目標機器上的Team Foundation Server（TFS）PowerShell

Question

我試圖自動化我的構建設置。它工作得很好。但是我在步驟「目標機器上的PowerShell」中遇到問題。

只要TFS服務器和其他服務器在同一個域中，該步驟就可以正常工作。現在我有一個不在域內的服務器。 「Windows機器文件複製」步驟正在工作。但「目標機器上的PowerShell」步驟不起作用。 powershell腳本在遠程機器上。我只需要執行腳本。

在服務器上我有一個具有管理員權限的本地用戶。 我已經檢查：

• 防火牆是沒有問題的
• WinRM的設置
• TFS服務器是在可信主機列表
• 配置「目標計算機上的PowerShell」與IP地址，機組和機器名

當我使用HTTP我收到以下錯誤

WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request. 
Possible causes are: 
-The user name or password specified are invalid. 
-Kerberos is used when no authentication method and no user name are specified. 
-Kerberos accepts domain user names, but not local user names. 
-The Service Principal Name (SPN) for the remote computer name and port does not exist. 
-The client and remote computers are in different domains and there is no trust between the two domains. 
After checking for the above issues, try the following: 
-Check the Event Viewer for events related to authentication. 
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. 
Note that computers in the TrustedHosts list might not be authenticated. 
-For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic. For more info please refer to http://aka.ms/powershellontargetmachinesreadme

當我使用HTTPS我收到以下錯誤

The client cannot connect to the destination specified in the request.
 Verify that the service on the destination is running and is accepting requests.
 Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".
 For more information, see the about_Remote_Troubleshooting Help topic.
 For more info please refer to http://aka.ms/powershellontargetmachinesreadme

現在我迷路了，不知道該怎麼辦。有沒有人知道接下來要檢查什麼？

預先感謝您

Answer 1

好像你想上駐留構建機AD域之外的目標機運行TFS PS。這並不是那麼簡單，即使你直接使用tfs任務，也會得到相同的錯誤。

要達到此目的，您有兩種選擇。您的主域ANS所有的子域之間

1. 設置一個單向信任讓您的生產域憑據可 所有子域名中使用。
2. 使用影子賬號允許跨域認證。這些帳戶是跨機器 具有相同的用戶名和密碼的本地帳戶，允許身份驗證。這是MSFT的官方工作，針對不信任 的域名驗證。

請看一看這個類似的問題：TFS 'Powershell on Target Machines' task for machines in different AD domain

---

更新

從OP任職：客戶端添加到服務器可信主機列表和其他（將客戶端上的服務器添加到可信主機列表中）*