I recently had PowerShell working perfectly with CredSSP, but now every time I try to establish a remoting session using CredSSP, I'm getting the following error:
Enter-PSSession : Connecting to remote server server01.contoso.com failed with the following error message : The WinRM
client received an HTTP server error status (500), but the remote service did not include any other information about
the cause of the failure. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession -ComputerName server01.contoso.com -Credential $cred -Authentication C …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (server01.contoso.com:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
I've tried resetting the winrm service using winrm invoke restore winrm/config
I've tried disabling PowerShell remoting, disabling CredSSP (client and server), re-enabling PowerShell remoting, re-enabling CredSSP, disabling any GPOs related to configuring WinRM and credential delegation, and nothing has worked. Is there any way to dig into this further to figure out what's going on?
This is affecting all Windows Server 2012 systems in my lab environment, which are obviously running PowerShell v3.
In the client side, I'm seeing this in the Windows Remote Management event log: WSMan operation CreateShell failed, error code 2150859120
Configure Server
Disable-PSRemoting -Force;
Disable-WsmanCredssp -Role Client;
Disable-WsmanCredssp -Role Server;
Enable-PSRemoting -Force;
Set-WSmanQuickConfig -UseSSL -Force;
Enable-WsmanCredSSP -Role Server -Force;
Configure Client
Disable-PSRemoting -Force;
Disable-WsmanCredssp -Role Client;
Disable-WsmanCredssp -Role Server;
Enable-PSRemoting -Force;
Set-WSmanQuickConfig -UseSSL -Force;
Enable-WsmanCredssp -Role Client -DelegateComputer *.contoso.com -Force;
After configuring the client and server, run:
$cred = Get-Credential;
Enter-PSSession -ComputerName server.contoso.com -Credential $cred -Authentication CredSSP;
That reproduces the error consistently.
Best Answer
I think I may have found the issue.
I'd originally been running into problems with the HTTPS listener. I wanted to use an explicit IP but this is only available when using SSL. Setting up the SSL listener with the following:
or
would configure the listener on the server but would still fail when connecting from the client with the
-UseSSL
parameter.I gave up on the IPs and returned to using machine names. I left the attempts to set HTTPS in the script but ran into the issues you were having with the 500 responses when using
Credssp
for authentication.Finally, I decided to try one thing at a time. As soon as I removed the HTTPS settings, things worked!
My full script looks like this:
It's certainly not ideal,, but I hope it helps.