是否可以通过具有证书授权的 WinRm 连接到 Powershell Just Enough Administration (JEA) 端点?
当RunAsVirtualAccount = $true ??
来源:Windows Server 2019 Std 目标:Windows Server 2019 Std,同一子网,工作组,FW 关闭。
当RunAsVirtualAccount = $false并且端点配置了RunAsAccount (Local admin) 和身份验证证书或登录名/密码.... 连接正常
当RunAsVirtualAccount = $True和身份验证类型 -登录名/密码。... 连接正常
当RunAsVirtualAccount = $true和身份验证类型 -证书指纹...连接失败!!!出现错误:
PS C:\Windows\system32> enter-PSSession -CertificateThumbprint f0ee9dc3344f05673fc6e134bteeb2764ee00d7 -ComputerName hqtstweb3.contoso.com -SessionOption $SessionOptions -UseSSL -ConfigurationName GetUpdatesDMZ
enter-PSSession : Connecting to remote server hqtstweb3.contoso.com failed with the following error message : An internal error occurred. For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:1 + enter-PSSession -CertificateThumbprint f0ee9dc3344f05673fc6e134b24eeb ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (hqtstweb3.contoso.com:String) [Enter-PSSession], PSRemotingTransportException + FullyQualifiedErrorId : CreateRemoteRunspaceFailed
目标服务器上的事件:
The WSMan service could not launch a host process to process the given request. Make sure the WSMan provider host server and proxy are properly registered. Error code 1359
.
$SessionOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -OperationTimeout 360000
PsSession 配置文件: https ://drive.google.com/file/d/1imnUg706_J-cjpE68pYu0AXqzhRydu_p/view