任何人都无法通过Powershell远程处理来处理CNAMES或主机文件。
一种测试方法,针对本地主机创建PSsession以确保其正常工作...然后将主机记录命名为127.0.0.1,然后尝试针对该主机创建pssession。
我得到这种错误
[funkymonkey] Connecting to remote server failed with the following error message : WinRM cannot pr
ocess the request. The following error occured while using Kerberos authentication: The network pat
h was not found.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two d
omains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configu
ration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. F
or more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PS
RemotingTransportException
+ FullyQualifiedErrorId : PSSessionOpenFailed
最佳答案
如果NTLM不起作用,我认为您会被winsrv 2003 sp1 +中添加的回送检查内容所打击。您可以将CNAME添加到特殊的注册表项,该注册表项会将它们包括在异常(exception)列表中(该列表已经包含localhost)。
ps>新项目属性hklm:\ system \ currentcontrolset \ control \ Lsa \ MSV1_0
BackConnectionHostNames`
-propertyType多字符串-val“cname1”,“cname1.local”
有人只是通过设置一个双字DisableLoopbackCheck(google it)完全将其关闭(环回检查),但是您确实应该使用前一种方法将其控制得更紧,而不是采用惰性方法。
IIRC,此安全功能可防止称为“反射攻击”的特定类型的凭证盗窃。我不记得这种方法,但是我敢肯定您可以在网上找到它。
关于powershell - CNAMES,主机文件和PowerShell远程处理,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5252903/