Team Foundation Server (TFS) PowerShell on Target Machine

I am trying to automate my build setup. It works quite good. But I have a problem with the Step „PowerShell on Target Machines“.

The step works fine as long as the TFS server and the other server are in the same domain. Now I have a server which is not inside the domain. The „Windows Machine File Copy“ step is working. But the „PowerShell on Target Machines“ step is not working. The powershell script is on the remote machine. I only have to execute the script.

On the server I have a local user with administrator privileges. I already checked :

• Firewall is not a problem
• WinRM is set up
• TFS Server is in the trusted host list
• Configured „PowerShell on Target Machines“ with IP adress, Machine Group and Machine Name

When I use HTTP I receive following error

WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic. For more info please refer to http://aka.ms/powershellontargetmachinesreadme

When I use HTTPS I receive following error

The client cannot connect to the destination specified in the request.
 Verify that the service on the destination is running and is accepting requests.
 Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".
 For more information, see the about_Remote_Troubleshooting Help topic.
 For more info please refer to http://aka.ms/powershellontargetmachinesreadme

Right now I am lost and don’t know what to do. Has anybody any idea what to check next?

Thank you in advance

Seems you want to make TFS running PS on target machines that resides outside of build machine AD domain. This is not such simple, even though you directly use tfs task, will get the same error.

To achieve this you have two options.

1. Setup one way trust between your primary domain ans all of your sub domains so that your production domain credentials can be used on all of your sub domains.
2. use shadow accounts to allow cross domain authentication. These are local accounts with the same username and password across machines that allows auth. This is the official MSFT work around for non trust domain auth.

Please take a look at this similar question: TFS 'Powershell on Target Machines' task for machines in different AD domain

Update

Worked from OP: Add the client to the server trusted host list and the other way around (add server on the client to the trusted host list)*