Thursday, November 26, 2009

SharePoint 2010 Management with PowerShell from the Outside - Walkthrough

SharePoint 2010 and PowerShell are united to allow running virtually any command from from a command-line interface, and even, from a remote computer that's not even inside the server's domain.

Objective: Run SharePoint Commands from any Remote PC

Requirements:
Windows PowerShell V2 (CTP3)
Windows Remote Management - WinRM (CTP3)

Needed Configurations

#ENABLE WinRM

> Net Start WinRM
> Enable-PSRemoting
> Set-WSManQuickConfig

#Create HTTPS listener
winrm create winrm/config/listener?Address=*+Transport=HTTPS @{Hostname="DESTINY_HOSTNAME";CertificateThumbprint="7fd53c46a38c60c089f3ab3451258f917011c655"}

CertificateThumbprint can be found running mmc,
> File, Add Snapp-in
> Certificates, Add
> Personal, Certificates
> Double Click certificate, Details, Certificate, Thumbprint
> Select all, copy to notepad
> Delete all white-spaces and ? characters, leave only numbers and leters


#set trusted hosts on origin computer
#ORIGIN HOST MUST HAVE DESTINY HOST IN TRUSTED ZONES EQUAL TO THE ONE USED TO CONNECT
Set-Item WSMan:\localhost\client\trustedhosts [COMPUTER_IP_OR_FQDN] -force

Needed Code
#get username and password
$credentials=Get-Credential
#create session to enable multiple commands from being executed
$SessionOption = New-PSSessionOption -SkipCACheck -SkipCNCheck
$Session = new-pssession -computername [COMPUTER_IP_OR_FQDN] -SessionOption $SessionOption -UseSSL -Port 443 -Credential $credentials

#enable SharePoint commands in shell
Invoke-Command -session $Session -ScriptBlock {Add-PSSnapin Microsoft.SharePoint.PowerShell}

#create new SPSite within Web Application in port 80
Invoke-Command -session $Session -ScriptBlock {$new_sub_site=New-SPSite -url "http://localhost/sites/tiago" -OwnerAlias "bindprovisioning" -Template "STS#0"}


Common Issues:
- Access Denied
1) Run PowerShell as Administrator
2) Make sure administrator password is not blank
3) Make sure you have filter policy enabled:
new-itemproperty -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -name LocalAccountTokenFilterPolicy -propertyType DWord -value 1

- request error
Make sure WinRM is running on both computers and using HTTP auto assigned ports

- Cannot Check Certificate Authority
use -SkipCACheck

- Cannot Check hostname for certificate
use -SkipCNCheck


Help
These might help you throught WinRM errors

#get current listeners (can be http, https and others)
#SERVERS RUNNING IIS NEED TO USE HTTPS ON WINRM
winrm e winrm/config/listener

#Change property in listener already created
#REMEMBER: KEYS ARE CASE SENSITIVE!
winrm set winrm/config/listener?Address=*+Transport=HTTP @{Enabled="false"}

winrm set winrm/config/listener?Address=*+Transport=HTTP @{Key="Value"}

#delete listener
winrm deletewinrm/config/listener?Address=*+Transport=HTTPS

Additional Information
Technet Post On WinRM

1 comment: