unable to connect remotely with powershell to a non domain pc

Question

_{Thursday, February 13, 2020 4:59 AM}

Hello,
I have 2 win10 pcs both connected to the same switch/router combo (a netgear n-750).
They can ping each other, and i can use the windows "map a network drive" option from each pc to each pc.
But when i enter this at the power shell prompt, i get this error:

PS C:\ New-PSSession -ComputerName win10-pc1
New-PSSession : [win10-pc1] Connecting to remote server win10-pc1 failed with the following error message : WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer win10-pc1. Verify that the computer exists on the network and that the name provided is spelled correctly.
For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1

• New-PSSession -ComputerName win10-pc1

    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : NetworkPathNotFound,PSSessionOpenFailed

...
I have tried many things from many documents ive found online, but nothing seems to fix the problem i'm having.
I also have a win2016 server, and i can log into the server/domain from each of the 2 win10 pcs, and when either pc is logged into the domain, then the powershell remote options work almost normally.
Almost meaning that the powershell ISE will connect normally, but then if i run any command i will get a different error: 

Remote host method get_WindowSize is not implemented.

But if i run the regular powershell window, all of the commands work normally.
the regular powershell I have does not have the same 'intellisence' that the ISE version does, and that makes it much harder to use.
The problems while logged into the domain are probably caused by different things (but i wanted to include that in case they are related), and my main goal (aside from understanding how powershell remoting works and can be configured) is to connect remotely to pcs that are not part of a domain.
I feel I am missing something very fundamental.
If anyone can help or point me in the right direction, I would be extremely grateful.
thank you
-Michael

..

All replies (9)

_{Friday, February 14, 2020 4:22 AM}

HI
I am researching your issue ,thanks for your waiting.

Best Regards
Andy YOU
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].

_{Saturday, February 15, 2020 4:08 AM}

that's great, thank you

_{Saturday, February 15, 2020 3:43 PM}

HI
thanks for your reply.

1.can you enter winver in command prompt on both win10 computers and look the os version and os version number ?[for example windows 10  enterprise 1809 (os build 17763.316)]
  are only remote win10 joined AD domain or only local win10 joined AD domain?
  are w2016 server joined AD the same domain as one of the win10 computer ?

2."WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer win10-pc1"
is there any enent log about your issue in 
windows log\application 
windows log\system
applications and services log\microsoft\winodws\windows remote managment\operational
Troubleshoot WinRM with PowerShell—Part 1
https://devblogs.microsoft.com/scripting/troubleshoot-winrm-with-powershellpart-1/

3."I also have a win2016 server, and i can log into the server/domain from each of the 2 win10 pcs, and when either pc is logged into the domain,"
do you mean you can remote access  to win2016 server successfully by using below powershell command on both win10 client?
New-PSSession -ComputerName win2016

4."my main goal (aside from understanding how powershell remoting works and can be configured) is to connect remotely to pcs that are not part of a domain."
i think we can also post 3 problems in Windows PowerShell forum.
https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverpowershell

Best Regards
Andy YOU
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].

_{Wednesday, February 19, 2020 4:27 AM}

HI
have you solved your issue?

Best Regards
Andy YOU
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].

_{Tuesday, February 25, 2020 2:43 AM}

hello Andy, 

1000 pardons for my delay, Im also looking for a job, and I was very sidetracked on some opportunities, some of which were for naught and im still waiting on others.

no, this is not solved yet.

Thank you very much for your replies, i am going to get back to this tomorrow as I am totally wiped out and tired at the moment, but I cannot wait to pick this problem up again.

thank you very much again for your replies (I must stop letting any posts go unanswered for so long!)

-michael

_{Thursday, February 27, 2020 1:25 AM}

Hello Andy,

Thank you, too, for waiting / being asynchronous at times...

I gathered this extra info from these pcs.

note: I put the wrong pc name's stuff in my first post, but the same errors happen with the correct computer name.

To 'refresh' the pc names and the errors:

The full names of the 2 pcs I am using are win10-pc2 and home-pc4.

To make it easier to type, I usually refer to them as just pc2 and pc4, but their full names appear in errors and what not.

the win2016 server pc name is server2

:::::::::::::::::::::::::::::

regrading question 1, the pc's os versions:

pc2, winver says this: windows 10, version 1909, os build 18363.657

pc4, winver says this: windows 10, version 1903, os build 18362.657

:::::::::::::::::::::::::::::

regrading question 1, the domain questions:

I don’t understand exactly what your asking, but I think this is on the right path:

Both pc2 and pc4 are able to log into the win2016 domain, which is called d2.local.

