PowerShell 远程处理给出“访问被拒绝"错误 [英] PowerShell Remoting giving "Access is Denied" error
问题描述
我正在尝试使用 PowerShell Remoting 从远程域中的服务器检查一些磁盘大小,但我正在运行的命令无法正常工作.
I am trying to use PowerShell Remoting to check some disk sizes from a Server in a remote domain, but the commands I am running are failing to work.
情况是这样的:
- 源服务器在域 A 中
- 目标服务器在域 B 中
- 这些域之间不存在信任
域 B 中的服务器正在运行 Exchange 2010,我可以使用以下命令从服务器 A 针对它运行 Exchange 2010 特定命令:
The Server in Domain B is running Exchange 2010, and I can run Exchange 2010 Specific commands against it from Server A using this command:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange –ConnectionUri $ConnectionURI -Credential $Credentials -Authentication Basic
Import-PSSession $Session
问题是我无法使用此会话在此服务器上运行任何非 Exchange 命令,如果我尝试,它会说它无法理解这些命令.我已经检查并使用 Invoke-Command 运行 Get-Command,将 -Session 变量设置为我已建立的会话仅返回 Exchange 命令.
The problem is that I can't run any non Exchange commands against this server using this session, if I try then it says that it can't understand the commands. I've checked and running Get-Command with Invoke-Command and the -Session variable set to my established session only returns Exchange commands.
所以我想我会尝试使用 Invoke-Command 和相关的 ComputerName、Authentication type 和 Credentials,但这失败了:
So I thought i'd try to use Invoke-Command and the relevant ComputerName, Authentication type and Credentials, but this is failing:
Invoke-Command -ScriptBlock {Get-Service} -ComputerName "Servername.destination.com" -Credential $Credentials -Authentication "Basic"
这是错误:
[servername.destination.com] Connecting to remote server failed with the following error message : The WinRM client can
not process the request. The authentication mechanism requested by the client is not supported by the server or unencry
pted traffic is disabled in the service configuration. Verify the unencrypted traffic setting in the service configurat
ion or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the computer nam
e as the remote destination. Also verify that the client computer and the destination computer are joined to a domain.
To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name a
nd password. Possible authentication mechanisms reported by server: Negotiate Kerberos For more information, see th
e about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
所以我进入目标服务器上的 WSMAN 配置并设置相关设置以允许基本身份验证和未加密的连接:
So I go into the WSMAN config on the Target server and set the relevant settings for allowing Basic Auth and an unencrypted connection:
cd WSMan:\localhost\Service
Set-Item AllowUnencrypted $True
cd .\Auth
Set-Item Basic $True
我还将目标服务器添加到源域服务器的受信任主机中:
I also have added the Destination server into the Trusted Hosts of the Source domain server:
cd WSMan:\localhost\Client
Set-Item TrustedHosts servername.destination.com
这样做后,错误发生了变化,但不是很有帮助:
After doing so, the error changes, but it's not very helpful:
PS WSMan:\localhost\Client> Invoke-Command -ScriptBlock {Get-Service} -ComputerName "servername.destination.com" -Creden
tial $Credentials -Authentication "Basic"
[servername.destination.com] Connecting to remote server failed with the following error message : Access is denied. Fo
r more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
我也尝试过通过 -Credential (Get-Credential) 使用域管理员凭据,但由于同样的问题而失败.
I have also tried using Domain Admin credentials, via -Credential (Get-Credential), but this is failing with the same problem.
我尝试使用的用户是相关服务器上本地管理员用户的成员,因此应该已经在 PSSessionConfiguration 容器上设置了权限.
The user I am trying to use is a member of the local Admins users on the server in question, so the permissions should already be set on the PSSessionConfiguration containers.
我希望有任何进一步的指示!我只想使用 WMI,但目前还没有通过防火墙启用.
I would love any further pointers with this! I would just use WMI but it's not enabled through the firewalls at the moment.
推荐答案
最近遇到了类似的问题.建议您仔细检查与您连接的用户在远程计算机上是否具有适当的授权.
Had similar problems recently. Would suggest you carefully check if the user you're connecting with has proper authorizations on the remote machine.
您可以使用以下命令查看权限.
You can review permissions using the following command.
Set-PSSessionConfiguration -ShowSecurityDescriptorUI -Name Microsoft.PowerShell
在这里找到这个提示(更新链接,感谢unbob"):
Found this tip here (updated link, thanks "unbob"):
https://devblogs.microsoft.com/scripting/configure-remote-security-settings-for-windows-powershell/
它帮我修好了.
这篇关于PowerShell 远程处理给出“访问被拒绝"错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
