Forum Discussion
Solved
How do I PowerShell Remote from an AAD machine to an AD machine?
Hello, I have an Azure-AD-joined machine, from which I want to do PowerShell Remoting (WinRM) to domain-joined servers.
When I try Enter-PSSession myserver (whether I use -Credential with my domain account or not), I get the same error:
Enter-PSSession : Connecting to remote server myserver failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
I am on the same network as the servers. If I connect from domain computer to domain computer, then I have no issues. It's only when connecting from an Azure-AD joined computer (even when supplying domain credentials) that it doesn't work.
How do I PowerShell Remote from an AAD machine to an AD machine? Thanks in advance
After posting my reply I did manage to figure it out. Do the following from an Administrative PS window.
On the machine you are running Enter-PSSession on (Client), first ensure WinRM is running (and setting it to Automatic for ease of use)
Set-Service -Name WinRM -Status Running -StartupType AutomaticAdd either all (*) or just the servers you want to connect to into the TrustedHosts list
Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value 'server1'or -Value *
To append to the list in the future use -Concatenate at the end of the command. You can also specify multiple servers in the command by using 'server1,server2,server3'
Now you should be able to remote to these servers from an Azure Joined server.
One additional note, you may have to specify credentials in the DOMAIN\Username format in the Enter-PSSession command with the -Credential parameter:
Enter-PSSession server1 -Credential (Get-Credential)
Roger Seekell Did you ever figure this out? I was hopeful to finally find a thread with this question but sad to see there were no replies.
- Thanks for your reply. No, I have not been able to figure it out.
After posting my reply I did manage to figure it out. Do the following from an Administrative PS window.
On the machine you are running Enter-PSSession on (Client), first ensure WinRM is running (and setting it to Automatic for ease of use)
Set-Service -Name WinRM -Status Running -StartupType AutomaticAdd either all (*) or just the servers you want to connect to into the TrustedHosts list
Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value 'server1'or -Value *
To append to the list in the future use -Concatenate at the end of the command. You can also specify multiple servers in the command by using 'server1,server2,server3'
Now you should be able to remote to these servers from an Azure Joined server.
One additional note, you may have to specify credentials in the DOMAIN\Username format in the Enter-PSSession command with the -Credential parameter:
Enter-PSSession server1 -Credential (Get-Credential)
