Ordinarily this is accomplished with a simple command:
winrm qcHowever, I was getting an error when trying to do this:
WinRM already is set up to receive requests on this machine.The solution suggested on various places was to set up SPNs for the server, which I did:
WSManFault
Message = WinRM cannot process the request. The following error occured while using Negotiate authentication: An unknown security error occurred.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config.
Error number: -2144108387 0x8033809D
An unknown security error occurred.
setspn -s HTTP/myserverAlas, this made no difference, after a little bit more digging I realized what the problem was, I was trying to remote to the current server, i.e. from myserver I was trying to run a remote script on myserver [sic], so I added myserver to the TrustedHosts like this:
setspn -s HTTP/myserver.dev.com
setspn -s HTTPS/myserver
setspn -s HTTPS/myserver.dev.com
winrm set winrm/config/client '@{TrustedHosts="myserver"}'
No comments:
Post a Comment