1. 首页
  2. 问答
  3. 如何到远程服务器使用远程服务器的本地用户通过PowerShell的WinRM的

如何到远程服务器使用远程服务器的本地用户通过PowerShell的WinRM的

2017-04-19 82 views
0

验证请考虑以下情形:如何到远程服务器使用远程服务器的本地用户通过PowerShell的WinRM的

有2台服务器:和server2,都在同一个网络上,并在同一个域。目标是使用本地用户从server2打开来自 PSSession的成server2作为身份:

PS @SERVER1 > $session = New-PSSession -ComputerName server2 -Credential server2\username

server2本地用户是WinRMRemoteWMIUsers_

的成员如果域用户使用然后一切工作正常:

PS @SERVER1 > $session = New-PSSession -ComputerName server2 -Credential domain\username

试图连接作为本地用户时得到的错误是:

 
New-PSSession : [server2] Connecting to remote server server2 failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos 
    authentication: There are currently no logon servers available to service the logon request. 
    Possible causes are: 
     -The user name or password specified are invalid. 
     -Kerberos is used when no authentication method and no user name are specified. 
     -Kerberos accepts domain user names, but not local user names. 
     -The Service Principal Name (SPN) for the remote computer name and port does not exist. 
     -The client and remote computers are in different domains and there is no trust between the two domains. 
    After checking for the above issues, try the following: 
     -Check the Event Viewer for events related to authentication. 
     -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. 
    Note that computers in the TrustedHosts list might not be authenticated. 
     -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.

从错误信息有The following error with errorcode 0x80090311 occurred while using Kerberos authentication-Kerberos accepts domain user names, but not local user names.所以,一个连接被执行在server1以下后尝试:

PS @SERVER1 > winrm set winrm/config/client '@{TrustedHosts="server2"}'

试图执行之后的命令仍无法启动一个PSSession

可以尝试什么其他步骤?

来源

2017-04-19 Unlimited071

+0

代替'-requestntial server2 \ username'尝试'-Credential(get-credential)'。 -Credential(should)永远不会接受dom \用户名或用户名,它正在寻找一个pscredential对象。 @罗曼本质上是在他的回答中建立一个保密的对象。如果要重用凭证对象,然后将其存储在var $ {$ cred = get-credential'中,然后将其提供给cmdlet:'-Crendential $ cred' [about Get-Credential](https:// msdn .microsoft.com/EN-US/PowerShell中/参考/ 5.1/microsoft.powershell.security/GET-凭证) – brendan62269

回答

1

你应该能够首先做这样的事

$cred = $host.ui.PromptForCredential("local credential", "Enter machine\user ID and password.", "localhost\$env:username", "") 
$session = New-PSSession -ComputerName server2 -Credential $cred

所以,收集凭证,则只需将其插入。而且,你可以从字面上使用localhost域侧和工作。为我工作。

> $session 
Id Name   ComputerName State   ConfigurationName  Availability 
-- ----   ------------ -----   -----------------  ------------ 
1 Session1   server2   Opened  Microsoft.PowerShell  Available

来源

2017-04-19 20:09:14 Roman

相关问题

 相关问题