PSWA will not do a New-PSSession

This topic contains 1 reply, has 2 voices, and was last updated by  postanote 2 weeks, 4 days ago.

  • Author
    Posts
  • #92552

    Corey
    Participant

    Hello, PowerShell Gurus

    I have a new PSWA server setup on a 2016 server. I am able to log in with no issues, however, anytime I try to do a New-PSSession to another server from my PSWA server I get the following error messages about Kerberos!

    Is -Credential required to do a PSSession from a PSWA server? Please read error message below. Thanks.

    new-pssession : [COMPUTERNAME] Connecting to remote server COMPUTERNAME failed with the following error message : WinRM
    cannot process the request. The following error with errorcode 0x8009030e occurred while using Kerberos
    authentication: A specified logon session does not exist. It may already have been terminated.
    Possible causes are:
    -The user name or password specified are invalid.
    -Kerberos is used when no authentication method and no user name are specified.
    -Kerberos accepts domain user names, but not local user names.
    -The Service Principal Name (SPN) for the remote computer name and port does not exist.
    -The client and remote computers are in different domains and there is no trust between the two domains.
    After checking for the above issues, try the following:
    -Check the Event Viewer for events related to authentication.
    -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
    use HTTPS transport.
    Note that computers in the TrustedHosts list might not be authenticated.
    -For more information about WinRM configuration, run the following command: winrm help config. For more
    information, see the about_Remote_Troubleshooting Help topic.
    Other Possible Cause:
    -The domain or computer name was not included with the specified credential, for example: DOMAIN\UserName or
    COMPUTER\UserName.
    + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
    gTransportException
    + FullyQualifiedErrorId : 1312,PSSessionOpenFailed

  • #92620

    postanote
    Participant

    The error is pretty specific.

    To use all of what PSRemoting allows –

    You must be an admin on the remote host to do PSRemoting.
    You must be part of the same domain, otherwise a workgroup configuration is required.
    If you are in separate domains, then you are in the traditional Windows double hop auth restriction and more configuration is required.
    You must be already logged on with the account that is an admin on that remote host or start explicitly start your PSRemoting session with those credentials.
    If you are not logged in with the needed identity, then yes -Credential is a requirement.
    PSRemoting must be enabled on the remote host and ensure that the WinRM services are running
    Firewalls must not be blocking PoSH connections.
    PSWA must be properly configured for use.

    All of the errors you are seeing are a configuration problem and identity problem. You need to correct those.

    Lastly, PSWA is designed for you to access PoSH via a Web Browser, that you have to log into.

    Install-PswaWebApplication

    When you have completed these steps, you should be able to view the web-based console sign in page by navigating to

    https://servername/pswa

    Why are you trying to remote to a website, vs directly to the server itself?

    New-PSSession -ComputerName ServerName -Credential

You must be logged in to reply to this topic.