does not exist

Question

So to recap the situation: I am at one computer trying to run powershell using enter-pssession computername, then from the remote session, run the logic below:

$DFSPath = "\\DFSpath.com"
$RDL1 = [char](1+[char](gdr ?)[-1].name)
New-PSDrive -Name $RDL1 -PSProvider FileSystem -Root $DFSPath -Persist -credential domain\UN

The get-variable shows the variables properly. But when I try to create with New-PSDrive, it gives:

New-PSDrive : A specified logon session does not exist. It may already have
been terminated

I did look at this: PowerShell 2.0: Accessing Windows Shares during a Remote Session but wasn't able to get it to work. Also I wouldn't know how to devise it in my script above (which will be run on multiple computers). Is there anything newer? I am using v3 powershell. Thanks so much!

Answer 1

From the looks of things it appears that you are experiencing the dreaded "Double-Hop". If you only what to remote to a few computers it's pretty easy to setup the "fix" for the "Double-Hop". On the computers that you want to remote to you need to run the following commands:

Enable-PSRemoting

Enable-WSManCredSSP Server

Then on the computer you want to remote from you need to run the command:

Enable-WSManCredSSP Client –DelegateComputer [<FQDN of the server>][*]

In place of the fully qualified domain name you can put a * instead. That will allow you to send your credentials to any computer (that could be dangerous).

Now how would you work this into a script? There is a command called Invoke-Command. If you look at the parameters of Get-Help Invoke-Command -Parameter *, you'll see that it take a Credential and a Authentication. Here's how you would run a command on multiple computers.

$MyCred = Get-Credential
Invoke-Command -ComputerName Computer1,Computer2 -Credential $MyCred -Authentication Credssp -ScriptBlock {Get-ChildItem $args[0]} -ArgumentList '\\Server\Share' -ErrorAction SilentlyContinue

Now if you'll be remoting onto many machines and you know how to use Group Policy. I'd recommend setting up PSRemoting and enabling WSManCred with the Group Policy.