Product: PowerShell Universal
Version: 5.6.12
Environment:
PSU Server: Docker (192.168.0.19)
PSU Agent: Windows Server 2019/2022 (192.168.0.43, Test-Server)
Network: Same subnet 192.168.0.0/24
Agent Type: Windows Service (PowerShell Universal Agent)
Problem Description:
The PSU Agent (Test-Server) successfully connects to the server and shows Status: Online in the UI with regular heartbeat updates. However, when attempting to execute scripts on this agent, all methods fail with gRPC connection errors.
Heartbeat updates regularly
Get-PSUComputer shows agent with Type: Agent, Status: Online
ICMP ping works between machines
Reverse direction (agent->server) TCP connections work
What Doesn’t Work:
Invoke-PSUScript -Script “test.ps1” -ComputerName “Test-Server”
Error: Status(StatusCode=“Unavailable”, Detail=“Error starting gRPC call. HttpRequestException: Unable to connect to the remote server”)
UI: Cannot select computer when creating/running scripts
Schedule with Computer parameter fails with same gRPC error
TCP port 5000 blocked from server->agent (but agent->server works)
Troubleshooting Attempted:
Windows Firewall disabled on agent - no change
Created explicit firewall rules for ports 5000, 5985 - no change
Verified WinRM service running, listener active on 0.0.0.0:5000
Checked netstat on agent: 0.0.0.0:5000 LISTENING
WFP diagnostics show default BLOCK filters active but no ALLOW filter for port 5000
Restarted PSUAgent service multiple times
EventHub connection from agent to server confirmed (192.168.0.43->192.168.0.19:5000 Established)
Questions:
Should PSU Agent work entirely through EventHub without requiring server→agent gRPC connections?
If gRPC is required, how can we force WFP to allow these connections without system reboot (which is not possible in production)?
Is there a configuration to make PSU use only EventHub for agent communication, avoiding direct gRPC calls?
Note: Test-Server reboot is not an option due to 24/7 production requirements.