Author Posts

January 31, 2018 at 6:41 pm

Hello, PowerShell Gurus

I have a new PSWA server setup on a 2016 server. I am able to log in with no issues, however, anytime I try to do a New-PSSession to another server from my PSWA server I get the following error messages about Kerberos!

Is -Credential required to do a PSSession from a PSWA server? Please read error message below. Thanks.

new-pssession : [COMPUTERNAME] Connecting to remote server COMPUTERNAME failed with the following error message : WinRM
cannot process the request. The following error with errorcode 0x8009030e occurred while using Kerberos
authentication: A specified logon session does not exist. It may already have been terminated.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
Other Possible Cause:
-The domain or computer name was not included with the specified credential, for example: DOMAIN\UserName or
COMPUTER\UserName.
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
gTransportException
+ FullyQualifiedErrorId : 1312,PSSessionOpenFailed

January 31, 2018 at 11:36 pm

The error is pretty specific.

To use all of what PSRemoting allows –

You must be an admin on the remote host to do PSRemoting.
You must be part of the same domain, otherwise a workgroup configuration is required.
If you are in separate domains, then you are in the traditional Windows double hop auth restriction and more configuration is required.
You must be already logged on with the account that is an admin on that remote host or start explicitly start your PSRemoting session with those credentials.
If you are not logged in with the needed identity, then yes -Credential is a requirement.
PSRemoting must be enabled on the remote host and ensure that the WinRM services are running
Firewalls must not be blocking PoSH connections.
PSWA must be properly configured for use.

All of the errors you are seeing are a configuration problem and identity problem. You need to correct those.

Lastly, PSWA is designed for you to access PoSH via a Web Browser, that you have to log into.

https://blogs.technet.microsoft.com/fromthefield/2015/02/18/powershell-web-access-a-walkthrough

Install-PswaWebApplication

When you have completed these steps, you should be able to view the web-based console sign in page by navigating to

https://servername/pswa

Why are you trying to remote to a website, vs directly to the server itself?

New-PSSession -ComputerName ServerName -Credential