windows-server-2008 – Powershell使用CNAME远程连接到服务器,
我试图让Power
Shell远程处理与服务器一起使用它的CNAME而不是计算机名.本地和远程计算机都位于同一网络和域中.
我启用了PowerShell远程处理,它可以正常使用计算机名称.我已将TrustedHosts设置为CNAME,并为CNAME添加了SPN,但是当我发出Enter-PSSession CNAME时,我得到以下内容: Enter-PSSession : Connecting to remote server CNAME failed with the following error message : WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer CNAME. Verify that the computer exists on the network and that the name provided is spelled correctly. For more information,see the about_Remote_Troubleshooting Help topic. 执行setspn -l COMPUTERNAME给了我这个: Registered ServicePrincipalNames for CN=COMPUTERNAME,OU=SERVERS,DC=COMPANY,DC=private: WSMAN/CNAME WSMAN/COMPUTERNAME WSMAN/COMPUTERNAME.local TERMSRV/COMPUTERNAME TERMSRV/COMPUTERNAME.local HOST/COMPUTERNAME HOST/COMPUTERNAME.local 通过CNAME启用访问还需要什么?
我为解决这个问题所做的是为Enter-PSSession创建一个代理函数,为我解析CNAME.这可能不适用于您的情况,具体取决于您需要使用CNAME的原因,但这对我有用.
有关代理PowerShell功能的详细信息:http://www.windowsitpro.com/blog/powershell-with-a-purpose-blog-36/windows-powershell/powershell-proxy-functions-141413 全功能: function Enter-PSSession { [CmdletBinding(DefaultParameterSetName='ComputerName')] param( [Parameter(ParameterSetName='ComputerName',Mandatory=$true,Position=0,ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)] [Alias('Cn')] [ValidateNotNullOrEmpty()] [string] ${ComputerName},[Parameter(ParameterSetName='Session',ValueFromPipelineByPropertyName=$true)] [ValidateNotNullOrEmpty()] [System.Management.Automation.Runspaces.PSSession] ${Session},[Parameter(ParameterSetName='Uri',Position=1,ValueFromPipelineByPropertyName=$true)] [Alias('URI','CU')] [ValidateNotNullOrEmpty()] [uri] ${ConnectionUri},[Parameter(ParameterSetName='InstanceId',ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [guid] ${InstanceId},[Parameter(ParameterSetName='Id',ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [int] ${Id},[Parameter(ParameterSetName='Name',ValueFromPipelineByPropertyName=$true)] [string] ${Name},[Parameter(ParameterSetName='Uri')] [Parameter(ParameterSetName='ComputerName')] [switch] ${EnableNetworkAccess},[Parameter(ParameterSetName='ComputerName',ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='Uri',ValueFromPipelineByPropertyName=$true)] [system.management.automation.pscredential] ${Credential},[Parameter(ParameterSetName='ComputerName')] [ValidateRange(1,65535)] [int] ${Port},[Parameter(ParameterSetName='ComputerName')] [switch] ${UseSSL},ValueFromPipelineByPropertyName=$true)] [string] ${ConfigurationName},ValueFromPipelineByPropertyName=$true)] [string] ${ApplicationName},[Parameter(ParameterSetName='Uri')] [switch] ${AllowRedirection},[Parameter(ParameterSetName='Uri')] [Parameter(ParameterSetName='ComputerName')] [ValidateNotNull()] [System.Management.Automation.Remoting.PSSessionOption] ${SessionOption},[Parameter(ParameterSetName='Uri')] [Parameter(ParameterSetName='ComputerName')] [System.Management.Automation.Runspaces.AuthenticationMechanism] ${Authentication},[Parameter(ParameterSetName='Uri')] [Parameter(ParameterSetName='ComputerName')] [string] ${CertificateThumbprint}) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer',[ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $PSBoundParameters['ComputerName'] = ([System.Net.Dns]::GetHostByName($PSBoundParameters['ComputerName'])).HostName $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand('Microsoft.PowerShell.CoreEnter-PSSession',[System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters } $steppablePipeline = $scriptCmd.GetSteppablePipeline($myInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } <# .ForwardHelpTargetName Enter-PSSession .ForwardHelpCategory Cmdlet #> } 我添加的唯一一行是: $PSBoundParameters['ComputerName'] = ([System.Net.Dns]::GetHostByName($PSBoundParameters['ComputerName'])).HostName 这只是在调用本机Enter-PSSession之前将CNAME解析为代理函数中的FQDN. 这允许我通过组策略在我的TrustedHosts中设置* .mydomain.local,我仍然可以使用“Enter-PSSession ShortName”或“Enter-PSSession CNAME”而不必混淆其他SPN等. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
- windows-server-2008 – 在VMware ESX上部署SQL Server 200
- 订阅到期后,MSDN Windows许可证仍然可以正常工作吗?
- Windows 10 如何使用「系统还原」功能备份系统状态和配置
- 在PowerShell中关闭所有资源管理器Windows
- 如何在64位Windows计算机上安装rJava与64位R一起使用?
- windows-7 – ms word文件的硬链接隐藏且未更新
- windows-server-2012 – 我的180天服务器2012评估的10天宽限
- 将本地化资源.DLL嵌入到C#中的可执行文件中?
- windows-server-2008 – 如何监控Adaptec / Intel ICH10R R
- 域名系统 – Windows Server 2008 R2 DNS – 将更改同步到T