PowerShell Web Access Installation and Troubleshooting
PowerShell Web Access allows you to securely log on to and manage a Windows Server using PowerShell commands or scripts. It’s similar to SSH (Secure Shell) remote connection for Unix systems, only it’s for Windows.
To install PowerShell Web Access, run the Install-PswaWebApplication command from powershell. You will need an SSL certificate or you can opt for a self-signed test certificate.
Install-WindowsFeature –Name WindowsPowerShellWebAccess -IncludeManagementTools -Restart
This will install the PowerShell Web Access feature on your server.
Next, configure PowerShell Web access to use a test certificate:
Install-PswaWebApplication –webApplicationName FalconPsaWeb –useTestCertificate
This will install the Web application in IIS with a self-signed SSL certificate. The url will be https://yourfqdn/FalconPsaWeb. Obviously, you should replace FalconPsaWeb with a directory name of your choice.
This will grant you a temporary, 90 day self-signed certificate. To configure PowerShell Web Access with a public SSL certificate, follow these instructions.
If you want to verify that the temporary certificate has been installed, open IIS7, highlight default Web site and click Bindings under the actions pane. Highlight the https protocol type and click on the edit button.
The temporary SSL certificate should display.
Finally, let’s add user access permission. Execute the following command:
Add-PswaAuthorizationRule –UserName falconlab\miguel -ComputerName VHOST01 -ConfigurationName Microsoft.powershell
This command will allow falconlab\miguel to access the server’s FalconPsaWeb under the default configuration, Microsoft.powershell. Use the domain\user syntax for the –UserName switch and the server’s NetBIOS name. Note: You may not be able to access the PowerShell logon screen if the destination FQDN resolves to an internal IP address. If that’s the case, open DNS manager and create an A record such as remote.yourdomain.com that resolves to the server’s public IP address.
Make sure port 445 is open and forwarded to the server from your firewall.
Log in to the URL and you will be greeted with the Windows PowerShell Web Access logon screen.
After logging in, you are ready to manage your server!
PowerShell Web Access Troubleshooting
Error: Access to the destination computer has been denied. Verify that you have access to the destination Windows PowerShell session configuration. This error can also occur if Windows PowerShell remote management has been disabled on the destination computer.
This error can occur if the user does not have sufficient privileges or if Powershell remote management has been disabled.
- Verify that the user is a member of Remote Management Users. To enable PowerShell remote management, execute the following command: enable-psremoting –force
Error: Internet Explorer cannot display the Web page.
- This error can occur if the host name specified in the destination, resolves to a local IP address and you are trying to access PowerShell from the outside. If that’s the case, create a new A record in DNS that resolves to the Public IP and use that FQDN to access the login page.
- This error can occur if port 443 (HTTPS) is not open on your firewall or if it’s not forwarded to the server from your NAT device.
Error: An authorization failure occurred. Verify that you are authorized to connect to the destination computer.
- Verify that PowerShell remote is enabled. To enable PowerShell remote management, execute the following command: enable-psremoting –force
- Make sure that the user has an accompanying rule configured. Otherwise, run the Add-PswaAuthorizationRule command (see above)/
- Make sure that the user is a member of the Remote Management users group.