PowerShell双跳问题_Powershell_Net Use

PowerShell双跳问题

powershell

PowerShell双跳问题,powershell,net-use,Powershell,Net Use,我正在尝试在SYSTEM1上运行PowerShell脚本，它在SYSTEM2上执行robocopy，将文件复制到SYSTEM3、4、5等 SYSTEM1和SYSTEM2位于同一个域上，但SYSTEM2不在防火墙后面（因此需要从SYSTEM2而不是SYSTEM1运行robocopy）系统3、4、5与系统2位于不同的域上，并且彼此位于不同的域上我这样设置脚本（它使用netuse命令提示用户输入不同域的凭据）：但是，输入凭据后，net use命令返回错误： The network connect

我正在尝试在SYSTEM1上运行PowerShell脚本，它在SYSTEM2上执行robocopy，将文件复制到SYSTEM3、4、5等

SYSTEM1和SYSTEM2位于同一个域上，但SYSTEM2不在防火墙后面（因此需要从SYSTEM2而不是SYSTEM1运行robocopy）

系统3、4、5与系统2位于不同的域上，并且彼此位于不同的域上

我这样设置脚本（它使用netuse命令提示用户输入不同域的凭据）：

但是，输入凭据后，net use命令返回错误：

The network connection could not be found.
    + CategoryInfo          : NotSpecified: (The network con...d not be found.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
    + PSComputerName        : SYSTEM2

More help is available by typing NET HELPMSG 2250.
System error 55 has occurred.
    + CategoryInfo          : NotSpecified: (System error 55 has occurred.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
    + PSComputerName        : SYSTEM2

The specified network resource or device is no longer available.
[SYSTEM3] Connecting to remote server failed with the following error message : WinRM cannot process the request. The
following error occured while using Kerberos authentication: There are currently no logon servers available to service
the logon request.
Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (:) [], PSRemotingTransportException
    + FullyQualifiedErrorId : PSSessionStateBroken
    + PSComputerName        : SYSTEM2
The network connection could not be found.
    + CategoryInfo          : NotSpecified: (The network con...d not be found.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
    + PSComputerName        : SYSTEM2

More help is available by typing NET HELPMSG 2250.

我已经读到这可能是一个“双跳”问题（如详细所述），但我不确定如何编辑脚本以使用CredSSP而不是Kerberos（或者这是否是问题）

有什么想法吗？

发布此解决方案，以防有人在不使用CredSSP的情况下对DoubleHop的简单解决方案仍有问题

试试这个：

它调用PSSession，然后使用您提供的凭据注册PSSessionConfiguration。基本上是提供双跳的凭证

然后将Invoke命令用于新的PSSession。它应该具有执行所需操作所需的权限。

尝试在另一端调用调用robocopy的脚本，而不是尝试执行命令。每个系统上的凭据是否也相同？在调用命令时，尝试添加

-Authentication-Credssp

@Logic-每个系统上的凭据不同@Hill-添加时没有运气。我们为此尝试了很多不同的方法，但都没有成功，于是放弃了。希望将来有人能找到答案。

The network connection could not be found.
    + CategoryInfo          : NotSpecified: (The network con...d not be found.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
    + PSComputerName        : SYSTEM2

More help is available by typing NET HELPMSG 2250.
System error 55 has occurred.
    + CategoryInfo          : NotSpecified: (System error 55 has occurred.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
    + PSComputerName        : SYSTEM2

The specified network resource or device is no longer available.
[SYSTEM3] Connecting to remote server failed with the following error message : WinRM cannot process the request. The
following error occured while using Kerberos authentication: There are currently no logon servers available to service
the logon request.
Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (:) [], PSRemotingTransportException
    + FullyQualifiedErrorId : PSSessionStateBroken
    + PSComputerName        : SYSTEM2
The network connection could not be found.
    + CategoryInfo          : NotSpecified: (The network con...d not be found.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
    + PSComputerName        : SYSTEM2

More help is available by typing NET HELPMSG 2250.