When I open the system properties screen for both pcs, it says the full computer names are "win10-pc2.d2.local" and "home-pc4.d2.local".

But, for this problem/test, I am logging into each pc locally with local user accounts (not the domain user accounts that I use when I log into the domain), and currently the local user accounts have admin rights.

:::::::::::::::::::::::::::::

regarding question 2, is there anything in the event logs:

-I looked in these logs:

=====

applications and services log\microsoft\winodws\windows remote managment\operational

-every time I try to connect, I get the same sequence of 19 events

-I used this powershell statement to get this list (that is a dynamite article you put the link to in your reply!)

PS C:\ Get-WinEvent -LogName Microsoft-Windows-WinRM/Operational | Select-Object -first 19 | Format-list

TimeCreated  : 2/26/2020 6:34:16 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 30

Message      : Deinitialization of WSMan API completed successfuly

TimeCreated  : 2/26/2020 6:34:16 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 33

Message      : Closing WSMan Session completed successfuly

TimeCreated  : 2/26/2020 6:34:16 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 4

Message      : Deinitializing WSMan API

TimeCreated  : 2/26/2020 6:34:16 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 8

Message      : Closing WSMan Session

TimeCreated  : 2/26/2020 6:34:16 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 16

Message      : Closing WSMan shell

TimeCreated  : 2/26/2020 6:34:16 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 142

Message      : WSMan operation CreateShell failed, error code 53

TimeCreated  : 2/26/2020 6:34:16 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 161

Message      : WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer win10-pc2.

               Verify that the computer exists on the network and that the name provided is spelled correctly.

TimeCreated  : 2/26/2020 6:34:13 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 11

Message      : Creating WSMan shell with the ResourceUri: http://schemas.microsoft.com/powershell/Microsoft.PowerShell and ShellId:

               3D2EC776-1EE8-4CD5-873B-D08649ADEAB1

TimeCreated  : 2/26/2020 6:34:13 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 10

Message      : Setting WSMan Session Option (16) - WSMAN_OPTION_TIMEOUTMS_SIGNAL_SHELL with value (60000) completed successfully.

TimeCreated  : 2/26/2020 6:34:13 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 10

Message      : Setting WSMan Session Option (17) - WSMAN_OPTION_TIMEOUTMS_CLOSE_SHELL with value (60000) completed successfully.

TimeCreated  : 2/26/2020 6:34:13 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 10

Message      : Setting WSMan Session Option (12) - WSMAN_OPTION_TIMEOUTMS_CREATE_SHELL with value (180000) completed successfully.

TimeCreated  : 2/26/2020 6:34:13 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 10

Message      : Setting WSMan Session Option (1) - WSMAN_OPTION_DEFAULT_OPERATION_TIMEOUTMS with value (180000) completed successfully.

TimeCreated  : 2/26/2020 6:34:13 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 10

Message      : Setting WSMan Session Option (25) - WSMAN_OPTION_LOCALE with value (en-US) completed successfully.

TimeCreated  : 2/26/2020 6:34:13 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 10

Message      : Setting WSMan Session Option (26) - WSMAN_OPTION_UI_LANGUAGE with value (en-US) completed successfully.

TimeCreated  : 2/26/2020 6:34:13 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 10

Message      : Setting WSMan Session Option (34) - WSMAN_OPTION_USE_INTEARACTIVE_TOKEN with value (0) completed successfully.

TimeCreated  : 2/26/2020 6:34:13 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 31

Message      : WSMan Create Session operation completed successfuly

TimeCreated  : 2/26/2020 6:34:13 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 6

Message      : Creating WSMan Session. The connection string is: win10-pc2/wsman?PSVersion=5.1.18362.628

TimeCreated  : 2/26/2020 6:34:13 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 29

Message      : Initialization of WSMan API completed successfuly

TimeCreated  : 2/26/2020 6:34:13 PM

ProviderName : Microsoft-Windows-WinRM

Id           : 2

Message      : Initializing WSMan API

PS C:\

=====

- windows log\application :

