Share via

Error in Trusted Domain

  • Article

Question

Monday, June 15, 2015 12:43 PM

Dear

The following error occurs when I try to read a user from trusted domain.

get-aduser   srawther -server arrowdc.com
   

CategoryInfo          : NotSpecified: (srawther:ADUser) [Get-ADUser], AuthenticationException
   + FullyQualifiedErrorId : A call to SSPI failed, see inner exception.,Microsoft.ActiveDirectory.Management.Command
   s.GetADUser.

Please help...

All replies (4)

Monday, June 15, 2015 12:53 PM âś…Answered

Hi,

Does it work if you give your credentials to the powershell command ?

_____________________________________________

[string] $strUser = 'YOURDOMAIN\YOURUSERNAME'
[System.Security.SecureString] $strPass = ''xxxx"
$strPass = ConvertTo-SecureString -String "YourPassword" -AsPlainText -Force
$objCred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ($strUser, $strPass)

Get-ADUser srawther -Server arrowdc.com -Credential $objCred

 __________________________________

Monday, June 15, 2015 12:57 PM

Hi Sajuka,

looks like you have authentication trouble of some kind. Try reproducing the error, then enter:

$error[0].Exception | fl * -Force

Post a copy of what this shows you.

Cheers,
Fred

There's no place like 127.0.0.1

Monday, May 16, 2016 1:48 PM

Hi, Fred.

I have the same error.

Could you help, please.

Please find below the results of $error[0].Exception | fl * -Force

                                   

PS C:\Windows> $error[0].Exception | fl * -Force

Message        : A call to SSPI failed, see inner exception.
Data           : {}
InnerException : System.ServiceModel.Security.SecurityNegotiationException: A call to SSPI failed, see inner exception. > System.S
                 ecurity.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. > System.ComponentMod
                 el.Win32Exception: The system detected a possible attempt to compromise security. Please ensure that you can contact
                  the server that authenticated you
                    End of inner exception stack trace
                    at System.Net.Security.NegoState.StartSendAuthResetSignal(LazyAsyncResult lazyResult, Byte[] message, Exception e
                 xception)
                    at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
                    at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult)
                    at System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential credential, String targetName, Prot
                 ectionLevel requiredProtectionLevel, TokenImpersonationLevel allowedImpersonationLevel)
                    at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInit
                 iateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
                    End of inner exception stack trace

                 Server stack trace: 
                    at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInit
                 iateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
                    at System.ServiceModel.Channels.StreamSecurityUpgradeInitiatorBase.InitiateUpgrade(Stream stream)
                    at System.ServiceModel.Channels.ConnectionUpgradeHelper.InitiateUpgrade(StreamUpgradeInitiator upgradeInitiator, 
                 IConnection& connection, ClientFramingDecoder decoder, IDefaultCommunicationTimeouts defaultTimeouts, TimeoutHelper&
                  timeoutHelper)
                    at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.SendPreamble(IConnection connection, ArraySegme
                 nt`1 preamble, TimeoutHelper& timeoutHelper)
                    at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.DuplexConnectionPoolHelper.AcceptPooledConnecti
                 on(IConnection connection, TimeoutHelper& timeoutHelper)
                    at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
                    at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
                    at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
                    at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
                    at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
                    at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce
                 .Call(ServiceChannel channel, TimeSpan timeout)
                    at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade
                 )
                    at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
                    at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operatio
                 n, Object[] ins, Object[] outs, TimeSpan timeout)
                    at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRu
                 ntime operation)
                    at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

                 Exception rethrown at [0]: 
                    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
                    at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
                    at Microsoft.ActiveDirectory.WebServices.Proxy.Resource.Get(Message request)
                    at Microsoft.ActiveDirectory.Management.AdwsConnection.SearchAnObject(ADSearchRequest request)
TargetSite     : Void ThrowAuthenticationRelatedExceptionIfAny(System.ServiceModel.CommunicationException)
StackTrace     :    at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowAuthenticationRelatedExceptionIfAny(CommunicationExce
                 ption exception)
                    at Microsoft.ActiveDirectory.Management.AdwsConnection.SearchAnObject(ADSearchRequest request)
                    at Microsoft.ActiveDirectory.Management.AdwsConnection.Search(ADSearchRequest request)
                    at Microsoft.ActiveDirectory.Management.ADWebServiceStoreAccess.Microsoft.ActiveDirectory.Management.IADSyncOpera
                 tions.Search(ADSessionHandle handle, ADSearchRequest request)
                    at Microsoft.ActiveDirectory.Management.ADObjectSearcher.GetRootDSE()
                    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase.GetRootDSE()
                    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase.GetConnectedStore()
                    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase.GetCmdletSessionInfo()
                    at Microsoft.ActiveDirectory.Management.Commands.ADGetCmdletBase`3.BeginProcessingOverride()
                    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase.BeginProcessing()
HelpLink       : 
Source         : Microsoft.ActiveDirectory.Management
HResult        : -2146233087

Thanks in advance,

Yuri

Wednesday, November 16, 2016 2:40 PM

Check to see that you are running PowerShell with a Privilege right

Check to see what your execution policy is, It may be restricted.

Set Execution Policy to either;

  • AllSigned - Only scripts signed by a trusted publisher can be run.

  • RemoteSigned - Downloaded scripts must be signed by a trusted publisher before they can be run.

  • Unrestricted - No restrictions; all Windows PowerShell scripts can be run

Or use ByPASS (Set-executionpolicy bypass -force) 

Run your script again and let me know what you've got.