I'm trying to get WSMan working using Basic authorizaion. I'm always getting Access Denied error. Kerberos authentiaction works fine.
Windows Remote Management service is running on Windows Server 2008 R2 in Domain A and has the following config:
Config MaxEnvelopeSizekb = 800 MaxTimeoutms = 600000 MaxBatchItems = 20 MaxProviderRequests = 4294967295 Client NetworkDelayms = 5000 URLPrefix = wsman AllowUnencrypted = false Auth Basic = true Digest = true Kerberos = true Negotiate = true Certificate = true CredSSP = false DefaultPorts HTTP = 5985 HTTPS = 5986 TrustedHosts = * Service RootSDDL = O:NSG:BAD:P(A;;GA;;;S-1-5-21-2516571543-3809851355-1508507046-1008)(A;;GA;;;BA)(A;;GAGXGWGR;;;S-1-5-21-3465154619-3242790773-2173928322-17804)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD) MaxConcurrentOperations = 4294967295 MaxConcurrentOperationsPerUser = 200 EnumerationTimeoutms = 600000 MaxConnections = 15 MaxPacketRetrievalTimeSeconds = 120 AllowUnencrypted = true Auth Basic = true Kerberos = true Negotiate = true Certificate = true CredSSP = true CbtHardeningLevel = Relaxed DefaultPorts HTTP = 5985 HTTPS = 5986 IPv4Filter = * IPv6Filter = * EnableCompatibilityHttpListener = false EnableCompatibilityHttpsListener = false CertificateThumbprint = ee cd g2 5e 61 ad d0 07 07 b7 77 95 ec 38 16 02df 7f 64 51 Winrs AllowRemoteShellAccess = true IdleTimeout = 180000 MaxConcurrentUsers = 5 MaxShellRunTime = 2147483647 MaxProcessesPerShell = 15 MaxMemoryPerShellMB = 150 MaxShellsPerUser = 5
I'm executing Test-WSMan on a Windows 7 workstation which is in domain B:
Test-WSMan -ComputerName https://server2008:5986 -Auth basic -Cred B\MY_USER_NAME
And getting the following error:
Test-WSMan : Access is denied. At line:1 char:11 + Test-WSMan -ComputerName https://server2008:5986 -Auth basic -Cred B\MY_USER_NAME + CategoryInfo : InvalidOperation: (https://server2008:5986:5986:String) [Test-WSMan], InvalidOperationException + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.TestWSManCommand
Note that the following command works fine:
Test-WSMan -ComputerName https://server2008:5986 -Auth kerberos
The following logs apear on Windows Server:
Error 6/22/2012 12:21:27 PM Windows Remote Management 168 User authentication General: Sending HTTP 401 response to the client and disconnect the connection after sending the response Details: Log Name: Microsoft-Windows-WinRM/Operational Source: Microsoft-Windows-WinRM Date: 6/22/2012 12:21:27 PM Event ID: 168 Task Category: User authentication Level: Error Keywords: Security,Server User: NETWORK SERVICE Computer: server2008 Description: Sending HTTP 401 response to the client and disconnect the connection after sending the response
Can someone help me to solve this issue? Is this a configuration issue or am I doing something wrong?
Thanks.
WinRM basic Auth does not honor domain. Basically you can only authenticate as a local user of the target machine