I am troubleshooting what I think is a Kerberos double-hop permissions issue. Here's the setup:
Server1 = Windows Server 2008 R2
The account context in use is the same account on both systems and this account is in the local Administrators group.
On Server1 I have created a symbolic link to a folder on Client1 as follows:
On Client1 I attempt a remote access to Server1 and, via the symbolic link back to the target folder as follows:
Note that there is no issue executing Get-ChildItem on the target remotely linked folder while logged directly onto Server1.
I have attempted to resolve the issue with Enable-WSManCredSSP on Client1 as the "Client" Role and on Server1 as the "Server" Role but to no avail.
I have not as yet requested that the Active Directory record for Server1 be granted rights to delegate. Will try that next but if anyone has any suggestions other than that please let me know.
Is the account you are using a domain account or a local account?
With credSSP enabled have you tried accessing the folder on server1 directly rather than through the link?
You need to add the "-Authentication Credssp" argument to Enter-PSSession. It's not enough to just enable that feature on the client and server; you also have to specify that as your connection mechanism for any remoting connections that need to use it.
You must be logged in to reply to this topic.