WinRM remoting server with local Adminnistrator account not working?

2

I have a server Windows 2012R2 in the domain. This server has no domain user access, only local admin user. I can RDC into this machine using admin account, but cannot have a PSSession, so Enter-PSSession or Invoke-Command or New-PSSession does not work. I have set the Trustedhosts value to '*' already. Still does not work.

The example:

$cred = Get-Credential # username: Aministrator, password: secret123
Enter-PSSession -computername SVR1 -Credential $cred

Immediately I get error:

Enter-PSSession : Connecting to remote server SVR1 failed with the following error message : The user name or password is incorrect. For more information, see the about_Remote_Troubleshooting Help topic.

Why I cannot login to the server with local admin acount?

EDIT:

After the comment below, I have tried, SVR1\ADMINISTRATOR as username, then I go a different error message:

Enter-PSSession : Connecting to remote server SVR1 failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: We can't sign you in with this credential because your domain isn't available. Make sure your device is connected to your organization's network and try again. If you previously signed in on this device with another credential, you can sign in with that credential. 
Possible causes are: 
    -The user name or password specified are invalid. 
    -Kerberos is used when no authentication method and no user name are specified. 
    -Kerberos accepts domain user names, but not local user names. 
    -The Service Principal Name (SPN) for the remote computer name and port does not exist.  
    -The client and remote computers are in different domains and there is no trust between the two domains. After checking for the above issues, try the following:  
    -Check the Event Viewer for events related to authentication.  
    -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. 
    -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
windows-server-2012-r2
powershell
remoting
asked on Server Fault Apr 4, 2019 by Dilshad Abduwali • edited Apr 4, 2019 by Dilshad Abduwali

2 Answers

0

Here's a guide: https://4sysops.com/archives/enable-powershell-remoting-on-a-standalone-workgroup-computer/

And a summary of the main points:

  • Make sure the network type on the remote server is not "Public". Since it's not on a domain, you'll probably want to make sure it is "Private". Instead, you can make sure you added -SkipNetworkProfileCheck when you enabled psremoting.
  • On the client (where you're initiating from), enter the remote server's IP to the trusted hosts. E.g., winrm set winrm/config/client @{TrustedHosts="10.0.2.33"} at an elevated command prompt (make sure to change that IP to the one in your environment).
answered on Server Fault Apr 4, 2019 by Todd Wilcox
0

0x80090311 occurred while using Kerberos authentication

You can get this specific error when you connect to a standalone computer because Kerberos is only available for domain members.

Please check on both computers that you have a common authentication method.

On the client computer:

Get-ChildItem -Path WSMan:\localhost\Client\Auth

On the target computer:

Get-ChildItem -Path WSMan:\localhost\Service\Auth

Typically you may want to use CredSPP when connecting to standalone computers, though this is not the most secure method.

If the target is a domain member, you may have disabled something in the Kerberos configuration somewhere (check your GPOs)

answered on Server Fault Dec 3, 2019 by Luke

User contributions licensed under CC BY-SA 3.0