我使用以下命令在远程计算机上设置远程 PowerShell 访问:
Enable-PSRemoting -Force
Set-Item wsman:\localhost\Client\TrustedHosts -value '*' -Force
Get-Item wsman:\localhost\Client\TrustedHosts
WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Client
Type Name SourceOfValue Value
---- ---- ------------- -----
System.String TrustedHosts GPO *
它们看上去运行得很好。
但是,当我尝试打开 PowerShell 会话时,出现以下错误:
New-PSSession -ComputerName 10.155.40.10
New-PSSession : [10.155.40.10] Connecting to remote server 10.155.40.10 failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ComputerName 10.155.40.10
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Management.A\u2026tion.RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : ServerNotTrusted,PSSessionOpenFailed
但是,使用 RDP ping 和访问远程计算机都可以正常工作:
Test-Connection 10.155.40.10
Pinging 10.155.40.10 [10.155.40.10] with 32 bytes of data:
Reply from 10.155.40.10: bytes=32 time=4ms TTL=125
Reply from 10.155.40.10: bytes=32 time=4ms TTL=125
Reply from 10.155.40.10: bytes=32 time=4ms TTL=125
Reply from 10.155.40.10: bytes=32 time=4ms TTL=125
Ping complete.
Source Destination Replies
------ ----------- -------
XXXXXXX 10.155.40.10 {System.Net.NetworkInformation.PingReply, System.Net.NetworkInformation.PingReply, System.Net.NetworkInformation.PingReply, System.Net.NetworkInformation.PingReply}
知道为什么我仍然无法打开 PowerShell 会话吗?
答案1
Ping 和 RDP 与 PowerShell Remoting 无关。
您没有说明这些目标是域加入(单林/多林等)还是工作组。在域中,您只需要使用 GPO 来启用 PSRemoting,无需受信任主机,除非您正在处理不受信任的域。
工作组 PowerShell 远程处理需要对目标和源进行更多设置。网络上关于许多用例级别的文档都很详尽。
从我的资料库中保存了指针......
提示:使用 Windows PowerShell 进行远程工作,无需使用 Remoting 或 WinRM
# On the remote computer
# "Run as administrator" option
# Network adapters cannot be set to public, they must be set to private
((Get-NetConnectionProfile).InterfaceAlias)[1] |
Set-NetConnectionProfile -InterfaceAlias $PSItem -NetworkCategory Private
<#
Or change this in the registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
#>
# Set WSMan
Set-WSManQuickConfig
# Enable Remoting
Enable-PSRemoting -SkipNetworkProfileCheck -Force
# Set the firewall
Set-NetFirewallRule –Name "WINRM-HTTP-In-TCP-PUBLIC" –RemoteAddress Any
# On the local computer
winrm set winrm/config/client @{TrustedHosts="10.0.2.33"}
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "10.0.2.33" -Force
Get-Item WSMan:\localhost\Client\TrustedHosts
在独立(工作组)计算机上启用 PowerShell 远程处理
独立工作组计算机之间的 POWERSHELL PS 远程控制
理解并排除 WinRM 连接和身份验证故障:刺激寻求者的冒险指南
使用 PowerShell 排除 WinRM 故障 - 第 1 部分
使用 PowerShell 排除 WinRM 故障 - 第 2 部分
非管理员用户通过 WinRM 进行 PowerShell 远程管理