23

My desktop is win7 and I am trying to connect to a server 2012.
Both hosts are on the same domain.

If I do:

Enter-PSSession -ComputerName *ServerName***

I get the following failure message from winrm

Enter-PSSession : Connecting to remote server xxx failed with the following error message : WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer xxx. Verify that the computer exists on the network and that the name provided is spelled correctly.*

It doesn't matter if I use just the server name or if I enter it fully qualified.

Both systems show $PSVersionTable.PSVersion 4 0 -1 -1

I have tried the various troubleshooting hints that I found i.e.
run Enable-PSRemoting -Force and also set TrustedHosts = * on both sides.
I also disabled the firewall service on both sides.
When I try to Enter-PSSession from the server to my desktop it works as desired.
But from my desktop to the server I always get the error message that the computer cannot be found.

AlexB
  • 7,302
  • 12
  • 56
  • 74
user333869
  • 549
  • 1
  • 4
  • 13

5 Answers5

10

After talking to our domain admin I think I found the cause of the problem.
The server is in a resource domain which only has a one way trust to the main OU.
This explains why I can do PS remoting from the server to the clients but not vice versa.
I found that I can use the IP address with the -Credential option in my case though which isn't nice but an acceptable workaround.

user333869
  • 549
  • 1
  • 4
  • 13
  • 3
    Here is [a page](https://www.techtutsonline.com/windows-powershell-remoting/) with more details how to enable WinRM remoting between one way trusted domains (look under Configure PowerShell Remoting). Basically it's `Set-Item WSMan:\\localhost\client\TrustedHosts -Value -Concatenate -Force` – Stoinov Oct 11 '18 at 20:19
  • Thank you @Stoinov this one line made everything work! Perfect! To all others ..... -Value is the machine you want to connect to. Run this line 1st then run your Invoke-Command. Thanks again! – Sim2K Jul 23 '19 at 12:19
7

This is most likely caused by your netbios name being different from the server's hostname. Try to connect with the netbios name instead.

  • Determine the correct name by running the following command in powershell:

"$env:COMPUTERNAME.$env:USERDNSDOMAIN"

Ian Collins
  • 71
  • 1
  • 1
  • This led me to my solution..I was originally trying with a DNS name but it only worked when I used the computer name (even through the DNS resolves to that computer) – sonyisda1 Aug 22 '18 at 21:07
  • 3
    This is only correct if your user is in the same domain as the machine, in my case it is not. The correct command to get the server domain is: (Get-CimInstance -class Win32_ComputerSystem | % {$_.Name+'.'+$_.Domain}) – Justin Dec 21 '18 at 18:27
2

In my case DNS was was pointing to the right IP yet there wase a typo in the hostname so basicaly the parameter -Computername and the actual hostname didn't match.

yaro137
  • 21
  • 3
  • Yes, this. Just had a very similar problem. Wasn't DNS but rather that the hostname was longer than 15-characters, which is the NETBIOS limit! Shorted it to 15 characters and all Enter-PSSession worked. – SamAndrew81 Aug 02 '18 at 21:46
1

run winrm quickconfig from a powershell session on the remote machine

Douglas Tripple
  • 13
  • 5
  • 2
    "PS C:\Windows\system32> winrm quickconfig" gives: WinRM service is already running on this machine. WinRM is already set up for remote management on this computer. But `Enter-PSSession` still gives the same error message. I have found that the problem does not exist on a VM which I have setup for test purposes but on my actual physical desktop. I am still looking for hints to troubleshoot the problem as the error message doesn't give me any valuable clue. – user333869 Jun 09 '15 at 07:46
1

I know its very late but i am putting my fix to the few sites that experienced the same issue.

For me it was a duplicate computer name in the root domain. I found it by running setspn -f -q */servername. This popped up the server name in multiple domains. deleting the invalid machine from the root AD and root dns, and i was up and running.

karatedog
  • 2,508
  • 19
  • 29
Adi Feldgajer
  • 11
  • 1