none
Powershell and WSMAN and CredSSP RRS feed

  • Question

  • Hello.

    I am writing a script that I need to use CredSSP but am having some trouble with getting it work. Basically I have done the following

    1. Configured group policy with the following registry settings

        Computer Configuration > Administrative Templayes > Windows Components > Windows Remote Management (WinRM) > WinRM Client

            Allow CredSSP authentication = Enabled

        Computer Configuration > Administrative Templayes > Windows Components > Windows Remote Management (WinRM) > WinRM Service

            Allow CredSSP authentication = Enabled

            Allow remote server management through WinRM = Enabled

                IPv4 filter = *

                IPv6 filter = *

    Computer configuration > Administrative Templates > System > Credential Delegation

        Allow delegating fresh credentials = Enabled

            WSMAN/*.my.com

        Allow delegating fresh credentials with NTLM only server authentication = Enabled

            WSMAN/*.my.com

    Now when i attempt to connect using

    New-PSSession -ComputerName "MYPC" -Authentication CredSSP -Cred my.com\user


    I get the following error. 

    The WinRM
    client cannot process the request. A computer policy does not allow the delegation of the user credentials to the
    target computer.

    When i try looking at Get-WSManCredSSP i see the following.

    The machine is configured to allow delegating fresh credentials to the following target(s): WSMAN/*.my.com
    This computer is configured to receive credentials from a remote client computer.

    This all looks above board right? I have windows firewall rules inbound as well for WinRAM. Can anyone offer any help?

    Cheers

    CW

    • Moved by Bill_Stewart Tuesday, December 11, 2018 8:39 PM Not a scripting question
    Thursday, January 4, 2018 11:39 AM

All replies

  • Hello,

    To use CredSSP you need to activate it on both machine.

    On the computer who run the command :

    Enable-WSManCredSSP –Role Client –DelegateComputer "remote Server" -Force

    On the remote server :

    Enable-WSManCredSSP –Role Server -Force
    Try and say me if it's works 

    Tuesday, May 15, 2018 12:24 PM
  • CredSSP has already been implemented via Group Policy.

    The issue is likely due to a domain issue or GP is not being processed correctly.  Manually doing this now will not work since GP is already setting this.


    \_(ツ)_/

    Tuesday, May 15, 2018 12:46 PM