Remote Powershell not working but test-wsman does
Solution 1
I solved my problem. There is a known issue between Kerberos Autentication, Remote Powershell and Intregation Service (the server is running that app). Info can be found here and here
I have to create an A record DNS to the server (serverB_alias) and set the HTTP spn for this server to the account specifyng the port that wsman tries to connect (5985).
setspn -s http/serverB domain\user
setspn -s http/serverB.domain domain\user
setspn -s http/serverB_alias:5985 domain\user
setspn -s http/serverB_alias.domain:5985 domain\user
Finally, i add to server A trusted host list the alias DNS using:
$curValue = (get-item wsman:\localhost\Client\TrustedHosts).value
set-item wsman:\localhost\Client\TrustedHosts -value "$curValue, serverB_alias"
Solution 2
seems like an issue with exsting spn mapping issue , In powershell you can delete spn account and retry.
setspn -D HTTP/SERVERNAME <domain account>
setspn -D HTTP/SERVERNAME.DOMAINAME.COM <domain account>
if the issue persists, you can check with using ip address (IPv4) instead of server name to bypass Kerberos error.
Source https://serverfault.com/questions/580411/windows-server-manager-kerberos-error-0x80090322
Related videos on Youtube
37 : 12
04 : 47
02 : 36
02 : 47
07 : 58
Nico Osorio
I am three subject away from finishing my bachelor education as an Electronic Engineering. Programming enthusiastic i work as a Professor Assistant at Universidad Tecnologica Nacional (FRBA) and at Tenaris S.A. as an BI & INT specialist in the Implementation and Support Area.
Updated on September 18, 2022Comments
-
Nico Osorio over 1 year
I need to script some routine task to execute remotly from a serverA to many hosts but a couple of them fail to execute the script.
If i execute this:
$cred = Get-Credential myUser Invoke-Command -ComputerName serverB -ScriptBlock{gci d:\} -Credential $credor this:
Test-WSMan -ComputerName ServerB -Credential $cred -Authentication NegotiateI get the following error
[SeverB] Connecting to remote server ServerB failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090322 occurred while using Negotiate authentication: An unknown security error occurred. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic. + CategoryInfo : OpenError: (serverB:String) [], PSRemotingTransportException + FullyQualifiedErrorId : -2144108387,PSSessionStateBroken
But when i used test-wsman alone:
Test-WSMan -ComputerName ServerB wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd ProductVendor : Microsoft Corporation ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0I dont know where the problem could be. I had already tried using enable-psremote, winrm qc, checking firewall settings and user priviledge