在Docker中输入-PSSession到Nanoserver容器 - >访问被拒绝 [英] Enter-PSSession to Nanoserver container in Docker -> Access is Denied
问题描述
过去几天我一直把头发拉过来,我真的希望有人可以提供帮助(或者
声称我的StackOverflow赏金)。
I've been pulling my hair out over this for the last few days and am really hoping someone here can help (or claim my StackOverflow bounty).
我在Windows Server 2016上的docker中的容器中托管microsoft / nanoserver映像(基本上遵循
这些说明)带命令:
I am hosting the microsoft/nanoserver image in a container within docker on Windows Server 2016 (basically following these instructions) with the command:
docker run -it microsoft/nanoserver cmd这为我提供了一个容器内的交互式命令行我可以从主机ping容器。
This provides me an interactive command line within the container and I am able to ping the container from the host.
然而,当我尝试使用命令"Enter-PSSession -ComputerName< ipaddress |主机文件中的名称> -Credential~ \Administrator"与nanoserver容器建立远程PowerShell会话I *总是*收到错误"Access
被拒绝"。
However, when I try to use the command "Enter-PSSession -ComputerName <ipaddress | name in hosts file> -Credential ~\Administrator" to establish a remote powershell session with the nanoserver container I *always* receive the error "Access is denied".
这是我尝试过的。在每次测试之后,我重新发出了上面的Enter-PSSession命令,但仍然得到"访问被拒绝"
Here's what I have tried. After each test I have re-issued the Enter-PSSession command above but still get "Access is denied"
*使用命令"net user"在容器内设置管理员密码管理员<密码>"
* Setting the Administrator password from within the container with the command "net user Administrator <password>"
*调用"Set-WSManQuickConfig"来自容器内的powershell导致:
* Calling "Set-WSManQuickConfig" from powershell within the container results in:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
WinRM快速配置
运行Set-WSManQuickConfig命令具有重要的安全隐患,因为它可以通过$
启用远程管理WinRM这台电脑上的服务。
这个命令:
1。检查WinRM服务是否正在运行。如果WinRM服务未运行,则启动该服务。
2。将WinRM服务启动类型设置为自动。
3。创建一个侦听器以接受任何IP地址上的请求。默认情况下,传输是HTTP。
4。为WS-Management流量启用防火墙例外。
5。启用Kerberos和协商服务身份验证。
是否要通过此计算机上的WinRM服务启用远程管理?
[Y]是 [N]否 [S]暂停 [?]帮助(默认为"Y"):Y
WinRM已设置为在此计算机上接收请求。
WinRM已更新以进行远程管理。
配置LocalAccountTokenFilterPolicy以远程授予本地用户管理权限。
WinRM Quick Configuration
Running the Set-WSManQuickConfig command has significant security implications, as it enables remote management through
the WinRM service on this computer.
This command:
1. Checks whether the WinRM service is running. If the WinRM service is not running, the service is started.
2. Sets the WinRM service startup type to automatic.
3. Creates a listener to accept requests on any IP address. By default, the transport is HTTP.
4. Enables a firewall exception for WS-Management traffic.
5. Enables Kerberos and Negotiate service authentication.
Do you want to enable remote management through the WinRM service on this computer?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): Y
WinRM is already set up to receive requests on this computer.
WinRM has been updated for remote management.
Configured LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
注意:nanoserver中没有'Enable-PSRemoting'和'winrm quickconfig'。
NOTE: 'Enable-PSRemoting' and 'winrm quickconfig' are not available within nanoserver.
*使用命令' Enable-PSSessionConfiguration -Name *'
启用所有PSSession配置会导致:
* Enabling all PSSession configurations with the command 'Enable-PSSessionConfiguration -Name *' results in:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
WinRM已经是设置为在此计算机上接收请求。
WinRM已经设置为在此计算机上进行远程管理。
WinRM is already set up to receive requests on this computer.
WinRM is already set up for remote management on this computer.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*导航wsman:在客户端和服务器上执行以下操作ver(每次更改后重新启动winrm 服务)
* Navigating wsman: to do the following on both the client and server (restarting winrm service after every change)
1。允许基本身份验证
1. Allow basic authentication
2。允许非加密通信
3。添加"所有人"完全控制wsman服务的RootSDDL
3. Add "Everyone" with full-control to the RootSDDL of the wsman service
*添加透明桥到docker并使用'docker run -it -network TransparentBridge microsoft / nanoserver cmd'启动容器并重复以上所有操作。
* Adding transparent bridge to docker and starting container with 'docker run -it -network TransparentBridge microsoft/nanoserver cmd' and repeating all the above.
*以及其他一些我忘记的事情。
* And a number of other things I've since forgot.
我可以telnet到容器的5985端口,所以我知道防火墙不是问题。我也得到了一个"HTTP BAD REQUEST"当它传递垃圾时我知道这里有服务。
I can telnet to port 5985 of the container so I know the firewall isn't an issue. Also I get a "HTTP BAD REQUEST" when passing it garbage so I know there's a service listening here.
我已经在虚拟机中成功设置了nanoserver(在
这些说明)并且可以轻松地与此服务器建立远程PowerShell会话,所以我是有点不知所措,为什么它不能用码头图像。
I have successfully set up nanoserver within a virtual machine (following these instructions) and can easily establish a remote powershell session with this server so I'm at a bit of a loss why it won't work with the docker image.
感谢任何帮助。
谢谢, Ian
Thanks, Ian
推荐答案
我有完全相同的问题。你解决了吗?
I have the exact same issue. Did you resolve it?
这篇关于在Docker中输入-PSSession到Nanoserver容器 - >访问被拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
