Different domain

This topic contains 3 replies, has 2 voices, and was last updated by Profile photo of Dave Wyatt Dave Wyatt 2 years, 4 months ago.

  • Author
    Posts
  • #17650
    Profile photo of Itamar Tziger
    Itamar Tziger
    Participant

    Hi,
    I need to connect powershell remote to a computer(dc) in a diffident domain

    I write this:
    Enter-PSSession STUDENTSDC -Credential Get-Credential

    in the prom to cred i put
    domain.local\administrator
    password

    i get this error

    Tnx for the help
    Itamar

    Enter-PSSession : Connecting to remote server STUDENTSDC failed with the following error message : WinRM cannot process the request. The following
    error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon
    request.
    Possible causes are:
    -The user name or password specified are invalid.
    -Kerberos is used when no authentication method and no user name are specified.
    -Kerberos accepts domain user names, but not local user names.
    -The Service Principal Name (SPN) for the remote computer name and port does not exist.
    -The client and remote computers are in different domains and there is no trust between the two domains.
    After checking for the above issues, try the following:
    -Check the Event Viewer for events related to authentication.
    -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
    Note that computers in the TrustedHosts list might not be authenticated.
    -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the
    about_Remote_Troubleshooting Help topic.
    At line:1 char:1
    + Enter-PSSession STUDENTSDC -Credential Get-Credential
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (STUDENTSDC:String) [Enter-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

  • #17653
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    There are a couple of possibilities here, based on what I can see.

    First of all, what are the names of the domain you're connecting from and to? Is "domain.local" the target domain? If domain.local is the source domain, and the target is something different, do these two domains trust each other? If the target domain does not trust domain.local, then you can't authenticate to any resources in the target domain using a domain.local account.

    Also, I don't remember off the top of my head if "domain.local\Administrator" will work. Typically that syntax is used with a NetBIOS domain name, eg [b]DOMAIN\Administrator[/b], and when you want to use the DNS name of a domain, you would use [b]Administrator@domain.local [/b]syntax instead. It may be acceptable as-is, but I can't test it right this second.

  • #17654
    Profile photo of Itamar Tziger
    Itamar Tziger
    Participant

    My domain is a.local
    And I try connect to remote. Local
    I put in the cred remote. Local\administrator
    No trusted domains

  • #17655
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Hmm, ok. Aside from user authentication, you may run into another problem here. WinRM usually requires the remote computer to also be authenticated, and it uses Kerberos to accomplish this. Without any trusts between the domains, that would also fail.

    If you need to use PS Remoting in an environment where the computers can't use Kerberos authentication with each other, you need to do one of two things: Either set up an HTTPS listener (which provides a different sort of computer authentication), or use the TrustedHosts list on the client computer (which is less secure; you might be connecting to a rogue server.) There is information on both of these approaches in the free "Secrets of PowerShell Remoting" eBook which you can get from this site, by clicking Resources and then Free eBooks along the top ribbon.

You must be logged in to reply to this topic.