2017-04-19 110 views
0

驗證請考慮以下情形:如何到遠程服務器使用遠程服務器的本地用戶通過PowerShell的WinRM的

有2臺服務器:和server2,都在同一個網絡上,並在同一個域。目標是使用本地用戶從server2打開來自 PSSession的成server2作爲身份:

PS @SERVER1 > $session = New-PSSession -ComputerName server2 -Credential server2\username 

server2本地用戶是WinRMRemoteWMIUsers_

的成員如果域用戶使用然後一切工作正常:

PS @SERVER1 > $session = New-PSSession -ComputerName server2 -Credential domain\username 

試圖連接作爲本地用戶時得到的錯誤是:

 
New-PSSession : [server2] Connecting to remote server server2 failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos 
    authentication: There are currently no logon servers available to service the logon request. 
    Possible causes are: 
     -The user name or password specified are invalid. 
     -Kerberos is used when no authentication method and no user name are specified. 
     -Kerberos accepts domain user names, but not local user names. 
     -The Service Principal Name (SPN) for the remote computer name and port does not exist. 
     -The client and remote computers are in different domains and there is no trust between the two domains. 
    After checking for the above issues, try the following: 
     -Check the Event Viewer for events related to authentication. 
     -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. 
    Note that computers in the TrustedHosts list might not be authenticated. 
     -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic. 

從錯誤信息有The following error with errorcode 0x80090311 occurred while using Kerberos authentication-Kerberos accepts domain user names, but not local user names.所以,一個連接被執行在server1以下後嘗試:

PS @SERVER1 > winrm set winrm/config/client '@{TrustedHosts="server2"}' 

試圖執行之後的命令仍無法啓動一個PSSession

可以嘗試什麼其他步驟?

+0

代替'-requestntial server2 \ username'嘗試'-Credential(get-credential)'。 -Credential(should)永遠不會接受dom \用戶名或用戶名,它正在尋找一個pscredential對象。 @羅曼本質上是在他的回答中建立一個保密的對象。如果要重用憑證對象,然後將其存儲在var $ {$ cred = get-credential'中,然後將其提供給cmdlet:'-Crendential $ cred' [about Get-Credential](https:// msdn .microsoft.com/EN-US/PowerShell中/參考/ 5.1/microsoft.powershell.security/GET-憑證) – brendan62269

回答

1

你應該能夠首先做這樣的事

$cred = $host.ui.PromptForCredential("local credential", "Enter machine\user ID and password.", "localhost\$env:username", "") 
$session = New-PSSession -ComputerName server2 -Credential $cred 

所以,收集憑證,則只需將其插入。而且,你可以從字面上使用localhost域側和工作。爲我工作。

> $session 
Id Name   ComputerName State   ConfigurationName  Availability 
-- ----   ------------ -----   -----------------  ------------ 
1 Session1   server2   Opened  Microsoft.PowerShell  Available 
相關問題