Enter-PSSession not working to access domain-joined workstation

0

Introduction

I'm sitting at a Windows Server 2012 R2 server and I'm trying to Enter-PSSession into another machine.

I've executed Enable-PSRemoting on the remote computer and that did not help.

Computer Details

Local Computer

  • OS: Windows Server 2012 R2
  • IP 10.1.1.1/24
  • HOSTNAME.exe: server
  • ECHO %USERNAME%: User1
  • ECHO %USERDOMAIN%: example
  • WHOAMI.exe: example\user1
  • Domain in "control.exe system": example.test
  • Full Computer Name in "control.exe system": server.example.test
  • $PSVersionTable.PSVersion | FT -H: 5 0 10586 117

Remote Computer

  • OS: Windows 7 Enterprise
  • IP 10.1.1.2/24
  • HOSTNAME.exe: workstation
  • ECHO %USERNAME%: Administrator
  • ECHO %USERDOMAIN%: workstation
  • WHOAMI.exe: workstation\Administrator
  • Domain in "control.exe system": example.test
  • Full Computer Name in "control.exe system": workstation.example.test
  • $PSVersionTable.PSVersion | FT -H: 2 0 -1 -1

What I've Tried

Attempts 1-6 from server.example.test:

PS C:\Users\User1> Enter-PSSession -ComputerName workstation.example.test -credential Administrator
PS C:\Users\User1> Enter-PSSession -ComputerName workstation.example.test -credential example\Administrator
PS C:\Users\User1> Enter-PSSession -ComputerName workstation.example.test -credential example.test\Administrator
PS C:\Users\User1> Enter-PSSession -ComputerName workstation.example.test -credential User1
PS C:\Users\User1> Enter-PSSession -ComputerName workstation.example.test -credential example\User1
PS C:\Users\User1> Enter-PSSession -ComputerName workstation.example.test -credential example.test\User1

These all get the same output:

Enter-PSSession : Connecting to remote server workstation.example.test failed with the following error message : The user name or password is incorrect. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession -ComputerName workstation.example.test -credential Admin ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (workstation.example.test:String) [Enter-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

This makes no sense because I know with absolute certainty that the password is correct.

Attempts 7-8 from server.example.test

PS C:\Users\User1> Enter-PSSession -ComputerName workstation.example.test -credential workstation\Administrator
PS C:\Users\User1> Enter-PSSession -ComputerName workstation.example.test -credential workstation\User1

These both get this output:

Enter-PSSession : Connecting to remote server workstation.example.test failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession -ComputerName workstation.example.test -credential works ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (workstation.example.test:String) [Enter-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

Does anybody have any idea why this isn't working?

windows-7
powershell
remote-access
windows-server-2012-r2
asked on Super User Sep 20, 2017 by Rhyknowscerious

1 Answer

0

I went through all the trouble to write this up and then solved it right before posting so if you're having this same problem, hopefully this will help.

On server.example.test, open PowerShell as Admin and enter one of these commands:

  1. Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value *
  2. Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value *.example.test
  3. Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value workstation.example.test

The first will allow your local computer to connect to any remote computer.

The second will allow remote access to any computer on the example.test domain.

The third will allow remote access only workstation.example.test.

I think the syntax for adding several entries is just a comma-separated-value-string which would look something like this:

Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value "192.168.0.1,192.168.0.2"

answered on Super User Sep 20, 2017 by Rhyknowscerious • edited Sep 20, 2017 by Rhyknowscerious

User contributions licensed under CC BY-SA 3.0