我尝试以本地管理员身份运行此Powershell脚本($credential
也具有PSShellAdmin权限):
$securePassword = ConvertTo-SecureString "Password" -AsPlainText -force
$credential = New-Object System.Management.Automation.PsCredential(".\test",$securePassword)
Invoke-Command -ComputerName RM-SERVER -ScriptBlock {Get-Process} -Credential $credential
接着说:
Connecting to remote server failed with the following error message :
WinRM cannot process the request. The following error occured while using Kerb
eros authentication: There are currently no logon servers available to service
the logon request.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specifie
d.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does
not exist.
-The client and remote computers are in different domains and there is no tru
st between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM
TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command:
winrm help config. For more information, see the about_Remote_Troubleshooting H
elp topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
我试图解决在PS中运行命令的问题 - > Enable-PSRemoting
。但它并没有帮助我。那么,我该怎么办这个错误呢?
答案 0 :(得分:0)
看起来您正在尝试使用本地帐户建立网络连接"。\ test"。
答案 1 :(得分:0)
希望这可以帮助那些做类似事情的人,但是使用C#代码。
如果您的代码作为localSystem运行(如在Window Service案例中),则在用户名之前使用PSCredential打开一个没有“\”的运行空间似乎会强制在工作组环境中运行Kerberos AuthenticationMechansim。
var username = "foobar";
var connInfo = new WSManConnectionInfo(false, hostname, Port, AppName, ShellUri,
new PSCredential(username, password))
{
AuthenticationMechanism = AuthenticationMechanism.Negotiate
};
using (var runspace = RunspaceFactory.CreateRunspace(host, connectionInfo))
{
runspace.Open(); //will try to negotiate with Kerberos
}
修复是在用户名前面添加“\”以强制在非域环境中使用NTLM
var username = "foobar";
var domain = "";
var connInfo = new WSManConnectionInfo(false, hostname, Port, AppName, ShellUri,
new PSCredential(domain + "\\" + username, password))
{
AuthenticationMechanism = AuthenticationMechanism.Negotiate
};
using (var runspace = RunspaceFactory.CreateRunspace(host, connectionInfo))
{
runspace.Open(); //will try to negotiate with Kerberos in domain, NTLM in non-domain
}