使用远程PSSession CredSSP时出现未知安全性错误

时间:2012-11-07 14:06:31

标签: security powershell powershell-v2.0 powershell-remoting

我在客户端

中启用了Windows 7 64位和Powershell 2.0以及CredSSP
Enable-WSManCredSSP -Role Client -DelegateComputer * -Force

我打开Powershell控制台,执行Enter-PSSession命令,使用CredSSP身份验证连接Windows 2008 Server:

Enter-PSSession -Computername ServerMOSS -Authentication Credssp -Credential MyDomain\installerUser

我希望远程执行Get-WSManCredSSP命令,但是我收到错误:“......使用协商身份验证时:发生了未知安全错误。”

PS C:\Users\myUser> Enter-PSSession -Computername ServerMOSS -Authentication Credssp -Credential MyDomain\installerUser

[ServerMOSS]: PS C:\Users\installerUser\Documents> Get-WSManCredSSP

WinRM cannot process the request. The following error occured while using Negotiate authentication: An unknown security
 error occurred.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or us
e HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config.
    + CategoryInfo          :
    + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.GetWSManCredSSPCommand

[ServerMOSS]: PS C:\Users\installerUser\Documents> Exit-PSSession

IT部门在ServerMOSS中执行此命令:

PS C:\Users\installerUser\Documents> enabled-psremoting -force

他们得到错误:

WinRM already is set upt to receive requests on this machine
Set-WSManQuickConfig: WinRM cannot process the request. The following error occured while using Negotiate authentication: An unknown security error ocurred.

有什么建议吗?

2 个答案:

答案 0 :(得分:1)

我遇到了同样的问题。我已经搜索并多次发现检查/设置SPN可以解决问题:

所以试试这个: 审查(只读)

setspn.exe -L MACHINENAME

查看HTTP / HTTPS条目(或任何重复项)的结果

添加缺少的名称:

setspn -A HTTP/machinename
setspn -A HTTP/machinename.fqdn.com
setspn -A HTTPS/machinename
setspn -A HTTPS/machinename.fqdn.com

来源:WinRM QuickConfig failing with 0x8033809D

答案 1 :(得分:0)

这是由于HTTPS / HTTP条目未向SPN注册。 只需执行以下以管理员身份打开Powershell:

使用以下命令检查SPN条目:

PS C:\> setspn -L domainname \ servername

然后添加HTTP / HTTPS enteries:

  1. PS C:\> setspn -A HTTP / servername servername
  2. PS C:\> setspn -A HTTP / servername.fqdn.com servername
  3. PS C:\> setspn -A HTTPS / servername servername
  4. PS C:\> setspn -A HTTPS / servername.fqdn.com servername
  5. 最后你可以在PowerShell提示符上使用启用-PSRemoting -Force