从C#调用Exchange命令行管理程序时出现连接错误
[英]connection error when calling Exchange Management Shell from c#
问题描述
I get a weird exception after solved SSL certificate issue. 
解决SSL证书问题后,我得到一个奇怪的异常。 Please help! 请帮忙! My code: PSCredential credential = new PSCredential("domain\\administrator", securePwd); 我的代码:PSCredential凭据= new PSCredential(“ domain \\ administrator”,securePwd);
WSManConnectionInfo connectionInfo = new WSManConnectionInfo(new Uri("https://www.xxx.com/powershell"), "http://schemas.microsoft.com/powershell/Microsoft.Exchange", credential);
Runspace runspace = System.Management.Automation.Runspaces.RunspaceFactory.CreateRunspace(connectionInfo);
connectionInfo.AuthenticationMechanism = AuthenticationMechanism.Basic;
using (runspace)
{
Collection<PSObject> psObject = GetUserInformation(10, runspace);
}
public Collection GetUserInformation(int count, Runspace runspace) { using (PowerShell powershell = PowerShell.Create()) { 公共集合GetUserInformation(int count,Runspace runspace){使用(PowerShell powershell = PowerShell.Create()){
powershell.AddCommand("Get-Users");
powershell.AddParameter("ResultSize", count);
runspace.Open();//**error happens**
powershell.Runspace = runspace;
return powershell.Invoke();
}
}
Error message: "Connecting to remote server failed with the following error message : The WinRM client cannot process the request. The WinRM client tried to use Negotiate authentication mechanism, but the destination computer (www.xxx.com:443) returned an 'access denied' error. Change the configuration to allow Negotiate authentication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the local computer name as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic authentication and provide user name and password." 错误消息: “连接到远程服务器失败,并显示以下错误消息:WinRM客户端无法处理该请求。WinRM客户端尝试使用协商身份验证机制,但是目标计算机(www.xxx.com:443)返回了'访问权限拒绝”错误。更改配置以允许使用协商身份验证机制,或指定服务器支持的身份验证机制之一。要使用Kerberos,请指定本地计算机名称作为远程目标,并验证客户端计算机和目标计算机要加入域,要使用Basic,请将本地计算机名称指定为远程目标,指定Basic身份验证并提供用户名和密码。”
I use basic authentication, and provide username and credential, why it says "tried to use Negotiate authentication mechanism"? 我使用基本身份验证,并提供用户名和凭据,为什么为什么说“试图使用协商身份验证机制”?
3 个解决方案
解决方案1
3 已采纳 2011-07-27 16:38:50
First, try to set the connectionInfo.AuthenticationMechanism property BEFORE you create your runspace. 首先,尝试在创建运行空间之前设置connectionInfo.AuthenticationMechanism属性。 So swap the order of lines 2 and 3 on your first code snippet. 因此,在第一个代码段中交换第2行和第3行的顺序。
If that does not fix it, make sure Basic Authentication is enabled on the PowerShell website. 如果仍不能解决问题,请确保在PowerShell网站上启用了基本身份验证。
To do this you need to go to the IIS Manager, Sites, Default Website, PowerShell, select the Authentication Feature, and enable Basic Authentication. 为此,您需要转到IIS管理器,站点,默认网站,PowerShell,选择身份验证功能,然后启用基本身份验证。
If Basic Authentication is not an option on the Authentication feature page, you need to install it by going to the Server Manager, select the Web Server role, say "Add Role Services", under the Security node in the treeview, select Basic Authentication. 如果“身份验证”功能页上没有“基本身份验证”选项,则需要通过转到服务器管理器来安装它,选择Web服务器角色,说“添加角色服务”,在树状视图的“安全性”节点下,选择“基本身份验证”。
解决方案2
1 2011-07-26 23:15:48
Using Basic Authentication is not allowed in this scenario unless explicitly configured on the server... you could enable it server-side or use Kerberos/NTLM... 除非在服务器上明确配置,否则在这种情况下不允许使用基本身份验证。您可以在服务器端启用它或使用Kerberos / NTLM。
For details see http://technet.microsoft.com/en-us/library/dd351136.aspx and http://technet.microsoft.com/en-us/library/dd347642.aspx 有关详细信息,请参见http://technet.microsoft.com/en-us/library/dd351136.aspx和http://technet.microsoft.com/en-us/library/dd347642.aspx
解决方案3
0 2013-06-25 14:51:28
I can summarize the steps to make Basic authentication work even from computers outside the domain: 我可以总结使基本身份验证即使在域外的计算机上也可以工作的步骤:
- Set-ExecutionPolicy to Unrestricted on both Client and Server 客户端和服务器上的Set-ExecutionPolicy都不受限制
- configure properly the TrustedHosts on client and server 在客户端和服务器上正确配置TrustedHosts
- enable Basic authentication on client and server 在客户端和服务器上启用基本身份验证
- make sure Basic Authentication Role is installed under Security for the Web Server (IIS) 确保在Web服务器(IIS)的安全性下安装了基本身份验证角色
- enable Basic Authentication for the PowerShell virtual directory 为PowerShell虚拟目录启用基本身份验证
- use HTTP, not https to access the server. 使用HTTP而非https访问服务器。
Here is the working code as well: 这也是工作代码:
PowerShell powershell = PowerShell.Create();
String pass = "password";
SecureString passSecure = new SecureString();
foreach (char c in pass.ToCharArray())
{
passSecure.AppendChar(c);
}
PSCredential cred = new PSCredential("user", passSecure);
string schemaURI = "http://schemas.microsoft.com/powershell/Microsoft.Exchange";
Uri connectTo = new Uri("http://192.168.69.116/powershell/");
WSManConnectionInfo connectionInfo = new WSManConnectionInfo(connectTo, schemaURI, cred);
connectionInfo.MaximumConnectionRedirectionCount = 5;
connectionInfo.AuthenticationMechanism = AuthenticationMechanism.Basic;
//connectionInfo.AuthenticationMechanism = AuthenticationMechanism.Default;
connectionInfo.SkipCACheck = true;
connectionInfo.SkipCNCheck = true;
connectionInfo.SkipRevocationCheck = true;
Runspace remoteRunspace=null;
try
{
remoteRunspace = RunspaceFactory.CreateRunspace(connectionInfo);
remoteRunspace.Open();
}
catch (Exception err)
{
//Handle error
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.