I need to script some routine task to execute remotly from a serverA to many hosts but a couple of them fail to execute the script.
If i execute this:
$cred = Get-Credential myUser
Invoke-Command -ComputerName serverB -ScriptBlock{gci d:\} -Credential $cred
or this:
Test-WSMan -ComputerName ServerB -Credential $cred -Authentication Negotiate
I get the following error
[SeverB] Connecting to remote server ServerB failed with the following error message : WinRM cannot process
the request. The following error with errorcode 0x80090322 occurred while using Negotiate authentication: An unknown
security error occurred.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (serverB:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : -2144108387,PSSessionStateBroken
But when i used test-wsman alone:
Test-WSMan -ComputerName ServerB
wsmid :
http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor : Microsoft Corporation
ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0
I dont know where the problem could be. I had already tried using enable-psremote, winrm qc, checking firewall settings and user priviledge
Best Answer
seems like an issue with exsting spn mapping issue , In powershell you can delete spn account and retry.
if the issue persists, you can check with using ip address (IPv4) instead of server name to bypass Kerberos error.
Source https://serverfault.com/questions/580411/windows-server-manager-kerberos-error-0x80090322
https://social.technet.microsoft.com/Forums/windows/en-US/a4c5c787-ea65-4150-8d16-2a19c569a589/enterpssession-winrm-cannot-process-the-request-kerberos-authentication-error-0x80090322?forum=winserverpowershell