Remote WDSUtil and "the user has not been authenticated" RRS feed

  • السؤال

  • Running Windows 2012 with WDS installed. We have a script that works locally. However, I cannot figure out how to execute it remotely from a non-WDS server. It comes down to the WDSUTIL command, when executed remotely via PowerShell like:

    Invoke-Command -ComputerName $WDSServer -Script "WDSutil /Remove-Image /Image:MyTestImage /ImageType:Install /ImageGroup:Windows2008"

    always returns:

    Error Code: 0x4DC
    Error Description: The operation being requested was not performed because the user has not been authenticated.

    I tried specifying -Credentials and -Authentication but did not find a working combination. How does one execute WDSUtil remotely?

    11/جمادى الثانية/1435 09:40 م

جميع الردود

  • Hi,

    Please try Enter_PSSession, with it you can start an interactive session with remote computer.


    If it still doesn’t help. Please share the entire error message with us.

    Hope this helps.

    14/جمادى الثانية/1435 03:35 ص
  • I am confused. As mentioned in my question, this is a script, and my understanding is "Enter-PSSession is designed for interactive use only... not for scripting." - This is automation scripting, and is executing from an orchestrator. WDSUtil is useable in a local script, but I have not found out how to use it via a remote script.

    14/جمادى الثانية/1435 06:11 م
  • Hi,

    Enter-PSSession is just like Invoke-Command. Enter-PSSession keeps the session, you can run several commands as you type it on remote computer. Invoke-command close the session after running the following command.

    For the difference you can refer to this blog.

    In order to run this script, we should remote to WDS server, then run scripts.

    First, use Enter-PSSession confirm can remote to WDS. Then confirm we can run scripts. I think we can try another computer

    I just found an article about this error, for your information:

    System Error Codes (1000-1299)

    Hope this helps.

    16/جمادى الثانية/1435 02:07 ص
  • I am sorry, I am not making myself clear. This is automation, no human intervention. A script runs on an orchestrator server (Same domain, full domain admin credentials) and it needs to execute WDSUtil commands on a remote WDS.

    Enter-PSSession does not help, it actually makes it worse, it cannot access WDSUtil even when using the fully qualified path "& C:\Windows\System32\WDSUtil.exe". The documentation I found indicates *-PSSession is for interactive use, I need a non-interactive script solution that does:

    Invoke-Command -ComputerName $WDSServer -Script "WDSutil /Remove-Image /Image:MyTestImage /ImageType:Install /ImageGroup:Windows2008"

    or equivalent...

    The MSDSN error article pointer has the same generic info as the error reported from WDSUtil.

    16/جمادى الثانية/1435 01:10 م
  • Hi,

    I knew your final purpose. But during troubleshooting, we need address where and why we get the error.

    $s1=New-PSSession -ComputerName FQDN

    Enter-PSSession -Session $s1

    Use full quality domain name of WDS instead of FQDN in the command. You said it doesn’t help, can you tell the result you get, the same error?

    Since this is a system error, I still wonder if it works if you change to another computer.

    17/جمادى الثانية/1435 06:47 ص
  • Exactly the script you asked:

    $s1=New-PSSession -ComputerName
    Enter-PSSession -Session $s1
    & C:\Windows\System32\WDSUtil.exe /Get-AllImageGroups

    Gives this error:

    & : The term 'C:\Windows\System32\WDSUtil.exe' is not recognized as the name of a cmdlet, function, script file, or
    operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
    At C:\Users\hpadmin\test.ps1:3 char:3
    + & C:\Windows\System32\WDSUtil.exe /Get-AllImageGroups
    +   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (C:\Windows\System32\WDSUtil.exe:String) [], CommandNotFoundException
        + FullyQualifiedErrorId : CommandNotFoundException

    Which has nothing to do with the error I get when using the invoke-command

    18/جمادى الثانية/1435 05:37 م
  • Hi Frank and Daniel,

    I am facing the same issue. Did you guys find a solution?

    18/شعبان/1436 12:49 م
  • No, it was never resolved and I have not had time to investigate the Windows Server 2012 R2 WDS PowerShell command ( If you find a solution please post it.

    18/شعبان/1436 07:13 م
  • My use-case is a little different, I am trying to invoke this from a Linux machine using Pywinrm. 
    19/شعبان/1436 05:33 م
  • I struggled with this all day!  Man this was frustrating.  WDSUTIL and all the WDS PowerShell CmdLets were giving the same error

    get-wdsclient : The operation being requested was not performed because the user has not been authenticated.

    I found the answer in my case.  I removed the WDS role and reinstalled it.  I then configured it as non-AD integrated and then remote commands started working.  Fortunately I have no need for AD integration.  I hope this also works for you.


    Sidenote - I tried everything!  different servers / user accounts / enter-pssession / cimsession / psexec and they all gave the same error. 

    03/ذو القعدة/1436 08:48 م
  • Wow - Thanks for the input. Unfortunately, I need AD integration. This smells like something related to credential delegation / CredSSP. I will try to find time to investigate that approach.

    It would seem logical that after at least 16 months something about this would be documented.

    03/ذو القعدة/1436 09:46 م
  • Hi, 
    I know this old post but I would like share my ideas as I had same issue more than a month while replacing/adding boot.wim in WDS (as like FrankJB). I tried below and its working now. 

    1. The script which will remove old boot.wim and add new boot.wim based on 'boot file name' and placed on all remote server. 
    2. To import scheduled task (which I modified based on need) on remote server & it will be triggered on remote server to execute 1st script.
    11/ذو القعدة/1438 04:46 ص
  • Found a way to do this, but its probably not the best. It wouldn't work with Enter-PSSession, Invoke-Command etc. 

    Using Invoke-Command, you can create a bat file and use a Scheduled Run Once task to run that Batch file as system account. It will then do what you want :) 

    Heres how I did it:

    Invoke-Command -ComputerName "$DistributionPoint" -ScriptBlock {
    Set-Itemproperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDSPXE' -Name 'UseDHCPPorts' -value 0 ;
    new-item c:\admin\WDSConfig.bat -ItemType File -Force
    $line = "cmd /c WDSUTIL /Set-Server /UseDHCPPorts:No /DHCPOption60:Yes >> c:\admin\wdsconfig.txt"
    $line2 = "cmd /c wdsutil /initialize-server /reminst:M:\RemoteInstall >> c:\admin\wdsconfig.txt"
    add-content -path c:\admin\WDSConfig.bat -Value $line
    add-content -path c:\admin\WDSConfig.bat -Value $line2
    $StartDate = (get-date).AddMinutes(1).ToString("HH:mm")
    Start-Process -FilePath SchTasks -ArgumentList '/Create /SC ONCE /ST ',$StartDate,'/TN "Run WDSUTIL Config" /TR "c:\admin\WDSConfig.bat" /RU "NT AUTHORITY\SYSTEM" /V1 /Z'
                            } -SessionOption $sessionoptions

    16/شوال/1440 01:54 ص