Hi!
I've configured PowerShell Remoting on the server using Enable-PSRemoting commandlet.
But when I'm trying to connect to the server I'm constantly getting the following error:
PS C:\Users\sergeyp> Enter-PSSession SERVERNAME.DOMAINNAME.com
Enter-PSSession : Connecting to remote server SERVERNAME.DOMAINNAME.com failed with the following error message : WinRM cannot process the request. The following error
with errorcode 0x80090322 occurred while using Kerberos authentication: An unknown security error occurred.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession SERVERNAME.DOMAINNAME.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (SERVERNAME.DOMAINNAME.com:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
Also, in the System event log on a client computer I see the Security-Kerberos error described here:
http://technet.microsoft.com/en-us/library/52ddf7d9-a0e7-4c9d-be3c-3c35219f2d69.aspx
Error details:
Log Name: System Source: Microsoft-Windows-Security-Kerberos Date: 2/22/2013 1:42:39 PM Event ID: 4 Task Category: None Level: Error Keywords: Classic User: N/A Computer: ... Description:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server
SERVERNAME$. The target name used was HTTP/SERVERNAME.DOMAINNAME.com.
This indicates that the target server failed to decrypt the ticket
provided by the client. This can occur when the target server principal
name (SPN) is registered on an account other than the account the target
service is using. Please ensure that the target SPN is registered on,
and only registered on, the account used by the server. This error can
also happen when the target service is using a different password for
the target service account than what the Kerberos Key Distribution
Center (KDC) has for the target service account. Please ensure that the
service on the server and the KDC are both updated to use the current
password. If the server name is not fully qualified, and the target
domain (DOMAINNAME.COM) is different from the client domain
(DOMAINNAME.COM), check if there are identically named server accounts
in these two domains, or use the fully-qualified name to identify the
server.
...
And... I have identical WinRM configuration on the other server, and it works fine.
I'm using Windows Server 2008 Standard SP2 and PowerShell 3.0.
I'm logging in as a domain user.
Both client and server are in the same domain.
The SPN HTTP/SERVERNAME.DOMAINNAME.com doesn't exist, but the corresponding SPN also doesn't exist for the computer on which PS Remoting works fine!
Could somebody help me with identification of this error source, please?
- Edited by Sergey Popov Friday, February 22, 2013 9:22 PM
Other recent topics
