October 7, 2014 at 3:10 pm #19492
No Achievements Yet!
I've got a Server 2012 R2 box that I've installed PSWA on. I can log in just fine with domain credentials, but I cant seem to do a simple Get-ADUser. I can ping the DCs from the PSWA session, and everything works fine from a normal PS session on the box. Here is a read out of what I'm seeing. Any help would be greatly appreciated!
Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have
the Active Directory Web Services running.
+ CategoryInfo : ResourceUnavailable: (john8.doe:ADUser) [Get-ADUser], ADServerDownException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADUser
October 7, 2014 at 3:38 pm #19494
This is essentially the double hop a problem. You have remotes into a server, but then that same server needs to connect to it on the web service. The active directory commands in particular are difficult with the scenario. You would need to enable multi hop authentication.
October 7, 2014 at 4:11 pm #19495
No Achievements Yet!
Thanks so much Don, that got me on the right track to solving the problem!
For anyone coming Google-ing after me, I found some more friendly help over at: http://blogs.msdn.com/b/powershell/archive/2008/06/05/credssp-for-second-hop-remoting-part-i-domain-account.aspx
This got me this tidbit:
To enable client-side SSP for winrm, run the following lines:
Enable-WSManCredSSP -Role client -DelegateComputer * [note here: I saw many an article that suggested *.contoso.com instead of a full *, so that was what I eventually went with]
To enable server-side SSP for winrm:
Enable-WSManCredSSP -Role server
The only thing that snagged in this process was that I had to have the gateway be the client and the computer I was trying to use as my intermediate as my server, which in my case were the same box. (I was trying to remote into the box that was also hosting as my gateway.
Anyway thanks again Don!
You must be logged in to reply to this topic.