none
PSremoting using LocalAdmin on 2012 & 2012 R2 RRS feed

  • Question

  • Hi Guys

    Great blog!!!

    i followed the steps (https://blogs.technet.microsoft.com/heyscriptingguy/2012/07/23/an-introduction-to-powershell-remoting-part-one/#comment-1534375) & able to remotely execute powershell commands on our domain joined 2008 & R2 servers using my domain credentials & Local Admin (created a user & added to Admin group on server). however when i try same on 2012 & R2 servers, i'm not able to do using local admin, but works for Domain credentials
    same credentials works for RDP but not for PSremoting.

    is there anything that needs to be done on 2012 & R2 servers?

    PS C:\Atul_Data\Server Hardening> Invoke-Command -ComputerName servername -Credential localadminname -ScriptBlock {get-childitem c:\}
    [servername] Connecting to remote server
    servername failed with the following error message : WinRM
    cannot process the request. The following error with errorcode 0x80090311
    occurred while using Kerberos authentication: There are currently no logon
    servers available to service the logon request.
     Possible causes are:
      -The user name or password specified are invalid.
      -Kerberos is used when no authentication method and no user name are
    specified.
      -Kerberos accepts domain user names, but not local user names.
      -The Service Principal Name (SPN) for the remote computer name and port does
    not exist.
      -The client and remote computers are in different domains and there is no
    trust between the two domains.
     After checking for the above issues, try the following:
      -Check the Event Viewer for events related to authentication.
      -Change the authentication method; add the destination computer to the WinRM
    TrustedHosts configuration setting or use HTTPS transport.
     Note that computers in the TrustedHosts list might not be authenticated.
       -For more information about WinRM configuration, run the following command:
    winrm help config. For more information, see the about_Remote_Troubleshooting
    Help topic.
        + CategoryInfo          : OpenError: (servername:String) [
       ], PSRemotingTransportException
        + FullyQualifiedErrorId : AuthenticationFailed,PSSessionStateBroken

    • Moved by Bill_Stewart Tuesday, December 11, 2018 9:08 PM Abandoned
    Thursday, July 19, 2018 7:32 PM

All replies

  • You cannot use a local account to connect to a remote server.  You can use a remote user account (on the target server). 

     Invoke-Command -ComputerName servername -Credential servername\adminname -ScriptBlock {get-childitem c:\}

    You must include the domain with the name.


    \_(ツ)_/

    Thursday, July 19, 2018 7:56 PM
  • Sorry for confusion, yes i'm using the same format provided by you. but same error
    Thursday, July 19, 2018 11:21 PM
  • Then you have network issues.  The use of a local account should cause NTLM authentication.

    Here is a full example:

     Invoke-Command -ComputerName ws701 {dir c:\} -Credential WS701\Administrator


    \_(ツ)_/

    Thursday, July 19, 2018 11:25 PM
  • Does NTLM works only for Local accounts, as there is no issue, while i'm using my domain credentials. also this issues is coming only on 2012 & r2 servers, 2008 are fine.
    Friday, July 20, 2018 6:18 PM