![](/img/trans.png)
[英]Running a PowerShell script on a remote Windows server using WinRM
[英]How to authenticate to a remote server using a remote server's local user via Powershell WinRM
请考虑以下情形:
有2台服务器: server1
和server2
,它们都在同一网络上和同一域中。 目的是使用来自server2
的本地用户作为身份,从server1
到server2
打开PSSession:
PS @SERVER1 > $session = New-PSSession -ComputerName server2 -Credential server2\username
server2
上的本地用户是WinRMRemoteWMIUsers_
组的成员
如果使用了域用户,则一切正常:
PS @SERVER1 > $session = New-PSSession -ComputerName server2 -Credential domain\username
尝试以本地用户身份连接时获得的错误是:
New-PSSession : [server2] Connecting to remote server server2 failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
在错误消息中The following error with errorcode 0x80090311 occurred while using Kerberos authentication
并且-Kerberos accepts domain user names, but not local user names.
因此,在server1上执行以下操作后尝试建立连接:
PS @SERVER1 > winrm set winrm/config/client '@{TrustedHosts="server2"}'
在命令执行后尝试启动PSSession
仍然失败。
可以尝试其他什么步骤?
你应该可以做这样的事情
$cred = $host.ui.PromptForCredential("local credential", "Enter machine\user ID and password.", "localhost\$env:username", "")
$session = New-PSSession -ComputerName server2 -Credential $cred
因此,首先收集凭据,然后将其插入即可。而且,您可以从字面上使用localhost作为域端,并且可以使用。 为我工作。
> $session
Id Name ComputerName State ConfigurationName Availability
-- ---- ------------ ----- ----------------- ------------
1 Session1 server2 Opened Microsoft.PowerShell Available
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.