Home

issue with powershell remote to server with SPN http service already assigned

%3CLINGO-SUB%20id%3D%22lingo-sub-94199%22%20slang%3D%22en-US%22%3Eissue%20with%20powershell%20remote%20to%20server%20with%20SPN%20http%20service%20already%20assigned%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-94199%22%20slang%3D%22en-US%22%3E%3CP%3EHello%3C%2FP%3E%3CP%3EI%20have%20the%20similar%20problem%20as%20described%20here%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsuperuser.com%2Fquestions%2F1041607%2Fhow-do-i-enable-both-powershell-remoting-and-spn-for-sql-server-reporting%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsuperuser.com%2Fquestions%2F1041607%2Fhow-do-i-enable-both-powershell-remoting-and-spn-for-sql-server-reporting%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20have%20server%20with%20installled%20IIS%20role%20and%26nbsp%3B%20SPN%20was%20registered%20as%20HTTP%2F%3CMACHINE%3E%20%3CDOMAIN%3E%5C%3CSERVICE%20domain%3D%22%22%20account%3D%22%22%3E%20I%20cant%20connect%20to%20this%20server%20using%20remote%20powershell.%20Have%20an%20error.%3C%2FSERVICE%3E%3C%2FDOMAIN%3E%3C%2FMACHINE%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%E2%80%9CWinRM%20cannot%20process%20the%20request.%20The%20following%20error%20with%20errorcode%200x80090322%20occurred%20while%20using%20Kerberos%20authentication%3A%20An%20unknown%20security%20error%20occurred.%3C%2FP%3E%3CP%3EPossible%20causes%20are%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%20-The%20user%20name%20or%20password%20specified%20are%20invalid.%3C%2FP%3E%3CP%3E%26nbsp%3B%20-Kerberos%20is%20used%20when%20no%20authentication%20method%20and%20no%20user%20name%20are%20specified.%3C%2FP%3E%3CP%3E%26nbsp%3B%20-Kerberos%20accepts%20domain%20user%20names%2C%20but%20not%20local%20user%20names.%3C%2FP%3E%3CP%3E%26nbsp%3B%20-The%20Service%20Principal%20Name%20(SPN)%20for%20the%20remote%20computer%20name%20and%20port%20does%20not%20exist.%3C%2FP%3E%3CP%3E%26nbsp%3B%20-The%20client%20and%20remote%20computers%20are%20in%20different%20domains%20and%20there%20is%20no%20trust%20between%20the%20two%20domains.%3C%2FP%3E%3CP%3EAfter%20checking%20for%20the%20above%20issues%2C%20try%20the%20following%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%20-Check%20the%20Event%20Viewer%20for%20events%20related%20to%20authentication.%3C%2FP%3E%3CP%3E%26nbsp%3B%20-Change%20the%20authentication%20method%3B%20add%20the%20destination%20computer%20to%20the%20WinRM%20TrustedHosts%20configuration%20setting%20or%20use%20HTTPS%20transport.%3C%2FP%3E%3CP%3ENote%20that%20computers%20in%20the%20TrustedHosts%20list%20might%20not%20be%20authenticated.%E2%80%9D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWorkaround%20as%20described%20in%20article%26nbsp%3B%20doesnt%20work%20for%20me.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%2F%2FAlexander%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-94199%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-188384%22%20slang%3D%22en-US%22%3ERe%3A%20issue%20with%20powershell%20remote%20to%20server%20with%20SPN%20http%20service%20already%20assigned%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-188384%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20had%20the%20same%20problem%20and%20found%20a%20solution%20by%20Marcos%20Paulo%20Amorim%20in%20%3CA%20href%3D%22https%3A%2F%2Fsocial.technet.microsoft.com%2FForums%2Fwindows%2Fen-US%2Fa4c5c787-ea65-4150-8d16-2a19c569a589%2Fenterpssession-winrm-cannot-process-the-request-kerberos-authentication-error-0x80090322%3Fforum%3Dwinserverpowershell%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsocial.technet.microsoft.com%2FForums%2Fwindows%2Fen-US%2Fa4c5c787-ea65-4150-8d16-2a19c569a589%2Fenterpssession-winrm-cannot-process-the-request-kerberos-authentication-error-0x80090322%3Fforum%3Dwinserverpowershell%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20solved%20the%20first%20part%20of%20the%20problem%2C%20but%20I%20still%20find%20it%20somewhat%20ugly%20since%20I%20like%20all%20my%20servers%20accessible%20in%20the%20same%20way%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%2C%3C%2FP%3E%3CP%3E%26nbsp%3BAnders%3C%2FP%3E%3C%2FLINGO-BODY%3E
alexander tikhomirov
Contributor

Hello

I have the similar problem as described here

https://superuser.com/questions/1041607/how-do-i-enable-both-powershell-remoting-and-spn-for-sql-ser...

 

If I have server with installled IIS role and  SPN was registered as HTTP/<Machine> <domain>\<service domain account> I cant connect to this server using remote powershell. Have an error.

 

“WinRM cannot process the request. The following error with errorcode 0x80090322 occurred while using Kerberos authentication: An unknown security error occurred.

Possible causes are:

  -The user name or password specified are invalid.

  -Kerberos is used when no authentication method and no user name are specified.

  -Kerberos accepts domain user names, but not local user names.

  -The Service Principal Name (SPN) for the remote computer name and port does not exist.

  -The client and remote computers are in different domains and there is no trust between the two domains.

After checking for the above issues, try the following:

  -Check the Event Viewer for events related to authentication.

  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.

Note that computers in the TrustedHosts list might not be authenticated.”

 

Workaround as described in article  doesnt work for me.

 

//Alexander

 

 

 

1 Reply

Hi

 

I had the same problem and found a solution by Marcos Paulo Amorim in https://social.technet.microsoft.com/Forums/windows/en-US/a4c5c787-ea65-4150-8d16-2a19c569a589/enter...

 

It solved the first part of the problem, but I still find it somewhat ugly since I like all my servers accessible in the same way

 

Cheers,

 Anders

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
38 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies