Server Core Remoting with Credssp

Welcome Forums General PowerShell Q&A Server Core Remoting with Credssp

This topic contains 3 replies, has 3 voices, and was last updated by

 
Participant
1 year, 1 month ago.

  • Author
    Posts
  • #97358

    Participant
    Topics: 2
    Replies: 6
    Points: 1
    Rank: Member

    Hello,

    Is there any known issue with using credssp auth from a 2016 Core as the client remoting to a 2008 R2 as the server? the 2008 box is delegated from the Core client.

    I am getting the following error....

    Connecting to remote server SERVER2008 failed with the following error
    message : The request is not supported. For more information, see the about_Remote_Troubleshooting Help topic.
        + CategoryInfo          : OpenError: (SERVER2008:String) [], PSRemotingTransportException
        + FullyQualifiedErrorId : 50,PSSessionStateBroken
    

    I am able to remote with credssp from the 2016 Core to another 2016 Core.

    I am able to remote with kerberos auth from the same 2016 Core server to the 2008 R2 server.

    I am able to remote with credssp from a Win10 client to the same 2008 R2 server.

    Thanks!
    Jon

  • #97359

    Keymaster
    Topics: 13
    Replies: 4872
    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    Nothing I've heard of. You did the sensible thing in that last check, because otherwise I'd say "make sure CredSSP is enabled." We'll see if anyone else jumps in.

    FWIW, CredSSP has been a bit of a hassle for several older versions of Windows, largely around RDP, which also uses it. The general recommendation these days is to set up Kerberos delegation instead.

  • #97364

    Participant
    Topics: 6
    Replies: 115
    Points: 101
    Helping Hand
    Rank: Participant

    Check out this article from Ashley McGlone
    PowerShell Remoting Kerberos Double Hop Solved Securely

  • #97551

    Participant
    Topics: 2
    Replies: 6
    Points: 1
    Rank: Member

    Thank you for the suggestions. Not sure if the root cause may be some hardening setting as I tried a different 2008R2 system with the same results.

    Unfortunately, Kerberos constrained delegation is out as we, , don't have the infrastructure to support it yet.

    I'll be going the $using:creds route since this is a one-off use case.

    Life will be so much easier once 2008 hits end of support....Thanks again!

The topic ‘Server Core Remoting with Credssp’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort