我有一台部署伺服器 A、我的本機電腦 B 和我正在存取的伺服器 C 當我從 B -> C 執行測試腳本時,它是成功的。當我從 A -> C 運行相同的腳本時,它失敗了,我可以 ping 它但不能運行其他任何東西。
測試腳本:
$credential2 = New-Object System.Management.Automation.PsCredential(("Test\ci"), (ConvertTo-SecureString "Password" -AsPlainText -Force))
Test-Connection -ComputerName C
invoke-command -computername C { get-UICulture } -Credential $credential2
錯誤訊息:
[C] Connecting to remote server failed with the following error message : WinRM cannot process the request. The
following error occured while using Kerberos authentication: There are currently no logon servers available to service
the logon request.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or us
e HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information,
see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
最後注意事項: - A、B 位於相同網域,C 是工作群組 - Enable-PSRemoting(完成) - 修改群組原則(完成) - Set-ExecutionPolicy(完成) - 防火牆開啟(完成)
我的想法、猜測或我應該跟進的東西已經用完了?我在這裡先向您的幫助表示感謝。
答案1
看來重要的部分是驗證我的策略設定。伺服器 C(工作群組)被設定為允許網域中的 A、B 等伺服器進行連線。在某些時候,我使用相同的設定來設定伺服器 A。由於 C 在工作小組中,A 不信任它。
修復方法是刪除/更新 A 中的設定以適應這種情況。