Powershell远程更改RDWEB证书

Question

即将放弃这一点，在本地连接到每个系统并运行命令，但认为明智的做法是先问聪明人。

通过我在当地的凭据，这是可行的：

Set-Variable -Name "CBROKE" -Value "vmname01.amgsvcs.net"
Set-Variable -Name "CERTPASS" -Value "wHQTD3w6s"
Set-Variable -Name "CERTPATH" -Value "N:\CERTS\vmname01.domain.com.pfx"
Import-Module RemoteDesktop
$Password = ConvertTo-SecureString -String $CERTPASS -AsPlainText -Force
Set-RDCertificate -Role RDWebAccess -ImportPath $CERTPATH -Password $Password -ConnectionBroker $CBROKE -Force
Set-RDCertificate -Role RDPublishing -ImportPath $CERTPATH -Password $Password -ConnectionBroker $CBROKE -Force
Set-RDCertificate -Role RDRedirector -ImportPath $CERTPATH -Password $Password -ConnectionBroker $CBROKE -Force
Set-RDCertificate -Role RDGateway -ImportPath $CERTPATH -Password $Password -ConnectionBroker $CBROKE -Force

如果我试图使用相同的域管理帐户远程执行此操作，则使用

Enter-PSSession -ComputerName vmname01

我得到这一答复是为了回应每一组-- response证书：

Get-RDServer : The RD Connection Broker server is not available. Verify that you can connect to the RD Connection
Broker server.
At C:\windows\system32\WindowsPowerShell\v1.0\Modules\RemoteDesktop\Certificate.psm1:309 char:22
+ ... webaccess = Get-RDServer -ConnectionBroker $ConnectionBroker -Role @( ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-RDServer

Set-RDCertificate : Deployment does not contain an RD Web Access server.
At line:1 char:1
+ Set-RDCertificate -Role RDWebAccess -ImportPath $CERTPATH -Password $ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Set-RDCertificate

我使用了来自这个页面的检查( https://stackoverflow.com/questions/65022178/run-invoke-command-in-remote-computer-as-administrator )，它们都返回remote console已被提升的true。

Answer 1

我意识到这些命令不必在本地运行，它们实际上是域/网络类型的命令，可以在任何机器上运行。