Hi,

I was Installing Remote Desktop Session Host 2012R2 for testing.

When Trying to install i got a error unable to connect to Host RDSH.office.Company.com

So I started Enable-PSRemoting and configured it, after that i tried to install RDSH again but no luck stil the same error.

Then I opened a Local powerShell Session whit administrator Rights en tried to connect "Enter-PSSession 127.0.0.1" and it worked.

So remote Powershell is working, Then i tried "Enter-PSSession RDSH.office.Company.com" and it fails.

Enter-PSSession : Connecting to remote server RDSH.office.Company.com failed with the following error message : WinRM c
annot process the request. The following error with errorcode 0x80090304 occurred while using Kerberos authentication:
An unknown security error occurred.

Than i tried "Enter-PSSession RDSH.office.Company.com -Credential Domain\Administrator"

Same Error

Than i tried "Enter-PSSession RDSH.office.Company.com -Credential Domain\User" The user is a domain administrator account

Connected.

Then I started Server Manager "Run as Diffrent User" Domain\User and installed RDSH no problem only now when i want to manage RDSH i need to run Server Manager with the user account or it cant connect to RDSH.

I Cant find any logical explanation why i cant use the build in Domain Administrator Account ??

Domain Controller is a 2008 std server.

Thanks ahead of time.

• Edited by Jeroen Feenstra Friday, May 29, 2015 11:22 AM

You are not asking a very clear question. Perhaps you should post in the WS2012 or WS2008 deployment forums to get started.

Hi Jeroen,

To perform Powershell Remoting, we need to provide the credential which is a Membership in the local Administrators group, or equivalent, on the RD Session Host server that you plan to remote access.

This issue is more related to the admin permission or Kerberos Authentication issue on Remote Desktop Session Host, I also recommend you can go to RDS Forum for more efficient support.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverTS

If there is any update on this issue, please feel free to post back.

Best Regards,

Anna Wang

I Cant find any logical explanation why i cant use the build in Domain Administrator Account ??

The BUILTIN/Administrator account can manage the DCs but not the member servers as it is not necessarily a member of Domain Admins. Generally only local admins and members of the Domain Admins group can administer member servers.

The "User" account you are using is clearly a member of the Domain Admins account.  You should NOT be using the BUILTIN/Administrator account for domain admin tasks on member servers.

Note that in many systems the BUITIN/Administrator on the domain is added to Domain Admins.  The BUILTIN/Adminstrator on Windows 8 and later (2012) is normally disabled after the default new admin is created. 

Here is the default setting for the builtin administrator oon WIndows 8/2012.  Note that by default it is disabled.

 

The other possibility is that it has been renamed by your administrators.