Solved: Deploy RDS Role on a clone Windows 2012 VM

fjj · ‎11-25-2016

Hello,

I tried to clone by PowerCLI script a Windows 2012 server with the Remote desktop service installed.

The cloning operation by it self and the renaming and domain joining by OS Customization is working fine.

After that, in order to make the RDS role working, I need to execute inside the machine a Powershell Script (Add-RDS-Connection-Broker, New-SessionDeployment, New-RDSessionCollection) but of course I don't want to log in the machine. I want to execute those step from my PowerCLI script.

I tried to execute those steps by a Invoke-VMScript but it doesn't work because those step need to be "run as administrator".

I tried to execute those steps by a remote Invoke-Command but it doesn't work because New-SessionDeployment already use a remote access and we can't do a double remote access.

Any Idea ?

Thanks for your help

Regards

FJJ

LucD · ‎11-25-2016

With CredSSP you could avoid the double hop issue you seem to be having.

See for example Overcoming Double Hop Issues with PowerShell Remoting

An alternative is to use Kerberos double hop, see PowerShell Remoting Kerberos Double Hop Solved Securely

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

View solution in original post

LucD · ‎11-25-2016

With CredSSP you could avoid the double hop issue you seem to be having.

See for example Overcoming Double Hop Issues with PowerShell Remoting

An alternative is to use Kerberos double hop, see PowerShell Remoting Kerberos Double Hop Solved Securely

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

fjj · ‎11-29-2016

The second article is great. Not just for thee kerberos solution but also for list of popular solutions.

In my case I prefer "PSSessionConfiguration using RunAs". CredSSP is a little more complex. And I can't use "Resource-Based Kerberos Constrained Delegation" because my Domain is not in 2012.

many thanks

All

Deploy RDS Role on a clone Windows 2012 VM