0

尝试为我们的 SMTP 集群编写一个监控脚本 (Powershell),该集群有时有 3 个节点。

当我在本地时,在 SMTP 集群上运行以下命令:

Get-NlbClusterNode

我得到了我需要的输出。

但是,如果我从远程服务器(相同的网络和域)尝试相同的操作,我会得到:

[smtp-s001a]: PS C:\> Get-NlbClusterNode
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
+ CategoryInfo          :
+ FullyQualifiedErrorId :
AccessDenied,Microsoft.NetworkLoadBalancingClusters.PowerShell.GetNlbClusterNode

这是为什么?只有“Get-NlbClusterNODE”命令才能让我访问被拒绝。以“Get-NlbCluster”为例,效果很好。

有什么建议吗?

4

4 回答 4

0

我遇到过同样的问题。

我花了一段时间才弄清楚。我将 Powershell 作为我的服务中的一个进程运行。该服务在所有主机的同一用户帐户下运行,但密码是在每个主机/集群节点上随机生成的,这就是为什么我得到“拒绝访问...”一旦我将密码更改为相同,一切正常。

于 2012-09-30T19:55:15.540 回答
0

还要禁用 UAC 并重新启动机器。

于 2013-01-11T12:52:10.717 回答
0

我找到了一些解决方法。在远程会话中模拟管理员凭据

function EntryPoint()
{
    ImportModule-Impersonate;

    $impersonate = new-object UserSession.Impersonate;
    try
    {
        if ($impersonate.Login("SKODA", "Administrator", "*****") -eq $false) {
            throw new Exception("Invalid credentials");
        }
        Import-Module NetworkLoadBalancingClusters
        Get-NlbClusterNode;    
    }
    finally
    {
        $impersonate.Dispose();
    }
};

function ImportModule-Impersonate {

$assem = @();

$source = @" 
using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;

namespace UserSession
{
    public class Impersonate : IDisposable
    {
        public const int LOGON32_LOGON_INTERACTIVE = 2;
        public const int LOGON32_PROVIDER_DEFAULT = 0;

        private WindowsImpersonationContext _impersonationContext;

        [DllImport("advapi32.dll")]
        public static extern int LogonUserA(String lpszUserName,
                                            String lpszDomain,
                                            String lpszPassword,
                                            int dwLogonType,
                                            int dwLogonProvider,
                                            ref IntPtr phToken);

        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        public static extern int DuplicateToken(IntPtr hToken,
                                                int impersonationLevel,
                                                ref IntPtr hNewToken);

        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        public static extern bool RevertToSelf();

        [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
        public static extern bool CloseHandle(IntPtr handle);

        public bool Login(String domain, String userName, String password)
        {
            IntPtr token = IntPtr.Zero;
            IntPtr tokenDuplicate = IntPtr.Zero;

            if (RevertToSelf())
            {
                if (LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
                               LOGON32_PROVIDER_DEFAULT, ref token) != 0)
                {
                    if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
                    {
                        WindowsIdentity tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
                        _impersonationContext = tempWindowsIdentity.Impersonate();

                        if (_impersonationContext != null)
                        {
                            CloseHandle(token);
                            CloseHandle(tokenDuplicate);
                            return true;
                        }
                    }
                }
            }
            if (token != IntPtr.Zero)
            {
                CloseHandle(token);
            }
            if (tokenDuplicate != IntPtr.Zero)
            {
                CloseHandle(tokenDuplicate);
            }
            return false;
        }

        public void Logout()
        {
            if (_impersonationContext != null)
            {
                _impersonationContext.Undo();
                _impersonationContext = null;
            }
        }

        public void Dispose()
        {
            Logout();
        }
    }
}
"@;

    Add-Type -ReferencedAssemblies $assem -TypeDefinition $source -Language CSharp 
}

EntryPoint;
于 2012-10-24T22:08:36.827 回答
0

我有完全相同的问题。使用这些凭据访问和运行的用户Get-NlbClusterNode拥有正确的权限,但由于某种无法解释的原因,他得到了那个奇怪的错误。我放弃了调查并做了以下解决方法:

$username = "domain\user_name"
$securePassword = "secure_hash" | ConvertTo-SecureString
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
$result = Start-Process powershell.exe -WorkingDirectory $PSHome -Credential $credential -ArgumentList ("-File $PSScriptRoot\your-script.ps1") | Out-Null

如果your-script.ps1你在哪里输入:

Invoke-Command -ComputerName "your-remote-server" -ScriptBlock {
    Get-NlbClusterNode
    #Any other commands you want here
}

它按预期工作......

于 2020-01-17T09:38:06.950 回答