我想使用PowerShell Remoting来检查远程域中某个服务器的磁盘大小,但我运行的命令无法正常工作。
情况如下:
- 源服务器在A域
- 目标服务器在B域
- 这些域之间没有建立信任关系
B域中的服务器运行Exchange 2010,并且我可以使用以下命令从A服务器对其运行Exchange 2010特定命令:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange –ConnectionUri $ConnectionURI -Credential $Credentials -Authentication Basic
Import-PSSession $Session
问题在于,我不能使用这个会话运行任何非 Exchange 命令,如果我尝试,它会说无法理解命令。我已经检查过使用 Invoke-Command 和 -Session 变量设置为我已建立的会话运行 Get-Command,只返回 Exchange 命令。
所以我想尝试使用 Invoke-Command、相关的 ComputerName、身份验证类型和凭据,但是这样做失败了。
Invoke-Command -ScriptBlock {Get-Service} -ComputerName "Servername.destination.com" -Credential $Credentials -Authentication "Basic"
以下是错误信息:
[servername.destination.com] Connecting to remote server failed with the following error message : The WinRM client can
not process the request. The authentication mechanism requested by the client is not supported by the server or unencry
pted traffic is disabled in the service configuration. Verify the unencrypted traffic setting in the service configurat
ion or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the computer nam
e as the remote destination. Also verify that the client computer and the destination computer are joined to a domain.
To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name a
nd password. Possible authentication mechanisms reported by server: Negotiate Kerberos For more information, see th
e about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
所以我进入目标服务器的WSMAN配置,并设置相关选项,允许基本身份验证和未加密连接:
cd WSMan:\localhost\Service
Set-Item AllowUnencrypted $True
cd .\Auth
Set-Item Basic $True
我还把目标服务器加入了源域服务器的受信任主机列表中:
cd WSMan:\localhost\Client
Set-Item TrustedHosts servername.destination.com
这样做之后,错误信息发生了改变,但是并没有提供太多有用的信息:
PS WSMan:\localhost\Client> Invoke-Command -ScriptBlock {Get-Service} -ComputerName "servername.destination.com" -Creden
tial $Credentials -Authentication "Basic"
[servername.destination.com] Connecting to remote server failed with the following error message : Access is denied. Fo
r more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
我还尝试使用域管理员凭据,通过-Credential(Get-Credential),但是这也遇到了相同的问题。
我尝试使用的用户是服务器上本地管理员用户组的成员,因此权限应该已经设置在PSSessionConfiguration容器上。
我希望能得到任何进一步的指针!我本来想使用WMI,但目前防火墙不支持它。