的WSMan和基本授权

Question

我试图让使用基本authorizaion的WSMan工作。 我一直都想与拒绝访问错误。 Kerberos认证工作正常。

Windows远程管理服务在Windows Server 2008 R2中域A上运行，并具有以下配置：

 
Config 
    MaxEnvelopeSizekb = 800 
    MaxTimeoutms = 600000 
    MaxBatchItems = 20 
    MaxProviderRequests = 4294967295 
    Client 
     NetworkDelayms = 5000 
     URLPrefix = wsman 
     AllowUnencrypted = false 
     Auth 
      Basic = true 
      Digest = true 
      Kerberos = true 
      Negotiate = true 
      Certificate = true 
      CredSSP = false 
     DefaultPorts 
      HTTP = 5985 
      HTTPS = 5986 
     TrustedHosts = * 
    Service 
     RootSDDL = O:NSG:BAD:P(A;;GA;;;S-1-5-21-2516571543-3809851355-1508507046-1008)(A;;GA;;;BA)(A;;GAGXGWGR;;;S-1-5-21-3465154619-3242790773-2173928322-17804)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD) 
     MaxConcurrentOperations = 4294967295 
     MaxConcurrentOperationsPerUser = 200 
     EnumerationTimeoutms = 600000 
     MaxConnections = 15 
     MaxPacketRetrievalTimeSeconds = 120 
     AllowUnencrypted = true 
     Auth 
      Basic = true 
      Kerberos = true 
      Negotiate = true 
      Certificate = true 
      CredSSP = true 
      CbtHardeningLevel = Relaxed 
     DefaultPorts 
      HTTP = 5985 
      HTTPS = 5986 
     IPv4Filter = * 
     IPv6Filter = * 
     EnableCompatibilityHttpListener = false 
     EnableCompatibilityHttpsListener = false 
     CertificateThumbprint = ee cd g2 5e 61 ad d0 07 07 b7 77 95 ec 38 16 02df 7f 64 51 
    Winrs 
     AllowRemoteShellAccess = true 
     IdleTimeout = 180000 
     MaxConcurrentUsers = 5 
     MaxShellRunTime = 2147483647 
     MaxProcessesPerShell = 15 
     MaxMemoryPerShellMB = 150 
     MaxShellsPerUser = 5 

我是Windows 7工作站是域B上执行试验的WSMan：

 
Test-WSMan -ComputerName https://server2008:5986 -Auth basic -Cred B\MY_USER_NAME 

并获得以下错误：

 
Test-WSMan : Access is denied. 
At line:1 char:11 
+ Test-WSMan -ComputerName https://server2008:5986 -Auth basic -Cred B\MY_USER_NAME 
    + CategoryInfo   : InvalidOperation: (https://server2008:5986:5986:String) [Test-WSMan], InvalidOperationException 
    + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.TestWSManCommand 

注意，FO llowing命令工作正常：

 
Test-WSMan -ComputerName https://server2008:5986 -Auth kerberos 

下列日志apear在Windows服务器上：

 
Error 6/22/2012 12:21:27 PM Windows Remote Management 168 User authentication 

General: Sending HTTP 401 response to the client and disconnect the connection after sending the response 
Details: 
    Log Name:  Microsoft-Windows-WinRM/Operational 
    Source:  Microsoft-Windows-WinRM 
    Date:   6/22/2012 12:21:27 PM 
    Event ID:  168 
    Task Category: User authentication 
    Level:   Error 
    Keywords:  Security,Server 
    User:   NETWORK SERVICE 
    Computer:  server2008 
    Description: 
     Sending HTTP 401 response to the client and disconnect the connection after sending the response 

有人可以帮我解决这个问题？这是一个配置问题还是我做错了什么？

谢谢。

Answer 1

WinRM的基本身份验证不接受域。 基本上你只能作为目标机器