PowerShell双跳问题
我正在尝试在SYSTEM1上运行PowerShell脚本,它在SYSTEM2上执行robocopy,将文件复制到SYSTEM3、4、5等 SYSTEM1和SYSTEM2位于同一个域上,但SYSTEM2不在防火墙后面(因此需要从SYSTEM2而不是SYSTEM1运行robocopy) 系统3、4、5与系统2位于不同的域上,并且彼此位于不同的域上 我这样设置脚本(它使用netuse命令提示用户输入不同域的凭据): 但是,输入凭据后,net use命令返回错误:PowerShell双跳问题,powershell,net-use,Powershell,Net Use,我正在尝试在SYSTEM1上运行PowerShell脚本,它在SYSTEM2上执行robocopy,将文件复制到SYSTEM3、4、5等 SYSTEM1和SYSTEM2位于同一个域上,但SYSTEM2不在防火墙后面(因此需要从SYSTEM2而不是SYSTEM1运行robocopy) 系统3、4、5与系统2位于不同的域上,并且彼此位于不同的域上 我这样设置脚本(它使用netuse命令提示用户输入不同域的凭据): 但是,输入凭据后,net use命令返回错误: The network connect
The network connection could not be found.
+ CategoryInfo : NotSpecified: (The network con...d not be found.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : SYSTEM2
More help is available by typing NET HELPMSG 2250.
System error 55 has occurred.
+ CategoryInfo : NotSpecified: (System error 55 has occurred.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : SYSTEM2
The specified network resource or device is no longer available.
[SYSTEM3] Connecting to remote server failed with the following error message : WinRM cannot process the request. The
following error occured while using Kerberos authentication: There are currently no logon servers available to service
the logon request.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
+ PSComputerName : SYSTEM2
The network connection could not be found.
+ CategoryInfo : NotSpecified: (The network con...d not be found.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : SYSTEM2
More help is available by typing NET HELPMSG 2250.
我已经读到这可能是一个“双跳”问题(如详细所述),但我不确定如何编辑脚本以使用CredSSP而不是Kerberos(或者这是否是问题)
有什么想法吗?发布此解决方案,以防有人在不使用CredSSP的情况下对DoubleHop的简单解决方案仍有问题 试试这个: 它调用PSSession,然后使用您提供的凭据注册PSSessionConfiguration。基本上是提供双跳的凭证
然后将Invoke命令用于新的PSSession。它应该具有执行所需操作所需的权限。尝试在另一端调用调用robocopy的脚本,而不是尝试执行命令。每个系统上的凭据是否也相同?在调用命令时,尝试添加
-Authentication-Credssp
@Logic-每个系统上的凭据不同@Hill-添加时没有运气。我们为此尝试了很多不同的方法,但都没有成功,于是放弃了。希望将来有人能找到答案。
The network connection could not be found.
+ CategoryInfo : NotSpecified: (The network con...d not be found.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : SYSTEM2
More help is available by typing NET HELPMSG 2250.
System error 55 has occurred.
+ CategoryInfo : NotSpecified: (System error 55 has occurred.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : SYSTEM2
The specified network resource or device is no longer available.
[SYSTEM3] Connecting to remote server failed with the following error message : WinRM cannot process the request. The
following error occured while using Kerberos authentication: There are currently no logon servers available to service
the logon request.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
+ PSComputerName : SYSTEM2
The network connection could not be found.
+ CategoryInfo : NotSpecified: (The network con...d not be found.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
+ PSComputerName : SYSTEM2
More help is available by typing NET HELPMSG 2250.