我正在尝试使用PowerShell远程处理从远程域中的服务器检查某些磁盘大小,但我运行的命令无法正常工作。
情况是这样的:
域B中的服务器正在运行Exchange 2010,我可以使用此命令从服务器A对其执行Exchange 2010特定命令:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange –ConnectionUri $ConnectionURI -Credential $Credentials -Authentication Basic
Import-PSSession $Session
问题是我无法使用此会话对此服务器运行任何非Exchange命令,如果我尝试然后它说它无法理解命令。我已经使用Invoke-Command检查并运行Get-Command,并且设置为我建立的会话的-Session变量仅返回Exchange命令。
所以我想我会尝试使用Invoke-Command和相关的ComputerName,身份验证类型和凭据,但这是失败的:
Invoke-Command -ScriptBlock {Get-Service} -ComputerName "Servername.destination.com" -Credential $Credentials -Authentication "Basic"
这是错误:
[servername.destination.com] Connecting to remote server failed with the following error message : The WinRM client can
not process the request. The authentication mechanism requested by the client is not supported by the server or unencry
pted traffic is disabled in the service configuration. Verify the unencrypted traffic setting in the service configurat
ion or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the computer nam
e as the remote destination. Also verify that the client computer and the destination computer are joined to a domain.
To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name a
nd password. Possible authentication mechanisms reported by server: Negotiate Kerberos For more information, see th
e about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
所以我进入目标服务器上的WSMAN配置并设置允许Basic Auth和未加密连接的相关设置:
cd WSMan:\localhost\Service
Set-Item AllowUnencrypted $True
cd .\Auth
Set-Item Basic $True
我还将目标服务器添加到源域服务器的可信主机中:
cd WSMan:\localhost\Client
Set-Item TrustedHosts servername.destination.com
执行此操作后,错误会发生变化,但不是很有用:
PS WSMan:\localhost\Client> Invoke-Command -ScriptBlock {Get-Service} -ComputerName "servername.destination.com" -Creden
tial $Credentials -Authentication "Basic"
[servername.destination.com] Connecting to remote server failed with the following error message : Access is denied. Fo
r more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
我也尝试过使用Domain Admin凭据,通过-Credential(Get-Credential),但是这个问题也失败了。
我尝试使用的用户是相关服务器上本地Admin用户的成员,因此应该已经在PSSessionConfiguration容器上设置了权限。
我希望有任何进一步的指示!我只是使用WMI,但目前尚未通过防火墙启用。
答案 0 :(得分:21)
最近有类似的问题。建议您仔细检查您所连接的用户是否在远程计算机上具有适当的授权。
您可以使用以下命令查看权限。
Set-PSSessionConfiguration -ShowSecurityDescriptorUI -Name Microsoft.PowerShell
在这里找到这个提示:
它为我修好了。
答案 1 :(得分:2)
以管理员身份运行命令提示符或Powershell ISE为我修复此问题。