- 最新
- 投票最多
- 评论最多
Hi, thanks for sharing the output of the Test-NetConnection
command.
This tells us that the port is open and the security group attached to FSx is correct.
Please could you share the command that you are using to connect to the FSx remote powershell endpoint?
Alternatively, please try this example command:
$FSxWindowsRemotePowerShellEndpoint = "ReplacewithyourRemotePowerShellEndpointDNSname"
Invoke-Command -ComputerName $FSxWindowsRemotePowerShellEndpoint -ConfigurationName FSxRemoteAdmin -ScriptBlock { Get-FSxSmbOpenFile}
One of the key differences between regular PS remoting and FSx, is that you need to specify the -ConfigurationName FSxRemoteAdmin parameter.
Let me know how it goes :)
Hello there! I notice that you are having trouble connecting to your FSx instance via WinRM on port 5985. From the notes you have mentioned that you have configured the instance for testing via SMB port 445 and opened the SG for SMB and WinRM. You also mention that all ports are allowed outbound and NACL set for both directions. However I would like you to please note a couple of factors in regards to your case: For starters you have to ensure that you can connect to the Windows Remote PowerShell Endpoint. The main point that I noticed is that there was no mention of the file system’s inbound rule that will grant access for remote PowerShell connections. It is mandatory that the SG group in the inbound direction to allow traffic on port 5985 so a remote Powershell session is established. This will allow traffic from your FSx file system, which is what is currently blocking the connection[1]. Please also check that you are not using the addresses 198.18.0.0/15 space in your VPC, which is referenced in the documentation[2]. For more information about inbound rules and associating a security group[3] have a look at the references below.
References: [1] https://docs.aws.amazon.com/fsx/latest/WindowsGuide/remote-pwr-shell.html
[2] https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_getting_started_prereqs.html
Hello Antonio, when testing the endpoint and port using the command below, it comes back with True (I have removed the network-specific info). I'll need to go back and test it again. I have been just using the File Server role to manage the shares, etc. for now: PS C:\Users\username> test-netconnection {endpoint.domain.com} -port 5985 ComputerName : {endpoint.domain.com} RemoteAddress : XXX.XX.XXX.XXX RemotePort : 5985 InterfaceAlias : Ethernet SourceAddress : XXX.XX.XXX.XXX TcpTestSucceeded : True
I was able to get it working. I believe I wasn't using that Windows Remote PowerShell Endpoint to connect to the instance via PowerShell and that was my issue.
Awesome, thanks for the update, glad its working!