我有两台远程机器:1 我们称之为驱动程序,2 我们称之为客户端。它们位于同一个域中,我们称之为“TECH.com”。
在驱动程序机器上,我有一个控制客户端机器的 PowerShell 脚本:1、在客户端上恢复检查点。2、停止客户端。3、启动客户端。等等。我想要做的事情是让客户端机器执行另一个 PowerShell 脚本(它可以驻留在客户端或/和驱动程序上。如果需要,我可以将文件从驱动程序复制到客户端)。
所以我做了一些研究,发现了两种方法:1、WS Management。2、WMI 我在两台机器上都启用了 psremoting。我在两台机器上都测试了 WsMan,它们看起来工作正常。我已经能够在这两台机器之间传输文件,但是,当我尝试运行 Invoke 命令时,它给了我错误:
Connecting to remote server XXXXXXtech.com failed with the following error message : WinRM cannot process the request. The following
error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (XXXXXX.XXXXtech.com:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : AuthenticationFailed,PSSessionStateBroken
答案1
有几个选择:
在本地计算机上,允许无需身份验证即可连接到远程计算机:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value $remoteMachine -Force
如果您在同一个域上并且在远程计算机上拥有管理员权限,请继续尝试使用您的用户名进入远程会话。
否则,您可能需要/想要设置一个凭证对象并使用它来启动会话Invoke-Command。
$script = { Write-Host "Hello, World!" }
$computerName = "Server Name Or Ip Address"
$username = "domain\user"
$pw = "worstpasswordever"
# Create Credentials
$securepw = ConvertTo-SecureString $pw -asplaintext -force
$cred = new-object -typename System.Management.Automation.PSCredential -argument $username, $securepw
# Create and use session
$session = New-PSSession -credential $cred -ComputerName $computerName
Invoke-Command -Session $session -ScriptBlock $script
Remove-PSSession $session