Adding a SCVMM 2008 host in a external trusted domain fails with error 2917
Published Feb 14 2019 09:46 PM 320 Views
First published on TECHNET on Sep 21, 2009

When trying to add a System Center Virtual Machine Manager 2008 host in a remote domain configured with an external trust , you receive the following error:

Error (2917)
Virtual Machine Manager cannot process the request because an error occurred while authenticating Possible causes are:
1) The specified user name or password are not valid.
2) The Service Principal Name (SPN) for the remote computer name and port does not exist.
3) The client and remote computers are in different domains and there is not a two-way full trust between the two domains.
(The network path was not found (0x80070035))

This occurs because WinRM requires Kerberos authentication. When WinRM tries to authenticate against servers in an external trust it defaults to use NTLM authentication and WinRM authentication fails, generating the error 2917 / 0x80070035.

To resolve this issue, change the trust to be a cross-forest trust. This will allow for Kerberos authentication and WinRM will authenticate as designed.  Once this occurs you will be able to successfully add the host to SCVMM.

Additional Information:

Depending on your environment, you may also have to apply KB971244 after you change to a cross-forest trust due to increased token sizes that are generated with cross-forest trusts.

Justin Luyt | SCVMM Senior Support Engineer

Version history
Last update:
‎Mar 11 2019 08:15 AM
Updated by: