我在客户端
中启用了Windows 7 64位和Powershell 2.0以及CredSSPEnable-WSManCredSSP -Role Client -DelegateComputer * -Force
我打开Powershell控制台,执行Enter-PSSession命令,使用CredSSP身份验证连接Windows 2008 Server:
Enter-PSSession -Computername ServerMOSS -Authentication Credssp -Credential MyDomain\installerUser
我希望远程执行Get-WSManCredSSP命令,但是我收到错误:“......使用协商身份验证时:发生了未知安全错误。”
PS C:\Users\myUser> Enter-PSSession -Computername ServerMOSS -Authentication Credssp -Credential MyDomain\installerUser
[ServerMOSS]: PS C:\Users\installerUser\Documents> Get-WSManCredSSP
WinRM cannot process the request. The following error occured while using Negotiate authentication: An unknown security
error occurred.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or us
e HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config.
+ CategoryInfo :
+ FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.GetWSManCredSSPCommand
[ServerMOSS]: PS C:\Users\installerUser\Documents> Exit-PSSession
IT部门在ServerMOSS中执行此命令:
PS C:\Users\installerUser\Documents> enabled-psremoting -force
他们得到错误:
WinRM already is set upt to receive requests on this machine
Set-WSManQuickConfig: WinRM cannot process the request. The following error occured while using Negotiate authentication: An unknown security error ocurred.
有什么建议吗?
答案 0 :(得分:1)
我遇到了同样的问题。我已经搜索并多次发现检查/设置SPN可以解决问题:
所以试试这个: 审查(只读)
setspn.exe -L MACHINENAME
查看HTTP / HTTPS条目(或任何重复项)的结果
添加缺少的名称:
setspn -A HTTP/machinename
setspn -A HTTP/machinename.fqdn.com
setspn -A HTTPS/machinename
setspn -A HTTPS/machinename.fqdn.com
答案 1 :(得分:0)
这是由于HTTPS / HTTP条目未向SPN注册。 只需执行以下以管理员身份打开Powershell:
使用以下命令检查SPN条目:
PS C:\> setspn -L domainname \ servername
然后添加HTTP / HTTPS enteries:
最后你可以在PowerShell提示符上使用启用-PSRemoting -Force