Forum Discussion

Kaj__'s avatar
Kaj__
Copper Contributor
Jul 26, 2024

Access Denied Error When Using Enter-PSSession in Workgroup/Entra Joined Env

Hello everyone,

I'm currently facing an issue with establishing an Enter-PSSession connection between two computers in my setup. Here are the details:

  1. Computer1: Hybrid Entra Joined, hostname: Computer1
  2. Computer2: Workplace/Entra Joined, hostname: Computer2

I would like to connect from Computer1 to Computer2 using Enter-PSSession. My account is a Hybrid Account and part of the Local Admin Group on Computer2. Both computers are connected with the same Entra ID.

The firewall on Computer2 has an open port (HTTP Port 8085). Although the computers are not in the same subnet, the network layer seems to be functioning correctly.

I have made the following registry entries on Computer1:

 

Registry-Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client trusted_hosts "*"

Registry-Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client spn_prefix "HOST"

 

To establish a connection, I use the following string:

$aadusername1 = Get-Credential -UserName "AzureAD\username1 @domain.ch" -Message "AzureAD\email address removed for privacy reasons"

Enter-PSSession -ComputerName XX.XX.XXX.55 -Port 5985 -Credential $aadusername1 -Authentication Negotiate

Unfortunately, I am unable to connect to Computer2. I receive the following error message:

Connecting to remote server XX.XX.XXX.55 failed with the following error message: Access is denied. For more information, please refer to the about_Remote_Troubleshooting Help topic.

In the Event Log of Computer2 i see following Event Log entry:

Event ID: 4625

Antragsteller:
Sicherheits-ID: NULL SID
Kontoname: -
Kontodomäne: -
Anmelde-ID: 0x0

Anmeldetyp: 3

Konto, für das die Anmeldung fehlgeschlagen ist:
Sicherheits-ID: NULL SID
Kontoname: email address removed for privacy reasons
Kontodomäne: AzureAD

Fehlerinformationen:
Fehlerursache: Unbekannter Benutzername oder ungültiges Kennwort.
Status: 0xC000006D
Unterstatus:: 0xC0000064

Prozessinformationen:
Aufrufprozess-ID: 0x0
Aufrufprozessname: -

Netzwerkinformationen:
Arbeitsstationsname: Computer1
Quellnetzwerkadresse: YY.YY.YYY.11
Quellport: 55343

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: NtLmSsp 
Authentifizierungspaket: NTLM
Ãœbertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

We encountered an issue where establishing a connection using Basic Authentication is not possible. However, when connecting from Computer2 to Computer2 using the described connection, the connection can be successfully established. The Event Log shows the following security protocols:

  • Anmeldeprozess: Pku2uSsp
  • Authentifizierungspaket: NegoExtender

If anyone has any insights or suggestions on how to solve this problem and enable a successful connection with the desired security protocols, your input would be greatly appreciated. Thank you!

 

 

No RepliesBe the first to reply

Resources