Skip CA Checks during Powershell Remoting

Powershell remoting is really a cool thing to have for an administrator. If you can allocate only few bytes in your brain to remember that New-PSSession syntax it can help managing your entire Windows based infrastructure without logging on to a server.

One of my colleagues was trying to logon a Lync box today and he kept getting an error:

 

 

    + CategoryInfo          : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException

    + FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed

New-PSSession : [lyncserver.exchange.local] Connecting to remote server lyncserver.exchange.local failed with the

following error message : The server certificate on the destination computer (lyncserver.exchange.local:443) has the

following errors:

The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.

For more information, see the about_Remote_Troubleshooting Help topic.

At line:1 char:12

+ $Session = New-PSSession -ConnectionUri https://lyncserver.exchange.local/ocspo

 

This can happen when the powershell cannot check the revocation status of the certificate on a remote server. In a way it is a good thing to prevent anything malicious and a good sign to trigger an alarm to your security guys. But in some cases if your CA is really offline and you know that. It can become a little problematic situation. Fortunately the way to fix it pretty simple. In fact it is a workaround.

Just use below two lines to get over this

$SessionOptions = New-PSSessionOption –SkipCACheck –SkipCNCheck –SkipRevocationCheck

$Session =  $Session = New-PSSession -ConnectionUri https://lyncserver.exchange.local/ocspowershell –Credential (Get-Credential) –SessionOption $SessionOptions

and then import the session usual way by Import-Session $Session.