gpt4 book ai didi

powershell - New-PSSession 在本地不起作用

转载 作者:行者123 更新时间:2023-12-03 10:47:35 26 4
gpt4 key购买 nike

我正在尝试使用 New-PSSession 连接到本地主机。

我有

  • 配置 WinRM 使用
    winrm quickconfig
  • 启用 PS 远程处理
    Enable-PSRemoting
  • 添加可信主机
    Set-Item WSMan:\localhost\Client\TrustedHosts * -Force
  • 防火墙的 8173 端口有入站规则。
  • winrm 的输出:
    PS C:\> winrm get winrm/config/listener?Address=*+Transport=HTTP
    Listener
    Address = *
    Transport = HTTP
    Port = 8173
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    Listening on = 127.0.0.1

    我正在尝试运行以下命令:
    New-PSSession -ConnectionUri http://localhost:8173/WSMAN

    但我收到此错误:
    [localhost] Processing data from remote server failed with the following error message:
    Error with error code 14 occurred while calling method WSManPluginReceiveResult. For
    more information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportException
    + FullyQualifiedErrorId : PSSessionOpenFailed

    编辑:

    我看到的唯一额外的事情是网络连接到公共(public)
    $listenerport = "8173"
    winrmwinrm 创建 winrm/config/Listener?Address=*+Transport=HTTP " @ {Port = "$listenerport " }"
    C:\>winrm get winrm/config
    Config
    MaxEnvelopeSizekb = 1039440
    MaxTimeoutms = 60000
    MaxBatchItems = 32000
    MaxProviderRequests = 4294967295
    Client
    NetworkDelayms = 5000
    URLPrefix = wsman
    AllowUnencrypted = true
    Auth
    Basic = true
    Digest = true
    Kerberos = true
    Negotiate = true
    Certificate = true
    CredSSP = false
    DefaultPorts
    HTTP = 8173
    HTTPS = 5986
    TrustedHosts = *
    Service
    RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-2458768215-3945602940-3262220185-1045)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
    MaxConcurrentOperations = 4294967295
    MaxConcurrentOperationsPerUser = 500
    EnumerationTimeoutms = 60000
    MaxConnections = 25
    MaxPacketRetrievalTimeSeconds = 120
    AllowUnencrypted = true
    Auth
    Basic = true
    Kerberos = false
    Negotiate = true
    Certificate = true
    CredSSP = false
    CbtHardeningLevel = Relaxed
    DefaultPorts
    HTTP = 5985
    HTTPS = 5986
    IPv4Filter = *
    IPv6Filter = *
    EnableCompatibilityHttpListener = false
    EnableCompatibilityHttpsListener = false
    CertificateThumbprint
    Winrs
    AllowRemoteShellAccess = true
    IdleTimeout = 180000
    MaxConcurrentUsers = 5
    MaxShellRunTime = 2147483647
    MaxProcessesPerShell = 15
    MaxMemoryPerShellMB = 150
    MaxShellsPerUser = 5


    PS C:\> Get-PSSessionConfiguration microsoft.powershell | fl *


    xmlns : http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration
    Name : Microsoft.PowerShell
    Filename : %windir%\system32\pwrshplugin.dll
    SDKVersion : 1
    XmlRenderingType : text
    lang : en-US
    PSVersion : 2.0
    ResourceUri : http://schemas.microsoft.com/powershell/Microsoft.PowerShell
    SupportsOptions : true
    ExactMatch : true
    Capability : {Shell}
    Permission :

    Administrators group have permission as I see in the window popup (Set-PSSessionConfiguration -Name Microsoft.PowerShell -showSecurityDescriptorUI)

    编辑 2: Permissions

    最佳答案

    通过排除过程,我们可以排除防火墙问题,因为您只连接到环回地址 (127.0.0.1)。我们也可以排除看起来不错的 WinRM 配置。

    该错误消息表明与 http://localhost:8173/WSMAN 的 TCP 连接实际上是成功的,但是在建立 PS session 时发生了故障。

    这指向 Microsoft.PowerShell session 配置。

    看起来您在查看时看到的权限存在差异

    Set-PSSessionConfiguration -Name Microsoft.PowerShell -showSecurityDescriptorUI 

    以及实际分配给 Microsoft.PowerShell 的权限。
    的输出
    Get-PSSessionConfiguration microsoft.powershell | fl *

    应该列出“SecurityDescriptorSddl”和“Permission”属性。像这样:
    Name                   : microsoft.powershell
    Filename : %windir%\system32\pwrshplugin.dll
    SDKVersion : 1
    XmlRenderingType : text
    lang : en-US
    PSVersion : 2.0
    ResourceUri : http://schemas.microsoft.com/powershell/microsoft.powershell
    SupportsOptions : true
    Capability : {Shell}
    xmlns : http://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration
    Uri : http://schemas.microsoft.com/powershell/microsoft.powershell
    ExactMatch : true
    SecurityDescriptorSddl : O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
    Permission : BUILTIN\Administrators AccessAllowed

    尝试删除并重新分配这些权限。

    编辑:

    根据您提供的信息,这不是主要问题。我还注意到您在 WinRM 服务设置中有一个非标准的“RootSDDL”。
    RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;S-1-5-21-2458768215-3945602940-3262220185-1045)(AU;SA;GWGX;;;WD)

    默认情况下,这应该是
    RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)

    我已经在测试虚拟机上重新创建了这个,远程处理仍然有效。所以我又看了一下你的 WinRM 配置......

    解决方案

    你的问题是这条线
    MaxEnvelopeSizekb = 1039440

    通过设置此值,我可以复制您遇到的问题。我建议将其设置为更合理的值或默认值。
    winrm set winrm/config '@{MaxEnvelopeSizekb="150"}'

    会解决你的问题。

    关于powershell - New-PSSession 在本地不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30439760/

    26 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com