I've got a Server 2012 R2 box that I've installed PSWA on. I can log in just fine with domain credentials, but I cant seem to do a simple Get-ADUser. I can ping the DCs from the PSWA session, and everything works fine from a normal PS session on the box. Here is a read out of what I'm seeing. Any help would be greatly appreciated!
Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have
the Active Directory Web Services running.
+ CategoryInfo : ResourceUnavailable: (john8.doe:ADUser) [Get-ADUser], ADServerDownException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADUser
This is essentially the double hop a problem. You have remotes into a server, but then that same server needs to connect to it on the web service. The active directory commands in particular are difficult with the scenario. You would need to enable multi hop authentication.
To enable client-side SSP for winrm, run the following lines:
Enable-WSManCredSSP -Role client -DelegateComputer * [note here: I saw many an article that suggested *.contoso.com instead of a full *, so that was what I eventually went with]
To enable server-side SSP for winrm:
Enable-WSManCredSSP -Role server
The only thing that snagged in this process was that I had to have the gateway be the client and the computer I was trying to use as my intermediate as my server, which in my case were the same box. (I was trying to remote into the box that was also hosting as my gateway.