我可以将Invoke-Command用于网络上的其他计算机。
我已经以管理员身份运行Enable-PSRemoting。
我错过了什么?
PS C:\Windows\system32> winrm quickconfig
WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.
PS C:\Windows\system32> Invoke-Command -ComputerName localhost -ScriptBlock { dir }
[localhost] Connecting to remote server localhost failed with the following error
message : The client cannot connect to the destination specified in the request.
Verify that the service on the destination is running and is accepting requests.
Consult the logs and documentation for the WS-Management service running on the
destination, most commonly IIS or WinRM. If the destination is the WinRM service,
run the following command on the destination to analyze and configure the WinRM
service: "winrm quickconfig". For more information, see the
about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (localhost:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : CannotConnect,PSSessionStateBroken
将DisableStrictNameChecking设置为一(1)后,会出现相同的错误消息。
将BackConnectionHostNames设置为“localhost”和“ALFRED”后,会出现相同的错误消息。
将DisableLoopbackCheck设置为一(1)后,将显示以下消息。
PS C:\Windows\system32> winrm quickconfig
WinRM service is already running on this machine.
WSManFault
Message
ProviderFault
WSManFault
Message = WinRM firewall exception will not work since one of the network connection types on this ma
chine is set to Public. Change the network connection type to either Domain or Private and try again.
Error number: -2144108183 0x80338169
WinRM firewall exception will not work since one of the network connection
types on this machine is set to Public. Ch
ange the network connection type to either Domain or Private and try again.
我似乎无权更改网络类型。我在公司VPN上。 company.com网络为Domain network,但另一个网络为Public network。如果我无法改变它,那么我似乎无法从这里到达那里。
答案 0 :(得分:1)
这是一个名为" NTLM环回检查"的安全功能。您可以在MS KB article或Marc Lognoul's blog查看更多详细信息。简而言之,Kerberos不能与" localhost"或" 127.0.0.1"或" [:: 1]"用于远程主机名。身份验证失败回NTLM,并且它具有与Loopback IP相关的漏洞。
解决方法是在注册表中禁用环回检查,如MS页面上的解释方法2那样。
答案 1 :(得分:0)
删除WinRM旧监听器。
winrm delete winrm / config / Listener?Address = * + Transport = HTTPS
首先需要创建一个自签名证书并获取其指纹
1.New-SelfSignedCertificate -DnsName"" -CertStoreLocation Cert:\ LocalMachine \ My
将指纹复制到剪贴板并运行以下命令。此命令将在WinRM中注册HTTPS侦听器
2.winrm create winrm / config / Listener?Address = * + Transport = HTTPS @ {Hostname ="&#34 ;; CertificateThumbprint =""}
添加新的防火墙规则
port=5986
netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" dir=in action=allow protocol=TCP localport=$port
答案 2 :(得分:0)
public (1)使用管理员权限启动新的Powershell窗口(以管理员身份运行)
(2)使用以下命令检索您的本地主机名称:hostname
(3)使用以下命令在受信任的服务器列表中注册此主机名:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "<Your hostname from (2) above>"
激活远程处理:
Winrm qc
Enable-PSRemoting
测试:
Invoke-Command -ComputerName localhost -ScriptBlock {hostname}
注意:
powershell -Command "start PowerShell -Verb RunAs"