[英]How to authenticate to a remote server using a remote server's local user via Powershell WinRM
请考虑以下情形:
有2台服务器: server1和server2 ,它们都在同一网络上和同一域中。 目的是使用来自server2的本地用户作为身份,从server1到server2打开PSSession:
PS @SERVER1 > $session = New-PSSession -ComputerName server2 -Credential server2\username
server2上的本地用户是WinRMRemoteWMIUsers_组的成员
如果使用了域用户,则一切正常:
PS @SERVER1 > $session = New-PSSession -ComputerName server2 -Credential domain\username
尝试以本地用户身份连接时获得的错误是:
New-PSSession : [server2] Connecting to remote server server2 failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos
authentication: There are currently no logon servers available to service the logon request.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
在错误消息中The following error with errorcode 0x80090311 occurred while using Kerberos authentication并且-Kerberos accepts domain user names, but not local user names. 因此,在server1上执行以下操作后尝试建立连接:
PS @SERVER1 > winrm set winrm/config/client '@{TrustedHosts="server2"}'
在命令执行后尝试启动PSSession仍然失败。
可以尝试其他什么步骤?
你应该可以做这样的事情
$cred = $host.ui.PromptForCredential("local credential", "Enter machine\user ID and password.", "localhost\$env:username", "")
$session = New-PSSession -ComputerName server2 -Credential $cred
因此,首先收集凭据,然后将其插入即可。而且,您可以从字面上使用localhost作为域端,并且可以使用。 为我工作。
> $session
Id Name ComputerName State ConfigurationName Availability
-- ---- ------------ ----- ----------------- ------------
1 Session1 server2 Opened Microsoft.PowerShell Available
使用WinRM在远程Windows服务器上运行PowerShell脚本
[英]Running a PowerShell script on a remote Windows server using WinRM
使用来自 PowerShell 的 WinRM 连接到远程服务器失败
[英]Connecting to remote server failed using WinRM from PowerShell
Windows Server AD 2022 - 使用 PowerShell 通过 GPO 将域用户添加到本地组“远程桌面用户”
[英]Windows Server AD 2022 - Add a domain user to the local group "Remote Desktop Users" via GPO using PowerShell
如何通过远程或本地计算机上的 powershell 检查用户权限
[英]How to Check User's Rights via powershell on a remote or local machine
如何使用Powershell脚本将本地变量写入远程服务器中的文件?
[英]How to write local variable to a file in remote server using Powershell script?
Powershell脚本,用于通过远程Powershell连接在服务器上创建SQL Server数据库的本地* .bak备份
[英]Powershell Script for creating a local *.bak backup of a SQL Server database on a server via a remote Powershell connection
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.