我正在尝试打开从一台服务器到另一台服务器的 powershell 会话。据我所知,我可以打开到 servert1/2 的会话,它们具有相同的配置。trustedhosts 相同,使用相同的用户/密码。然而,当我尝试打开到 serverp01 的会话时,我收到以下错误:
Enter-PSSession : Connecting to remote server serverp01 failed with the following error message : WinRM cannot process
the request. The following error with errorcode 0x80090322 occurred while using Kerberos authentication: An unknown
security error occurred.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (serverp01:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
答案1
嗨,Sergey,在我看来,域帐户下注册的现有 HTTP/SERVERNAME SPN 可能与错误有关。请尝试以下操作:1. 在服务器上,将 IIS 应用程序池更改为在本地系统下运行。2. 运行以下命令删除现有 SPN:setspn -D HTTP/SERVERNAME setspn -D HTTP/SERVERNAME.DOMAINAME.COM 3. 然后再次连接到服务器以查看会发生什么。如果问题仍然存在,请在 IIS 管理控制台中禁用内核模式身份验证。问候,Diana