Friday, December 14, 2012

Error configuring CredSSP

I was trying to configure CredSSP from a Windows 8 machine to Windows Server 2008 R2, but ran into the issue below:
C:\Windows\system32> Enable-WSManCredSSP -Role Client -DelegateComputer remotepc

CredSSP Authentication Configuration for WS-Management
CredSSP authentication allows the user credentials on this computer to be sent to a remote computer. If you use CredSSP
 authentication for a connection to a malicious or compromised computer, that computer will have access to your user
name and password. For more information, see the Enable-WSManCredSSP Help topic.
Do you want to enable CredSSP authentication?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"):
Enable-WSManCredSSP : The client cannot connect to the destination specified in the request.
Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation
for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM
service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".

At line:1 char:1
+ Enable-WSManCredSSP -Role Client -DelegateComputer COMPUTER
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.String[]:String[]) [Enable-WSManCredSSP], InvalidOperationExce
    + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.EnableWSManCredSSPCommand
I was baffled for a while, since WinRM was correctly configured on the remote PC. However, procmon showed that the local command was trying to connect to port 47001 on my local machine, which is the local WinRM service. After starting my local WinRM service, everything worked correctly.


Post a Comment