1

我尝试了以下命令来启用 CredSSP:

Enable-WSManCredSSP -Role Client -DelegateComputer *.domain.local -Force

Enable-WSManCredSSP :无法执行此命令,因为无法启用该设置。

我该如何克服这个错误?我究竟做错了什么?这个错误的原因是什么?

获取 WSManCredSSP

计算机未配置为允许委派新凭据。此计算机配置为从远程客户端计算机接收凭据。

winrm 获取 winrm/配置

Config
    MaxEnvelopeSizekb = 500
    MaxTimeoutms = 60000
    MaxBatchItems = 32000
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = false
        Auth
            Basic = true
            Digest = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = true [Source="GPO"]
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts = *.XXX.local [Source="GPO"]
    Service
        RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
        MaxConcurrentOperations = 4294967295
        MaxConcurrentOperationsPerUser = 1500
        EnumerationTimeoutms = 240000
        MaxConnections = 300
        MaxPacketRetrievalTimeSeconds = 120
        AllowUnencrypted = false
        Auth
            Basic = false
            Kerberos = true
            Negotiate = true
            Certificate = false
            CredSSP = true [Source="GPO"]
            CbtHardeningLevel = Relaxed
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        IPv4Filter = *
        IPv6Filter = *
        EnableCompatibilityHttpListener = false
        EnableCompatibilityHttpsListener = false
        CertificateThumbprint
        AllowRemoteAccess = true
    Winrs
        AllowRemoteShellAccess = true
        IdleTimeout = 7200000
        MaxConcurrentUsers = 10
        MaxShellRunTime = 2147483647
        MaxProcessesPerShell = 25
        MaxMemoryPerShellMB = 1024
        MaxShellsPerUser = 30
4

2 回答 2

0

您是否使用 GPO 创建 WinRM 侦听器?

您需要为 WinRM 客户端策略启用 Allow Delegating Fresh Credentials 并添加带有 WSMAN 前缀的 SPN。

于 2014-07-23T16:16:26.737 回答
0

还有另一种方法我在将近两周的时间里解决这个问题,现在我知道有时你可能会遇到命令问题Enable-WSManCredSSP -Role client -DelegateComputer "my host"

这是因为即使您以管理员身份运行 PowerShell,命令也无权进行注册表编辑。我认为这是 Microsoft 错误,我将为 MS 支持创建一张票

但是有解决方法,您可以通过此脚本来完成

https://github.com/bolvua/Enable-WSManCredSSP

于 2018-11-07T19:09:03.617 回答