Community Forums

[Andreas Neufert]

Hi,

a customer had problems with Remote Powershell and external SQL Server.
Soution:
Using CredSSP together with invoke-command.

Same customer uses VMware orchestrator for automation.
VMware Orechstrator do not support CredSSP.
Solution:
Passing Credentials to CredSSP

Some Veeam commands need a connection to vcenter Server.
Together with Remote Powershell you see the error:
Failed to login to "vcenter.demolab.an.veeam.de" by SOAP, port 443, user "vcenter\Administrator", proxy srv: port:0
+ CategoryInfo : InvalidOperation: (Veeam.Backup.Po...FindVBRViEntity:FindVBRViEntity) [Find-VBRViEntity], Exception
+ FullyQualifiedErrorId : Backup,Veeam.Backup.PowerShell.Command.FindVBRViEntity
Solution:
You need to enhance the MaxMemoryPerShell on Veeam B&R Server.
set-item wsman:localhost\Shell\MaxMemorPerShellMB 512
See also: viewtopic.php?f=2&t=8269


Thank you to Marc Seitz, Tom Sightler and Seth Bartlett. They found the solutions that I used here in the example script all together.


Example script:

Code: Select all

# To activate CredSSP on a Client:   
# enable-wsmancredssp -role client -delegatecomputer backup, backup.demolab.an.veeam.de, vcenter, vcenter.demolab.an.veeam.de
#
#
# If you see the following error:
# If you use a separate SQL Server, please add them as well.
#Failed to login to "vcenter.demolab.an.veeam.de" by SOAP, port 443, user "vcenter\Administrator", proxy srv: port:0
# + CategoryInfo          : InvalidOperation: (Veeam.Backup.Po...FindVBRViEntity:FindVBRViEntity) [Find-VBRViEntity], Exception
# + FullyQualifiedErrorId : Backup,Veeam.Backup.PowerShell.Command.FindVBRViEntity
# You need to enhance the MaxMemoryPerShell on Veeam B&R Server.
# set-item wsman:localhost\Shell\MaxMemorPerShellMB 512
#
#
#If you see: Warning: You should update your PowerShell to PowerSehll 2.0 version. => Ignore it.
#
#invoke-command are not able to pass variables or output back. So you do not see any output in this example.


#set-item wsman:localhost\Shell\MaxMemoryPerShellMB 512
$backupserver = "backup.demolab.an.veeam.de"
$username = "demolab\Administrator"
$password = convertto-securestring -string "Sumsi1!" -asplaintext -force
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $Username, $Password
$session = New-PSSession $backupserver #-authentication CredSSP -Credential $credentials

invoke-command -session $session -scriptblock{


Add-PSSnapin -Name VeeamPSSnapIn -ErrorAction SilentlyContinue
$vcenter = "vcenter.demolab.an.veeam.de" #Your Hostname or IP Address of ESX(i) or VCenter (see B&R console for correct name)
$searchstring = "AD"  #Search String. Here as example VM AD
$vcenterobject = Get-VBRServer -Name $vcenter
$searchobject = Find-VBRViEntity -Server $vcenterobject  -Name $searchstring
}
Remove-PSSession $session


CU Andy

[tsightler]

Another option instead of using CredSSP, is to use the legacy delegation method. This is pretty safe and easy to configure, and saves you from having to mess with CredSSP at all. To do this you simply must enable "Delegation" on the computers you are PS remoting to.

1. Start "Active Directory Users and Computers"
2. Locate the computer you will be remoting to (the Veeam server) and select properties.
3. Select the "Delegation" tab
4. Select "Trust the computer for delagation to specified services only"
5. Choose the account that will be running the PowerShell script, and select the SQL service on the server providing the Veeam database

This account will now be trusted for delegation to the SQL server only from the Veeam server, and you can use standard kerberos authentication rather than CredSSP for remote Powershell.

I'll admit that CredSSP is probably the "correct, modern" way to do this, but it can be an absolute pain to enable and configure all of the required options, while this requires only a simple change via the Users and Computers GUI, and perhaps a reboot of the Veeam server (it will take effect without a reboot, but seems to take some time).

[Andreas Neufert]

Thank you Tom,

this is great stuff.

CU Andy