Author Posts

July 30, 2014 at 10:43 pm

Hi,
I need to connect powershell remote to a computer(dc) in a diffident domain

I write this:
Enter-PSSession STUDENTSDC -Credential Get-Credential

in the prom to cred i put
domain.local\administrator
password

i get this error

Tnx for the help
Itamar

Enter-PSSession : Connecting to remote server STUDENTSDC failed with the following error message : WinRM cannot process the request. The following
error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon
request.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information, see the
about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession STUDENTSDC -Credential Get-Credential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (STUDENTSDC:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed

July 31, 2014 at 3:56 am

There are a couple of possibilities here, based on what I can see.

First of all, what are the names of the domain you're connecting from and to? Is "domain.local" the target domain? If domain.local is the source domain, and the target is something different, do these two domains trust each other? If the target domain does not trust domain.local, then you can't authenticate to any resources in the target domain using a domain.local account.

Also, I don't remember off the top of my head if "domain.local\Administrator" will work. Typically that syntax is used with a NetBIOS domain name, eg [b]DOMAIN\Administrator[/b], and when you want to use the DNS name of a domain, you would use [b]Administrator@domain.local [/b]syntax instead. It may be acceptable as-is, but I can't test it right this second.

July 31, 2014 at 4:13 am

My domain is a.local
And I try connect to remote. Local
I put in the cred remote. Local\administrator
No trusted domains

July 31, 2014 at 4:36 am

Hmm, ok. Aside from user authentication, you may run into another problem here. WinRM usually requires the remote computer to also be authenticated, and it uses Kerberos to accomplish this. Without any trusts between the domains, that would also fail.

If you need to use PS Remoting in an environment where the computers can't use Kerberos authentication with each other, you need to do one of two things: Either set up an HTTPS listener (which provides a different sort of computer authentication), or use the TrustedHosts list on the client computer (which is less secure; you might be connecting to a rogue server.) There is information on both of these approaches in the free "Secrets of PowerShell Remoting" eBook which you can get from this site, by clicking Resources and then Free eBooks along the top ribbon.