Server Core Remoting with Credssp

PowerShell Help
1

Hello,

Is there any known issue with using credssp auth from a 2016 Core as the client remoting to a 2008 R2 as the server? the 2008 box is delegated from the Core client.

I am getting the following error…

Connecting to remote server SERVER2008 failed with the following error
message : The request is not supported. For more information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (SERVER2008:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : 50,PSSessionStateBroken

I am able to remote with credssp from the 2016 Core to another 2016 Core.

I am able to remote with kerberos auth from the same 2016 Core server to the 2008 R2 server.

I am able to remote with credssp from a Win10 client to the same 2008 R2 server.

Thanks!
Jon

2

Nothing I’ve heard of. You did the sensible thing in that last check, because otherwise I’d say “make sure CredSSP is enabled.” We’ll see if anyone else jumps in.

FWIW, CredSSP has been a bit of a hassle for several older versions of Windows, largely around RDP, which also uses it. The general recommendation these days is to set up Kerberos delegation instead.

3

Check out this article from Ashley McGlone
PowerShell Remoting Kerberos Double Hop Solved Securely

4

Thank you for the suggestions. Not sure if the root cause may be some hardening setting as I tried a different 2008R2 system with the same results.

Unfortunately, Kerberos constrained delegation is out as we, , don’t have the infrastructure to support it yet.

I’ll be going the $using:creds route since this is a one-off use case.

Life will be so much easier once 2008 hits end of support…Thanks again!