information-security · September 27, 2021 00:45 · information-security · Jul 9, 2021
diff --git a/readme.txt b/readme.txt
 These files are useful when remote desktop connections to a remote host are failing while the machine itself is still functioning properly. First you can try to restart RDP windows service (aka TermService) remotely. If the proplem persist, you may force kill Desktop Window Manager (DWM) process. This procedure usually fixes the problem.

 If you are on linux, you will need to install powershell. Use `install_powershell_ubuntu.sh` for that purpose.
 Use either of `restart_rdp_cmd.sh` or `restart_rdp_invoke.sh` to restart rdp service.
 Read the comments section for the instructions on how to restart the DWM.


 Error:
 Connecting to remote server 10.83.244.221 failed with the following error message : MI_RESULT_FAILED

 Solution:
 First run following command on remote machine::
 > winrm quickconfig
 If it didn't work, then downgrade your powershell to v6


 Error:
 The WinRM client cannot process the request. If the authentication scheme is different from Kerberos,
 or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must
 be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the
 TrustedHosts list might not be authenticated.

 Solution:
 Run following command on local machine:
 > winrm set winrm/config/client '@{TrustedHosts="*"}'

 Error:
 The client cannot connect to the destination specified in the request. Verify that the service on the destination is
 running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the
 destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the
 destination to analyze and configure the WinRM service: "winrm quickconfig".

 Solution:
 Run following command on remote machine:
 > winrm quickconfig
diff --git a/install_powershell_ubuntu.sh b/install_powershell_ubuntu.sh
 # Install PowerShell
 sudo snap install powershell --classic
 # Or refer to following official link for further options. (I followed installation via package repository for Ubuntu 20.04)
 # https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-linux?view=powershell-7.1#installation-via-package-repository---ubuntu-2004

 # install NTLM dependency
 sudo apt install gss-ntlmssp

 # Start PowerShell
 sudo pwsh

 # Install WSMan
 Install-Module -Name PSWSMan
 Install-WSMan

 # Restart your PowerShell session to enable it in PowerShell
 exit
 sudo pwsh
diff --git a/install_powershell_v6_ubuntu.sh b/install_powershell_v6_ubuntu.sh
 # Download the powershell '.tar.gz' archive
 curl -L -o /tmp/powershell.tar.gz https://github.com/PowerShell/PowerShell/releases/download/v6.2.7/powershell-6.2.7-linux-x64.tar.gz

 # Create the target folder where powershell will be placed
 sudo mkdir -p /opt/microsoft/powershell/6

 # Expand powershell to the target folder
 sudo tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/6

 # Set execute permissions
 sudo chmod +x /opt/microsoft/powershell/6/pwsh

 # Create the symbolic link that points to pwsh
 sudo ln -s /opt/microsoft/powershell/6/pwsh /usr/bin/pwsh6

 # install NTLM dependency
 sudo apt install gss-ntlmssp

 # Start PowerShell
 sudo pwsh6

 # Install WSMan (v2.2.0 won't work. We should install 2.1.0)
 Install-Module -Name PSWSMan -RequiredVersion 2.1.0
 Install-WSMan

 # Restart your PowerShell session to enable it in PowerShell
 exit
 sudo pwsh6
diff --git a/restart_rdp_cmd.sh b/restart_rdp_cmd.sh
 # Connect to remote CMD
 $creds = Get-Credential
 $targetIP = "10.83.244.221"

 Enter-PSSession -ComputerName $targetIP -Credential $creds

 # After successful connection, restart the service:
 powershell -command "Restart-Service TermService -Force"
diff --git a/restart_rdp_invoke.sh b/restart_rdp_invoke.sh
 $creds = Get-Credential
 $targetIP = "10.83.244.221"

 Invoke-Command -Computer $targetIP -Credential $creds -ScriptBlock {
 	Get-Service -Name TermService | Restart-Service -Force
 }

 # Or
 #
 # $targetIP = 10.83.244.221
 # Invoke-Command -Computer $targetIP -Authentication Negotiate -ScriptBlock {
 # 	Get-Service -Name TermService | Restart-Service -Force
 # }
	These files are useful when remote desktop connections to a remote host are failing while the machine itself is still functioning properly. First you can try to restart RDP windows service (aka TermService) remotely. If the proplem persist, you may force kill Desktop Window Manager (DWM) process. This procedure usually fixes the problem.

	If you are on linux, you will need to install powershell. Use `install_powershell_ubuntu.sh` for that purpose.
	Use either of `restart_rdp_cmd.sh` or `restart_rdp_invoke.sh` to restart rdp service.
	Read the comments section for the instructions on how to restart the DWM.


	Error:
	Connecting to remote server 10.83.244.221 failed with the following error message : MI_RESULT_FAILED

	Solution:
	First run following command on remote machine::
	> winrm quickconfig
	If it didn't work, then downgrade your powershell to v6


	Error:
	The WinRM client cannot process the request. If the authentication scheme is different from Kerberos,
	or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must
	be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the
	TrustedHosts list might not be authenticated.

	Solution:
	Run following command on local machine:
	> winrm set winrm/config/client '@{TrustedHosts="*"}'

	Error:
	The client cannot connect to the destination specified in the request. Verify that the service on the destination is
	running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the
	destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the
	destination to analyze and configure the WinRM service: "winrm quickconfig".

	Solution:
	Run following command on remote machine:
	> winrm quickconfig
	# Install PowerShell
	sudo snap install powershell --classic
	# Or refer to following official link for further options. (I followed installation via package repository for Ubuntu 20.04)
	# https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-linux?view=powershell-7.1#installation-via-package-repository---ubuntu-2004

	# install NTLM dependency
	sudo apt install gss-ntlmssp

	# Start PowerShell
	sudo pwsh

	# Install WSMan
	Install-Module -Name PSWSMan
	Install-WSMan

	# Restart your PowerShell session to enable it in PowerShell
	exit
	sudo pwsh
	# Download the powershell '.tar.gz' archive
	curl -L -o /tmp/powershell.tar.gz https://github.com/PowerShell/PowerShell/releases/download/v6.2.7/powershell-6.2.7-linux-x64.tar.gz

	# Create the target folder where powershell will be placed
	sudo mkdir -p /opt/microsoft/powershell/6

	# Expand powershell to the target folder
	sudo tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/6

	# Set execute permissions
	sudo chmod +x /opt/microsoft/powershell/6/pwsh

	# Create the symbolic link that points to pwsh
	sudo ln -s /opt/microsoft/powershell/6/pwsh /usr/bin/pwsh6

	# install NTLM dependency
	sudo apt install gss-ntlmssp

	# Start PowerShell
	sudo pwsh6

	# Install WSMan (v2.2.0 won't work. We should install 2.1.0)
	Install-Module -Name PSWSMan -RequiredVersion 2.1.0
	Install-WSMan

	# Restart your PowerShell session to enable it in PowerShell
	exit
	sudo pwsh6
	# Connect to remote CMD
	$creds = Get-Credential
	$targetIP = "10.83.244.221"

	Enter-PSSession -ComputerName $targetIP -Credential $creds

	# After successful connection, restart the service:
	powershell -command "Restart-Service TermService -Force"
	$creds = Get-Credential
	$targetIP = "10.83.244.221"

	Invoke-Command -Computer $targetIP -Credential $creds -ScriptBlock {
	Get-Service -Name TermService \| Restart-Service -Force
	}

	# Or
	#
	# $targetIP = 10.83.244.221
	# Invoke-Command -Computer $targetIP -Authentication Negotiate -ScriptBlock {
	# Get-Service -Name TermService \| Restart-Service -Force
	# }