-I could not find any log entries after the time stamp of 6:25pm

- since the winrm log events all started at 6:34, im thinking there are no events for this is the application log

=====

- windows log\system :

- I could not find any log entries after the time stamp of 6:33pm (and that was a group policy eventid 1501 that said it was successfull )

- since the winrm log events all started at 6:34, im thinking there are no events for this is the application log

::::::::::::::::::::::::::::

regarding question 3:

yes, when each of the win10 pcs (pc2 and pc4) are logged into the win2016 server (pc name is server2), they are able to connect remotely to the server with powershell (I re-tested this so these responses are accurate, but I only re-tested pc2)

eg, from pc2, I can connect remotely to server2 with this command:

enter-pssession -computername server2

also, when pc2 is logged into the domain, suddenly it can powershell remote to pc4 while pc4 is not logged into the domain.

and, pc4 while not logged into the domain still cannot powershell remote to pc2.

::::::::::::::::::::::::::::

im not sure if this sheds light on this cause, eg i noted the "sourceofvalue" value changes when the pc logs into the domain.

on pc4, which is not logged into the domain, I ran this command, and got this response:

PS C:\ Get-Item -Path WSMan:\localhost\Client\TrustedHosts | Format-List *

PSPath            : Microsoft.WSMan.Management\WSMan::localhost\Client\TrustedHosts

PSParentPath      : Microsoft.WSMan.Management\WSMan::localhost\Client

PSChildName       : TrustedHosts

PSDrive           : WSMan

PSProvider        : Microsoft.WSMan.Management\WSMan

PSIsContainer     : False

SourceOfValue     : GPO

Value             : win10-pc2

Name              : TrustedHosts

TypeNameOfElement : System.String

Type              : System.String

then, on pc2, which is logged into the domain, I ran the same command, and got this response:

PS C:\ Get-Item -path WSMan:\localhost\Client\TrustedHosts | Format-List *

PSPath            : Microsoft.WSMan.Management\WSMan::localhost\Client\TrustedHosts

PSParentPath      : Microsoft.WSMan.Management\WSMan::localhost\Client

PSChildName       : TrustedHosts

PSDrive           : WSMan

PSProvider        : Microsoft.WSMan.Management\WSMan

PSIsContainer     : False

SourceOfValue     :

Value             : *

Name              : TrustedHosts

TypeNameOfElement : System.String

Type              : System.String

::::::::::::::::::::::::::::

once again, help provided in forums like this is invaluable, so thank you (again) in advance,

-michael

_{Tuesday, March 3, 2020 1:49 AM}

HI

from your description:
when you use domain account to logon both pc2 and pc4 ,you can use pc2 to remote access pc4 by using powershell. but when you use local account to logon pc2,you can not remote access pc4 by using powershell .
yes, i can reproduce this issue in my lab. i think the reason is below.
“Kerberos is used when no authentication method and no user name are specified.
Kerberos accepts domain user names, but not local user names.”
basic solution is like below :
“Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.”

Message: Connecting to remote server failed with the following error message : WinRM cannot process the request. The following error occurred while using Kerberos authentication: The network path was not found.
Possible causes are:
The user name or password specified are invalid.
Kerberos is used when no authentication method and no user name are specified.
Kerberos accepts domain user names, but not local user names.
The Service Principal Name (SPN) for the remote computer name and port does not exist.
The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
Check the Event Viewer for events related to authentication.
event viewer\windows logs\applications and services logs\microsoft\windows\authentication
Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.

5.we can use below link method to verify your technet forum account so that you can post picture and website link.
https://social.technet.microsoft.com/Forums/en-US/5c00b9a9-3afe-4ee9-bbf0-34157716b92a/verify-my-account?forum=reportabug

Best Regards
Andy YOU
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].

_{Tuesday, March 3, 2020 11:03 AM}

HI
do you consider using below like powershell command when you logon local account on pc2 ,then we need to enter domain admin credential ?

new-PSSession -computername pc2 -credential domainname\itaccount

like picture:
wux2 added in AD domain 
wux3 added in AD domain
when i use local account (u10) to logon wux2 ,then run below powershell command ,i can new ps session on wux3.
new-PSSession -computername wux2 -credential printer\itaccount

Best Regards
Andy YOU
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].

_{Thursday, March 5, 2020 2:39 PM}

HI
Is there anything to help you?

Best Regards
Andy YOU
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].