Winrm

Winrm

关注
发信
关注(28)粉丝(399)

powershell - New-PSSession在本地不起作用

我正在尝试使用New-PSSession连接到本地主机。

我有

  • 使用以下命令配置WinRM
    winrm quickconfig
  • 启用PS远程处理
    Enable-PSRemoting
  • 添加了受信任的主机
    Set-Item WSMan:\localhost\Client\TrustedHosts * -Force
  • 防火墙的8173端口上有入站规则。
    • winrm的输出:
    PS C:\> winrm get winrm/config/listener?Address=*+Transport=HTTP
Listener
    Address = *
    Transport = HTTP
    Port = 8173
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    Listening on = 127.0.0.1

    我正在尝试运行以下命令:
    New-PSSession -ConnectionUri http://localhost:8173/WSMAN

    但是我得到这个错误:
    [localhost] Processing data from remote server failed with the following error message:
Error with error code 14 occurred while calling method WSManPluginReceiveResult. For
more information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException
    + FullyQualifiedErrorId : PSSessionOpenFailed

    编辑:

    我唯一看到的额外事情是网络已连接到公共(public)网络
    $ listenerport =“8173”
    winrmwinrm create winrm/config/Listener?Address = * + Transport = HTTP“@ {Port =” $ listenerport "}“
    C:\>winrm get winrm/config
Config
    MaxEnvelopeSizekb = 1039440
    MaxTimeoutms = 60000
    MaxBatchItems = 32000
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = true
        Auth
            Basic = true
            Digest = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = false
        DefaultPorts
            HTTP = 8173
            HTTPS = 5986
        TrustedHosts = *
    Service
        RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-2458768215-3945602940-3262220185-1045)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
        MaxConcurrentOperations = 4294967295
        MaxConcurrentOperationsPerUser = 500
        EnumerationTimeoutms = 60000
        MaxConnections = 25
        MaxPacketRetrievalTimeSeconds = 120
        AllowUnencrypted = true
        Auth
            Basic = true
            Kerberos = false
            Negotiate = true
            Certificate = true
            CredSSP = false
            CbtHardeningLevel = Relaxed
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        IPv4Filter = *
        IPv6Filter = *
        EnableCompatibilityHttpListener = false
        EnableCompatibilityHttpsListener = false
        CertificateThumbprint
    Winrs
        AllowRemoteShellAccess = true
        IdleTimeout = 180000
        MaxConcurrentUsers = 5
        MaxShellRunTime = 2147483647
        MaxProcessesPerShell = 15
        MaxMemoryPerShellMB = 150
        MaxShellsPerUser = 5


PS C:\> Get-PSSessionConfiguration microsoft.powershell | fl *


xmlns            : http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration
Name             : Microsoft.PowerShell
Filename         : %windir%\system32\pwrshplugin.dll
SDKVersion       : 1
XmlRenderingType : text
lang             : en-US
PSVersion        : 2.0
ResourceUri      : http://schemas.microsoft.com/powershell/Microsoft.PowerShell
SupportsOptions  : true
ExactMatch       : true
Capability       : {Shell}
Permission       :

Administrators group have permission as I see in the window popup (Set-PSSessionConfiguration -Name Microsoft.PowerShell -showSecurityDescriptorUI)

    编辑2:

    最佳答案

    通过消除过程,我们可以排除防火墙问题,因为您仅连接到回送地址(127.0.0.1)。我们还可以排除看起来不错的WinRM配置。

    该错误消息表明与http://localhost:8173/WSMAN的TCP连接实际上是成功的,但是在建立PS session 时会发生错误。

    这指向Microsoft.PowerShell session 配置。

    看起来您在查看时的权限存在差异

    Set-PSSessionConfiguration -Name Microsoft.PowerShell -showSecurityDescriptorUI

    以及实际分配给Microsoft.PowerShell的权限。
    输出
    Get-PSSessionConfiguration microsoft.powershell | fl *

    应该具有列出的“SecurityDescriptorSddl”和“Permission”属性。像这样:
    Name                   : microsoft.powershell
Filename               : %windir%\system32\pwrshplugin.dll
SDKVersion             : 1
XmlRenderingType       : text
lang                   : en-US
PSVersion              : 2.0
ResourceUri            : http://schemas.microsoft.com/powershell/microsoft.powershell
SupportsOptions        : true
Capability             : {Shell}
xmlns                  : http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration
Uri                    : http://schemas.microsoft.com/powershell/microsoft.powershell
ExactMatch             : true
SecurityDescriptorSddl : O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
Permission             : BUILTIN\Administrators AccessAllowed

    尝试删除并重新分配这些权限。

    编辑:

    根据您提供的信息,这不是主要问题。我还注意到WinRM服务设置中有非标准的“RootSDDL”。
    RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;S-1-5-21-2458768215-3945602940-3262220185-1045)(AU;SA;GWGX;;;WD)

    默认情况下,这应该是
    RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)

    我已经在测试VM上重新创建了该文件,但Remoting仍然有效。因此,我再次查看了您的WinRM配置...

    解决方案

    你的问题是这条线
    MaxEnvelopeSizekb = 1039440

    通过设置此值,我可以复制您遇到的问题。我建议将其设置为更合理的值或默认值。
    winrm set winrm/config '@{MaxEnvelopeSizekb="150"}'

    将解决您的问题。

    关于powershell - New-PSSession在本地不起作用,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/30439760/

    10-13 05:47
    Powered by LMLPHP ©2024 Winrm 0.032385