Dec 01 2021 06:58 AM
Hello, I have an Azure-AD-joined machine, from which I want to do PowerShell Remoting (WinRM) to domain-joined servers.
When I try Enter-PSSession myserver (whether I use -Credential with my domain account or not), I get the same error:
Enter-PSSession : Connecting to remote server myserver failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
I am on the same network as the servers. If I connect from domain computer to domain computer, then I have no issues. It's only when connecting from an Azure-AD joined computer (even when supplying domain credentials) that it doesn't work.
How do I PowerShell Remote from an AAD machine to an AD machine? Thanks in advance
Jan 05 2022 06:35 AM
@Roger Seekell Did you ever figure this out? I was hopeful to finally find a thread with this question but sad to see there were no replies.
Jan 05 2022 06:37 AM
Jan 05 2022 08:03 AM - edited Jan 05 2022 08:05 AM
SolutionAfter posting my reply I did manage to figure it out. Do the following from an Administrative PS window.
On the machine you are running Enter-PSSession on (Client), first ensure WinRM is running (and setting it to Automatic for ease of use)
Set-Service -Name WinRM -Status Running -StartupType Automatic
Add either all (*) or just the servers you want to connect to into the TrustedHosts list
Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value 'server1'
or -Value *
To append to the list in the future use -Concatenate at the end of the command. You can also specify multiple servers in the command by using 'server1,server2,server3'
Now you should be able to remote to these servers from an Azure Joined server.
One additional note, you may have to specify credentials in the DOMAIN\Username format in the Enter-PSSession command with the -Credential parameter:
Enter-PSSession server1 -Credential (Get-Credential)
Jan 20 2022 05:19 AM
Jul 23 2022 01:08 PM - edited Jul 23 2022 01:09 PM
I have WINRM completely stopped & disabled yet I'm able to run Enter-PSSession -ComputerName 192.168.128.140 -Credential 192.168.128.140\user just fine.
- PS Remoting is much easier when both the client\server are both members of the same domain due to the trust that is already there because of the domain join
o (not tested) have not tested if client\server are both joined to the same Azure AD
o Other wise if they are both part of a workgroup on the same LAN then you will need to add the client to the server’s trusted hosts
o (Not tested) or you can enable HTTPS transport and add the firewall rule for WSMAN/WINRM server
- PS remoting will require enable-PSremoting in both cases whether the client\server are members of the same domain or member of a work group
o you will run enable-PSremoting on the server (not the client)
Jan 05 2022 08:03 AM - edited Jan 05 2022 08:05 AM
SolutionAfter posting my reply I did manage to figure it out. Do the following from an Administrative PS window.
On the machine you are running Enter-PSSession on (Client), first ensure WinRM is running (and setting it to Automatic for ease of use)
Set-Service -Name WinRM -Status Running -StartupType Automatic
Add either all (*) or just the servers you want to connect to into the TrustedHosts list
Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value 'server1'
or -Value *
To append to the list in the future use -Concatenate at the end of the command. You can also specify multiple servers in the command by using 'server1,server2,server3'
Now you should be able to remote to these servers from an Azure Joined server.
One additional note, you may have to specify credentials in the DOMAIN\Username format in the Enter-PSSession command with the -Credential parameter:
Enter-PSSession server1 -Credential (Get-Credential)