New-PSSession Across Different Domains

Welcome Forums General PowerShell Q&A New-PSSession Across Different Domains

This topic contains 1 reply, has 2 voices, and was last updated by

 
Keymaster
1 year, 12 months ago.

  • Author
    Posts
  • #65139

    Participant
    Points: 0
    Rank: Member

    Hi,

    I work for an MSP and I would like to do implicit remoting on remote servers that are on different domains. When I try to do New-PSSession with a server, for example New-Pssession -computername SERVER1 -credentials domain\administrator, and after entering in the password, I get the error: "WinRM cannot
    process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There
    are currently no logon servers available to service the logon request."

    I have winrm configured on the server. I've also tried this in a run command: runas /user:"[domain]\administrator" /netonly "powershell" and then New-PSSession with no luck.

    I've checked the about_remote_Troubleshooting but nothing seems relevant.

    Is there something that I need to do with trusted hosts? Any help is greatly appreciated.

    Thanks

  • #65149

    Keymaster
    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    See "Secrets of PowerShell Remoting" on our free Ebooks menu here. There's a section on this.

    Briefly, the default Kerberos authentication can't work except in domains or within trust boundaries. You need to enable and specify another authentication mechanism. The safe way is to use only HTTPS and then Basic authentication. Do not use Basic with HTTP, as it will reveal credentials in clear-text.

    But the ebook goes into great detail.

The topic ‘New-PSSession Across Different Domains’ is closed to new replies.