0
验证请考虑以下情形:如何到远程服务器使用远程服务器的本地用户通过PowerShell的WinRM的
有2台服务器:和server2
,都在同一个网络上,并在同一个域。目标是使用本地用户从server2
打开来自 PSSession的成server2
作为身份:
PS @SERVER1 > $session = New-PSSession -ComputerName server2 -Credential server2\username
上server2
本地用户是WinRMRemoteWMIUsers_
组
的成员如果域用户使用然后一切工作正常:
PS @SERVER1 > $session = New-PSSession -ComputerName server2 -Credential domain\username
试图连接作为本地用户时得到的错误是:
New-PSSession : [server2] Connecting to remote server server2 failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
从错误信息有The following error with errorcode 0x80090311 occurred while using Kerberos authentication
和-Kerberos accepts domain user names, but not local user names.
所以,一个连接被执行在server1以下后尝试:
PS @SERVER1 > winrm set winrm/config/client '@{TrustedHosts="server2"}'
试图执行之后的命令仍无法启动一个PSSession
。
可以尝试什么其他步骤?
代替'-requestntial server2 \ username'尝试'-Credential(get-credential)'。 -Credential(should)永远不会接受dom \用户名或用户名,它正在寻找一个pscredential对象。 @罗曼本质上是在他的回答中建立一个保密的对象。如果要重用凭证对象,然后将其存储在var $ {$ cred = get-credential'中,然后将其提供给cmdlet:'-Crendential $ cred' [about Get-Credential](https:// msdn .microsoft.com/EN-US/PowerShell中/参考/ 5.1/microsoft.powershell.security/GET-凭证) – brendan62269