PSSession, CredSSP - Request not supported Error

This topic contains 9 replies, has 6 voices, and was last updated by  Animesh Anand 2 weeks, 3 days ago.

  • Author
    Posts
  • #50138

    Amar Helloween
    Participant

    Hi All,

    I am taking PSSESSION using CredSSP Authentication(Already configured CredSSP Client and Server),But getting the below Error :

    Query :
    ——-
    $Session = New-PSSession -ComputerName "Test" -Authentication CredSSP -Credential $Cred

    Error :
    ——-
    New-PSSession : [Test]Connecting to remote server[Test] failed with the following error message : The request is not supported.

    CategoryInfo : OpenError : (System.Management....RemoteRunspace:RemoteRunspace) [New-PSSession].PSRemotingTransportException
    FullyQualifiedErrorId : 50,PSSessionOpenFailed

    —————————————-
    Kindly help me to fix this!!

  • #50140

    Don Jones
    Keymaster

    How are these machines related? Are they in a domain together? Not in a domain? Is the destination computer's name exactly as listed in DNS and/or Active Directory?

  • #50142

    Dave Wyatt
    Moderator

    Also, what PowerShell versions are you running on the client and server?

    • #50148

      Amar Helloween
      Participant

      1. Both Client and Server is running on PS Version 3.0
      2. Both machines are on the same domain.
      3. Destination computer tried with both IP and Host name, am getting the same error.

  • #50150

    Don Jones
    Keymaster

    So, "Secrets of PowerShell Remoting" gets into some of these details, but...

    Why not just allow the default Kerberos protocol to be used? However, note that you must connect using the target's canonical AD name, in order for the mutual authentication to function. You can't use IP address unless you take different steps, because the computer can't be "found" in AD by IP.

    But CredSSP has a number of requirements; see the "Second Hop" section in https://devopscollective.gitbooks.io/secrets-of-powershell-remoting/content/manuscript/accessing-remote-computers.html. And, double check the CredSSP configuration – the target must be in "Server" mode, the origination must be in "Client" mode, and must specify the server as a trusted delegate.

  • #100566

    Animesh Anand
    Participant

    Was this sorted for you? I am getting the same issue and not able to solve this. This used to work for me before. Suddenly this has broken and I am getting the error you got.

  • #100579

    Harmen Hulsman
    Participant

    Hi,

    I ran into the same problem, and spent quite some time trying to find the answer. I was trying to create a CredSSP session from one Windows 10 machine to another. In the past this always worked perfectly for me, but now, a normal PSSession worked, but a CredSSP session threw the Request not supported error.

    The clue came when I tried to RDP into the Windows 10 machine. In this case, an error dialog was shown indicating that it could be because of an update of 'Oracle CredSSP encryption' (free translation, I got it in Spanish). And a link to https://go.microsoft.com/fwlink/?linkid=866660 was provided.

    The cause of the problem was connecting from Windows 10 1803 to Windows 10 1709. The solution was simple:
    – either upgrade the Windows 10 server machine to 1803
    – or create a policy (or registry key) as per https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018, allowing for 'vulnerable' connections.

    I didn't have time for upgrading, so my quick and dirty choice was executing:

    $RegKeyPath = 'Registry::HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\'
    $RegKeyName = 'AllowEncryptionOracle'
    New-ItemProperty $RegKeyPath -Name $RegKeyName -Value '2' -PropertyType 'DWORD' -Force

    Hope this helps

    • #101475

      Animesh Anand
      Participant

      Thank you Harmen and Jon. I would not have been able to figure this without your help. The update was the issue. With your help, I was able to sort it out 🙂

You must be logged in to reply to this topic.