New-PSSession Across Different Domains

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of Don Jones Don Jones 4 weeks, 1 day ago.

  • Author
    Posts
  • #65139
    Profile photo of Eddie
    Eddie
    Participant

    Hi,

    I work for an MSP and I would like to do implicit remoting on remote servers that are on different domains. When I try to do New-PSSession with a server, for example New-Pssession -computername SERVER1 -credentials domain\administrator, and after entering in the password, I get the error: "WinRM cannot
    process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There
    are currently no logon servers available to service the logon request."

    I have winrm configured on the server. I've also tried this in a run command: runas /user:"[domain]\administrator" /netonly "powershell" and then New-PSSession with no luck.

    I've checked the about_remote_Troubleshooting but nothing seems relevant.

    Is there something that I need to do with trusted hosts? Any help is greatly appreciated.

    Thanks

  • #65149
    Profile photo of Don Jones
    Don Jones
    Keymaster

    See "Secrets of PowerShell Remoting" on our free Ebooks menu here. There's a section on this.

    Briefly, the default Kerberos authentication can't work except in domains or within trust boundaries. You need to enable and specify another authentication mechanism. The safe way is to use only HTTPS and then Basic authentication. Do not use Basic with HTTP, as it will reveal credentials in clear-text.

    But the ebook goes into great detail.

You must be logged in to reply to this topic.