information-security · September 27, 2021 00:45 · Jul 9, 2021 · Jul 9, 2021
diff --git a/install_powershell_v6_ubuntu.sh b/install_powershell_v6_ubuntu.sh
@@ -25,4 +25,4 @@ Install-WSMan
 
 # Restart your PowerShell session to enable it in PowerShell
 exit
-sudo pwsh6
+sudo pwsh6
diff --git a/readme.txt b/readme.txt
@@ -1,3 +1,9 @@
+These files are useful when remote desktop connections to a remote host are failing while the machine itself is still functioning properly. First you can try to restart RDP windows service (aka TermService) remotely. If the proplem persist, you may force kill Desktop Window Manager (DWM) process. This procedure usually fixes the problem.
+
+If you are on linux, you will need to install powershell. Use `install_powershell_ubuntu.sh` for that purpose.
+Use either of `restart_rdp_cmd.sh` or `restart_rdp_invoke.sh` to restart rdp service.
+Read the comments section for the instructions on how to restart the DWM.
+
 
 Error:
 Connecting to remote server 10.83.244.221 failed with the following error message : MI_RESULT_FAILED
@@ -26,4 +32,4 @@ destination to analyze and configure the WinRM service: "winrm quickconfig".
 
 Solution:
 Run following command on remote machine:
-> winrm quickconfig
+> winrm quickconfig
diff --git a/restart_rdp_invoke.sh b/restart_rdp_invoke.sh
@@ -10,4 +10,4 @@ Invoke-Command -Computer $targetIP -Credential $creds -ScriptBlock {
 # $targetIP = 10.83.244.221
 # Invoke-Command -Computer $targetIP -Authentication Negotiate -ScriptBlock {
 # 	Get-Service -Name TermService | Restart-Service -Force
-# }
+# }
diff --git a/install_powershell_ubuntu.sh b/install_powershell_ubuntu.sh
@@ -0,0 +1,18 @@
+# Install PowerShell
+sudo snap install powershell --classic
+# Or refer to following official link for further options. (I followed installation via package repository for Ubuntu 20.04)
+# https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-linux?view=powershell-7.1#installation-via-package-repository---ubuntu-2004
+
+# install NTLM dependency
+sudo apt install gss-ntlmssp
+
+# Start PowerShell
+sudo pwsh
+
+# Install WSMan
+Install-Module -Name PSWSMan
+Install-WSMan
+
+# Restart your PowerShell session to enable it in PowerShell
+exit
+sudo pwsh
diff --git a/install_powershell_v6_ubuntu.sh b/install_powershell_v6_ubuntu.sh
@@ -0,0 +1,28 @@
+# Download the powershell '.tar.gz' archive
+curl -L -o /tmp/powershell.tar.gz https://github.com/PowerShell/PowerShell/releases/download/v6.2.7/powershell-6.2.7-linux-x64.tar.gz
+
+# Create the target folder where powershell will be placed
+sudo mkdir -p /opt/microsoft/powershell/6
+
+# Expand powershell to the target folder
+sudo tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/6
+
+# Set execute permissions
+sudo chmod +x /opt/microsoft/powershell/6/pwsh
+
+# Create the symbolic link that points to pwsh
+sudo ln -s /opt/microsoft/powershell/6/pwsh /usr/bin/pwsh6
+
+# install NTLM dependency
+sudo apt install gss-ntlmssp
+
+# Start PowerShell
+sudo pwsh6
+
+# Install WSMan (v2.2.0 won't work. We should install 2.1.0)
+Install-Module -Name PSWSMan -RequiredVersion 2.1.0
+Install-WSMan
+
+# Restart your PowerShell session to enable it in PowerShell
+exit
+sudo pwsh6
diff --git a/readme.txt b/readme.txt
@@ -0,0 +1,29 @@
+
+Error:
+Connecting to remote server 10.83.244.221 failed with the following error message : MI_RESULT_FAILED
+
+Solution:
+First run following command on remote machine::
+> winrm quickconfig
+If it didn't work, then downgrade your powershell to v6
+
+
+Error:
+The WinRM client cannot process the request. If the authentication scheme is different from Kerberos,
+or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must
+be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the
+TrustedHosts list might not be authenticated.
+
+Solution:
+Run following command on local machine:
+> winrm set winrm/config/client '@{TrustedHosts="*"}'
+
+Error:
+The client cannot connect to the destination specified in the request. Verify that the service on the destination is
+running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the
+destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the
+destination to analyze and configure the WinRM service: "winrm quickconfig".
+
+Solution:
+Run following command on remote machine:
+> winrm quickconfig
diff --git a/restart_rdp_cmd.sh b/restart_rdp_cmd.sh
@@ -0,0 +1,8 @@
+# Connect to remote CMD
+$creds = Get-Credential
+$targetIP = "10.83.244.221"
+
+Enter-PSSession -ComputerName $targetIP -Credential $creds
+
+# After successful connection, restart the service:
+powershell -command "Restart-Service TermService -Force"
diff --git a/restart_rdp_invoke.sh b/restart_rdp_invoke.sh
@@ -0,0 +1,13 @@
+$creds = Get-Credential
+$targetIP = "10.83.244.221"
+
+Invoke-Command -Computer $targetIP -Credential $creds -ScriptBlock {
+	Get-Service -Name TermService | Restart-Service -Force
+}
+
+# Or
+#
+# $targetIP = 10.83.244.221
+# Invoke-Command -Computer $targetIP -Authentication Negotiate -ScriptBlock {
+# 	Get-Service -Name TermService | Restart-Service -Force
+# }