VMware Cloud Community
harj123
Enthusiast
Enthusiast
‎10-02-2020 10:52 PM

unable to run get-DnsServerResourceRecord via vRO Powershell wf

I have a Powershell host mapped to vRO 8.1 and I can run some simple test commands ("date", "write-output") on the PS host without issues. I want to retrieve DNS records or delete them and when I run the get-DnsServerResourceRecord or remove-DnsServerResourceRecord commands I get an error `failed to get the zone information for mydomain.com on server dc.mydomain.com`

kerberos is set and the domain user that was used to add host to vRO is local admin on the PS host and DNS server. When I run the get-DnsServerResourceRecord command on the PS host, it runs fine.

0 Kudos
1 Reply
eoinbyrne
Expert
Expert
‎10-05-2020 01:39 AM

PowerShell remoting with vRO normally gives you a 'local only' session which means resources or operations which require a 'second hop' to another machine this will not be permitted. We have found that you need to enable CredSSP authentication on the PS host, then you can perform a pseudo 'su' as in Linux by doing this

vRO creates remote session on PS Host (where CredSSP is enabled)

Execute PS script on the host to do

create additional PS session to the PS host using domain/admin credentials

-- Inner session

    Execute privileged commands in inner session (2nd hop is allowed here - but be aware that remote targets (e.g., DC) will need to have CredSSP enabled also)

close inner session

Exit script

It works pretty well & we have built a number of PowerShell integrations like this before

DNS

DHCP reservation

Azure provisioning using Azure RM

Software installation

probably more I've forgotten

0 Kudos