Testing the computer secure channel

Every machine in the domain has a secure channel between it and the domain. The password on this is reset automatically by the systems.  PowerShell v2 enables us to test this

PS> Test-ComputerSecureChannel
True
PS> Test-ComputerSecureChannel -Server server02
True
PS> Test-ComputerSecureChannel -Server server02.manticore.org
True
PS> Test-ComputerSecureChannel -Server dc02
True

 

You can only test this from the local machine but as long as you have PowerShell remoting enabled you can do this

PS> Invoke-Command -ComputerName win7test -ScriptBlock {Test-ComputerSecureChannel}
True

 

If you are on a domain controller

PS> Test-ComputerSecureChannel
Test-ComputerSecureChannel : This command cannot be executed on target computer(‘SERVER02’) due to following error: The
specified domain either does not exist or could not be contacted.

It fails with the server name

PS> Test-ComputerSecureChannel -Server server02
Test-ComputerSecureChannel : This command cannot be executed on target computer(‘SERVER02’) due to following error: The
specified domain either does not exist or could not be contacted.
At line:1 char:27
+ Test-ComputerSecureChannel <<<<  -Server server02
    + CategoryInfo          : InvalidOperation: (SERVER02:String) [Test-ComputerSecureChannel], InvalidOperationExcept
   ion
    + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.TestComputerSecureChannelCommand

PS> Test-ComputerSecureChannel -Server server02.manticore.org
Test-ComputerSecureChannel : This command cannot be executed on target computer(‘SERVER02’) due to following error: The
specified domain either does not exist or could not be contacted.
At line:1 char:27
+ Test-ComputerSecureChannel <<<<  -Server server02.manticore.org
    + CategoryInfo          : InvalidOperation: (SERVER02:String) [Test-ComputerSecureChannel], InvalidOperationExcept
   ion
    + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.TestComputerSecureChannelCommand

 

You need to point at another domain controller

PS> Test-ComputerSecureChannel -Server dc02
True
PS> Test-ComputerSecureChannel -Server dc02.manticore.org
True

 

Though this works

PS> Invoke-Command -ComputerName dc02 -ScriptBlock {Test-ComputerSecureChannel}
True

A useful addition to your AD troubleshooting toolbox

This entry was posted in PowerShell and Active Directory. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s