22
votes

I can not remote into any machine to save my life! I have tried everything I can find. If anyone could troubleshoot or guide me, I'd appreciate it as this would be a great tool to add on my domain.

SETUP:

  1. Client machine inside domain
  2. Server machine inside or outside domain - Virtualized and utilized for WSUS Computername: wsustest
  3. CLIENT SERVER MACHINE physical- computername: epizzi-pc

STEPS:

enable-pssremoting done! on all machines
trustedhosts configured with * or client machine added
Firewalls with public profile off just in case

Enter-PSSession -ComputerName wsustest -Credential wsustest\administrator
Enter-PSSession -ComputerName epizzi-pc -Credential epizzi-pc\administrador
Enter-PSSession : Connecting to remote server epizzi-pc failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090311 
occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request.  
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession -ComputerName epizzi-pc -Credential epizzi-pc\administrador
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (epizzi-pc:String) [Enter-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

Enter-PSSession -ComputerName wsustest -UseSSL -Credential wsustest\administrator

*Enter-PSSession : Connecting to remote server wsustest failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is 
valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM 
firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession -ComputerName wsustest -UseSSL -Credential wsustest\administrato ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (wsustest:String) [Enter-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed*
ERRORs:
7
Are you able to telnet to port 5985 on the client?MDMoore313

7 Answers

12
votes

I was receiving the same problem when remoting to a server and found this blog post very helpful - http://jeffgraves.me/2013/10/14/powershell-remoting/

For my specific case I did the following:

On the Local machine

  1. winrm quickconfig (although this was already configured)
  2. winrm s winrm/config/client '@{TrustedHosts="myservername.domain"}'

On the Remote machine

  1. enable-psremoting -force
  2. Set-PSSessionConfiguration -ShowSecurityDescriptorUI -Name Microsoft.PowerShell -Force
4
votes

I got around this problem by using a fully qualified logon. Instead of "netbiosdomain\accountname", I used fqdn\accountname, as in Microsoft.com\myaccount in the get-credential prompt. May not work for everyone, but it's worth a shot.

3
votes

This is how I do it. I use this on my scripts.

# This is only done once
Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File
c:\Windows\temp\securepass.txt

# Setup credentials
$SecureString = Get-Content c:\Windows\temp\securepass.txt | ConvertTo-SecureString
$mycredentials = New-Object -TypeName System.Management.Automation.PSCredential
    -ArgumentList "yourDomain\userID",$SecureString

# Open remote session:
$MyRSession = New-PSSession -ComputerName Computer1 -Credential $mycredentials
    -Authentication default

# Use remote session:
Enter-PSSession $MyRSession
1
votes

Get rid of -UseSSL. I enabled PSRemoting and had problems with using that. I guess I could look at it later but for now it doesn't matter.

1
votes

If there is no trust between the client and server computers, you have to enable basic authentication on the server side. Do this by toggling the correct properties on the WSMAN: drive on the server. You'll obviously have to do this interactively on the console or via remote desktop, due to the chicken and egg problem :) Also, this may come into play too:

http://www.nivot.org/blog/post/2009/10/30/PowerShell20EnablingRemotingWithVirtualXPModeOnWindows7

1
votes

I was getting that same error currently no logon servers available. The issue was resolved by using instead of Domain\Username as credentials the user UPN or Username@Domain.

0
votes

I have achieved a remote session with Enter-pssession command, had to follow these exact parameters

$creds =  get-credential (the -credential parameter in enter-pssession does not work properly, thus u must         previously enter the object at another variable)
Enter-pssession -computername wsustest -authentication Default -credentials $creds

i Also had to set both client and remote server in the trusted hosts wsman: space

another solution which surely wouldve worked but i havent tried, wouldve been setting https: which is harder to do.

thx to all, your comments certainly led to the solution!