PSWA - Not connecting to AD

This topic contains 2 replies, has 2 voices, and was last updated by  Chris 3 years, 5 months ago.

  • Author
  • #19492


    I've got a Server 2012 R2 box that I've installed PSWA on. I can log in just fine with domain credentials, but I cant seem to do a simple Get-ADUser. I can ping the DCs from the PSWA session, and everything works fine from a normal PS session on the box. Here is a read out of what I'm seeing. Any help would be greatly appreciated!

    PS C:\>
    get-aduser john8.doe
    Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have
    the Active Directory Web Services running.
    + CategoryInfo : ResourceUnavailable: (john8.doe:ADUser) [Get-ADUser], ADServerDownException
    + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADUser


  • #19494

    Don Jones

    This is essentially the double hop a problem. You have remotes into a server, but then that same server needs to connect to it on the web service. The active directory commands in particular are difficult with the scenario. You would need to enable multi hop authentication.

  • #19495


    Thanks so much Don, that got me on the right track to solving the problem!

    For anyone coming Google-ing after me, I found some more friendly help over at:

    This got me this tidbit:

    To enable client-side SSP for winrm, run the following lines:
    Enable-WSManCredSSP -Role client -DelegateComputer * [note here: I saw many an article that suggested * instead of a full *, so that was what I eventually went with]

    To enable server-side SSP for winrm:
    Enable-WSManCredSSP -Role server

    The only thing that snagged in this process was that I had to have the gateway be the client and the computer I was trying to use as my intermediate as my server, which in my case were the same box. (I was trying to remote into the box that was also hosting as my gateway.

    Anyway thanks again Don!


You must be logged in to reply to this topic.