Suspect I know the answer here but would like confirmation. I have to give someone the ability to enter a remote PS session on a test exchange 2010 server from a development computer. The issue is that the two servers are in different domains and there is no trust set up between them. (nor can there be)
A remote session can be established between the Exchange server and the development server, but not the other way around. I suspect that this is because the Exchange server can see the DCs for the Dev servers domain, whereas the DCs for the Exchange domain are not visible. I have attached a crude diagram of the set up.
I have tried to get it to authenticate locally with no success. this is the error I see
PS F:\> enter-pssession -ComputerName acmembx2a -Credential acme.local\administrator
enter-pssession : Connecting to remote server acmembx2a failed with the following error message : WinRM cannot process
the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are
currently no logon servers available to service the logon request.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ enter-pssession -ComputerName acmembx2a -Credential acme.local\administrator
+ CategoryInfo : InvalidArgument: (acmembx2a:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
I have set trusted hosts to *
the command works from within the ACME domain
if anyone can point me to an article on how to set this up that would be great. Or confirm that this set up will not work.