使用远程PSSession CredSSP时出现未知安全错误

Question

我在客户端安装了64位Windows7和Powershell2.0，并启用了CredSSP

Enable-WSManCredSSP -Role Client -DelegateComputer * -Force

打开Powershell控制台，执行Enter-PSSession命令，使用CredSSP身份验证连接Windows2008Server：

Enter-PSSession -Computername ServerMOSS -Authentication Credssp -Credential MyDomain\installerUser

我想远程执行Get-WSManCredSSP命令，但得到错误："...当使用协商身份验证时:发生未知的安全错误。“

PS C:\Users\myUser> Enter-PSSession -Computername ServerMOSS -Authentication Credssp -Credential MyDomain\installerUser

[ServerMOSS]: PS C:\Users\installerUser\Documents> Get-WSManCredSSP

WinRM cannot process the request. The following error occured while using Negotiate authentication: An unknown security
 error occurred.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or us
e HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config.
    + CategoryInfo          :
    + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.GetWSManCredSSPCommand

[ServerMOSS]: PS C:\Users\installerUser\Documents> Exit-PSSession

IT部门在ServerMOSS中执行以下命令：

PS C:\Users\installerUser\Documents> enabled-psremoting -force

然后他们会得到错误：

WinRM already is set upt to receive requests on this machine
Set-WSManQuickConfig: WinRM cannot process the request. The following error occured while using Negotiate authentication: An unknown security error ocurred.

有什么建议吗？

Answer 1

我也有同样的问题。我已经搜索了几次，发现检查/设置SPN可以解决这个问题：

所以试试这个:复习(只读)

setspn.exe -L MACHINENAME

查看HTTP/HTTPS条目(或任何重复条目)的结果

添加缺少的名称：

setspn -A HTTP/machinename
setspn -A HTTP/machinename.fqdn.com
setspn -A HTTPS/machinename
setspn -A HTTPS/machinename.fqdn.com

来源：WinRM QuickConfig failing with 0x8033809D

Answer 2

这是因为HTTPS/HTTP条目未向SPN注册。只需以管理员身份执行以下打开Powershell：

使用以下命令检查SPN条目：

PS域名集setspn域名\服务器名

然后添加HTTP/HTTPS条目：

1. PS C:> setspn -A HTTP/servername servername
2. PS C:> setspn -A HTTP/servername.fqdn.com servername
3. PS C:> setspn -A HTTPS/servername servername
4. PS C:> setspn -A HTTPS/servername.fqdn.com servername

THen最后，您可以使用Enable- use在PowerShell提示符上删除-Force