can't open new powershell session from one server to another

0

I am trying to open a powershell session from one server to another. I can open sessions to servert1/2 which have the same configuration as far as I can tell. trustedhosts are the same, same user/pw being used. Yet when trying to open a session to serverp01 I get the following error:

Enter-PSSession : Connecting to remote server serverp01 failed with the following error message : WinRM cannot process
the request. The following error with errorcode 0x80090322 occurred while using Kerberos authentication: An unknown
security error occurred.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession
+ ~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (serverp01:String) [Enter-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed
powershell
kerberos
powershell-v4.0
asked on Server Fault Nov 7, 2016 by C.Rosenstadt

1 Answer

0

See below from here: https://social.technet.microsoft.com/Forums/windows/en-US/a4c5c787-ea65-4150-8d16-2a19c569a589/enterpssession-winrm-cannot-process-the-request-kerberos-authentication-error-0x80090322?forum=winserverpowershell

Hi Sergey, In my opinion, it's possible that the existing HTTP/SERVERNAME SPN registered under the domain account is related the error. Please try the action below: 1. On the server, change IIS application pool to run under Local System. 2. Run the following commands to remove existing SPN: setspn -D HTTP/SERVERNAME setspn -D HTTP/SERVERNAME.DOMAINAME.COM 3. Then connect to the server again to see what will happen. If the issue remains, disable Kernel mode authentication in IIS management console. Regards, Diana

answered on Server Fault Nov 7, 2016 by Tim Haintz

User contributions licensed under CC BY-SA 3.0