问题描述:

I have C# Asp.Net application, which connects to remote computers (remote in relation to web server) to run commands on them using PowerShell.

This generally works, however under some circumstances (which I don't completely understand yet), we completely lose ability to establish ANY remote sessions. When that happens, any attempt to connect to remote PowerShell results in the following exception:

 System.Management.Automation.PSInvalidOperationException

at System.Management.Automation.Remoting.Client.WSManClientSessionTransportManager.Initialize(Uri connectionUri, WSManConnectionInfo connectionInfo)

at System.Management.Automation.Remoting.Client.WSManClientSessionTransportManager..ctor(Guid runspacePoolInstanceId, WSManConnectionInfo connectionInfo, PSRemotingCryptoHelper cryptoHelper, String sessionName)

at System.Management.Automation.Remoting.ClientRemoteSessionDSHandlerImpl..ctor(ClientRemoteSession session, PSRemotingCryptoHelper cryptoHelper, RunspaceConnectionInfo connectionInfo, URIDirectionReported uriRedirectionHandler)

at System.Management.Automation.Remoting.ClientRemoteSessionImpl..ctor(RemoteRunspacePoolInternal rsPool, URIDirectionReported uriRedirectionHandler)

at System.Management.Automation.Internal.ClientRunspacePoolDataStructureHandler..ctor(RemoteRunspacePoolInternal clientRunspacePool, TypeTable typeTable)

at System.Management.Automation.Runspaces.Internal.RemoteRunspacePoolInternal.CreateDSHandler(TypeTable typeTable)

at System.Management.Automation.Runspaces.RunspaceFactory.CreateRunspacePool(Int32 minRunspaces, Int32 maxRunspaces, RunspaceConnectionInfo connectionInfo, PSHost host, TypeTable typeTable, PSPrimitiveDictionary applicationArguments)

at System.Management.Automation.Runspaces.RunspaceFactory.CreateRunspacePool(Int32 minRunspaces, Int32 maxRunspaces, RunspaceConnectionInfo connectionInfo)

...

When that condition begins, this exception is thrown for all attempts to connect to any hosts, and from what I can tell, this is entirely client-side problem on the originating host.

I haven't found any explanation to that here or on MS forums. This is not the problem with user permissions of any kind, because everything works until some condition is triggered within Microsoft components.

Here is how I connect:

 WSManConnectionInfo ci = new WSManConnectionInfo(

false, host, 5985, "/wsman",

"http://schemas.microsoft.com/powershell/Microsoft.PowerShell",

credential

);

ci.AuthenticationMechanism = AuthenticationMechanism.Credssp;

I tried to obtain run-space directly:

 runspace = RunspaceFactory.CreateRunspace(ci);

runspace.ApartmentState = ApartmentState.MTA; // other values don't help

runspace.Open();

and also via pool:

 pool = RunspaceFactory.CreateRunspacePool(1, 5, ci);

pool.ApartmentState = ApartmentState.MTA;

pool.Open();

... that makes no difference, except that few outer stack frames are slightly different.

I suspect this has something to do with threading. We do some PowerShell connections directly from IIS thread responding to AJAX request (synchronously), and some connections are done from separate threads asynchronously, started via ThreadPool.QueueUserWorkItem(...).

So, in the beginning (upon restarting IIS), both types of calls work, and then after some bad event, all types of connection attempts start to throw the above exception. This always happens after something that synchronous call does (which is very simply and seemingly benign) and never after asynchronous invocations. IIS re-start clears that until the condition is triggered again.

It looks as if some PowerShell operations may not be freeing resources properly. When sessions are finished, I tried to close them using all combinations of Close(), Disconnect() and Dispose() on run-space/pool, and that made no difference.

PS. There's this in event log for Remote Management:

(Event ID: 28) Access Denied error: the WSManCreateSession API caller does not match the creator of the application object

This message first appears after successful synchronous PowerShell connection, and then for all connections thereafter.

网友答案:

I have this same issue when trying to remotely connect to Exchange 2010 using Impersonation and Kerberos when calling runspace.Open(), but in my case it never works. In the Windows Remote Management Event Logs I see WSMan successfully authenticate using the authenticated users accounts but then I see "(Event ID: 22) Calling into WSMan to receive output from the shell" initiated from the Application Pool account resulting in the same error "(Event ID: 28) Access Denied error: the WSManCreateSession API caller does not match the creator of the application object"

Aspnet.config includes <legacyUnhandledExceptionPolicy enabled="false" /> <legacyImpersonationPolicy enabled="false" />

Web.config includes <identity impersonate="true" />

Site Authentication Windows Authentication: Enabled Anonymous: Disabled

相关阅读:
Top