Search code examples
securitypowershellpowershell-2.0powershell-remoting

Error Unknown security using Remote PSSession CredSSP

I have Windows 7 64 bits, and Powershell 2.0, and CredSSP enabled in client

Enable-WSManCredSSP -Role Client -DelegateComputer * -Force

I open Powershell Console, and I execute Enter-PSSession command to connect Windows 2008 Server using CredSSP authentication:

Enter-PSSession -Computername ServerMOSS -Authentication Credssp -Credential MyDomain\installerUser

I want execute Get-WSManCredSSP command remotely, but I get error: "... while using Negotiate authentication: An unknown security error occurred."

PS C:\Users\myUser> Enter-PSSession -Computername ServerMOSS -Authentication Credssp -Credential MyDomain\installerUser

[ServerMOSS]: PS C:\Users\installerUser\Documents> Get-WSManCredSSP

WinRM cannot process the request. The following error occured while using Negotiate authentication: An unknown security
 error occurred.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or us
e HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config.
    + CategoryInfo          :
    + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.GetWSManCredSSPCommand

[ServerMOSS]: PS C:\Users\installerUser\Documents> Exit-PSSession

IT departament execute this command in ServerMOSS:

PS C:\Users\installerUser\Documents> enabled-psremoting -force

and they get error:

WinRM already is set upt to receive requests on this machine
Set-WSManQuickConfig: WinRM cannot process the request. The following error occured while using Negotiate authentication: An unknown security error ocurred.

Any suggestions?

Solution

  • I am having the same issue. I have searched and found several times that checking/setting the SPNs can solve the issue:

    So try this: To review (read only)

    setspn.exe -L MACHINENAME

    Review the results for HTTP/HTTPS entries (or any duplicates as well)

    Add missing names:

    setspn -A HTTP/machinename
setspn -A HTTP/machinename.fqdn.com
setspn -A HTTPS/machinename
setspn -A HTTPS/machinename.fqdn.com

    Source: WinRM QuickConfig failing with 0x8033809D