我试图从Win8主机(相同的子网,它是本地虚拟机)使用PS连接到非域join的远程Win2008R2服务器。 尝试了我能find的一切,没有任何工作。
服务器:
PS C:\Users\Administrator> winrm quickconfig PS C:\Users\Administrator> enable-psremoting 客户:
PS C:\scripts> $cred = get-credential -username "administrator" -message "Enter password" PS C:\scripts> $sess = new-pssession -computername 10.10.106.2 -credential $cred -authentication default new-pssession : [10.10.106.2] Connecting to remote server 10.10.106.2 failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:9 + $sess = new-pssession -computername 10.10.106.2 -credential $cred -authenticatio ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException + FullyQualifiedErrorId : ServerNotTrusted,PSSessionOpenFailed PS C:\scripts> winrm set winrm/config/client '@{TrustedHosts="10.10.106.2"}' WSManFault Message = The client cannot connect to the destination specified in the request. Verify that the service on the dest ination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running o n the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". Error number: -2144108526 0x80338012 The client cannot connect to the destination specified in the request. Verify that the service on the destination is run ning and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destinat ion, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination t o analyze and configure the WinRM service: "winrm quickconfig". PS C:\scripts> $sess = new-pssession -computername 10.10.106.2 -credential $cred -usessl new-pssession : [10.10.106.2] Connecting to remote server 10.10.106.2 failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:9 + $sess = new-pssession -computername 10.10.106.2 -credential $cred -usessl + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin gTransportException + FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionOpenFailed
噢,RDP在这两台主机之间工作正常,具有相同的凭据。
即使这个工程:
PS C:\scripts> Get-WinEvent -computername 10.10.106.2 -credential $cred
在客户端
winrm quickconfig winrm set winrm/config/client '@{TrustedHosts="Computer1,Computer2"}'
在服务器端
Enable-PSRemoting -Force winrm quickconfig
为https
winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="_";CertificateThumbprint="_"}
为http
winrm create winrm/config/Listener?Address=*+Transport=HTTP
用testing
Test-WsMan ComputerName Test-WsMan ComputerName -UseSSL
编辑:使用PowerShell设置TrustedHosts
或与PowerShell(作为pipe理员)
Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value "Computer1,Computer2"
并检查(不需要pipe理员)
Get-Item WSMan:\localhost\Client\TrustedHosts
你在这些错误信息中发现的问题是:
如果身份validationscheme与Kerberos不同,或者客户端计算机未join域,则必须使用HTTPS传输,或者必须将目标计算机添加到TrustedHostsconfiguration设置。
基本上,您需要将WinRM设置为使用HTTPS (而不是默认的HTTP),或者将要连接的计算机添加为要连接到的计算机上的可信主机。