q: A user tries to send a command to SERVER1 via PowerShell over WinRM and gets an error.
PS > Invoke-Command -ComputerName SERVER1 -ScriptBlock {net localgroup administrators}
*[SERVER1] Connecting to remote server SERVER1 failed with the
following error message : WinRM cannot process the request. The following
error with errorcode 0x80090322 occurred while using Kerberos
authentication: An unknown*security error occurred.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are
specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port
does not exist.
-The client and remote computers are in different domains and there is no
trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the
WinRM TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following
command: winrm help config. For more information, see the
about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (SERVER1:String) [],
PSRemotingTransportException
+ FullyQualifiedErrorId : -2144108387,PSSessionStateBroken
a: From the client machine, create this Reg Key and try again.
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client
Value type: REG_SZ (string)
Value name: spn_prefix
Value data: WSMAN
No comments:
Post a Comment