当前位置: 文江博客话题详情

从 C# 调用 Exchange 命令行管理程序时出现连接错误

发布于 2024-11-26 12:08:23 字数 1267 浏览 1 评论 0原文

解决 SSL 证书问题后,我收到一个奇怪的异常。请帮忙! 我的代码: PSCredential 凭证 = new PSCredential("域\管理员", securePwd);

    WSManConnectionInfo connectionInfo = new WSManConnectionInfo(new Uri("https://www.xxx.com/powershell"), "http://schemas.microsoft.com/powershell/Microsoft.Exchange", credential);
    Runspace runspace = System.Management.Automation.Runspaces.RunspaceFactory.CreateRunspace(connectionInfo);
    connectionInfo.AuthenticationMechanism = AuthenticationMechanism.Basic;
    using (runspace)
    {
        Collection<PSObject> psObject = GetUserInformation(10, runspace);

    }

公共集合 GetUserInformation(int count,运行空间运行空间) { 使用(PowerShell powershell = PowerShell.Create()) {

        powershell.AddCommand("Get-Users");
        powershell.AddParameter("ResultSize", count);

        runspace.Open();//**error happens**

        powershell.Runspace = runspace;

        return powershell.Invoke();
    }
}

错误信息: “连接到远程服务器失败,并显示以下错误消息:WinRM 客户端无法处理请求。WinRM 客户端尝试使用协商身份验证机制,但目标计算机 (www.xxx.com:443) 返回了“访问”更改配置以允许使用协商身份验证机制或指定服务器支持的身份验证机制之一。要使用 Kerberos,请指定本地计算机名称作为远程目标。计算机连接到要使用基本身份验证,请指定本地计算机名称作为远程目标,指定基本身份验证并提供用户名和密码。”

我使用基本身份验证,并提供用户名和凭据,为什么它说“尝试使用”协商认证机制”?

原文

I get a weird exception after solved SSL certificate issue. Please help!
My code:
PSCredential credential = new PSCredential("domain\administrator", securePwd);

    WSManConnectionInfo connectionInfo = new WSManConnectionInfo(new Uri("https://www.xxx.com/powershell"), "http://schemas.microsoft.com/powershell/Microsoft.Exchange", credential);
    Runspace runspace = System.Management.Automation.Runspaces.RunspaceFactory.CreateRunspace(connectionInfo);
    connectionInfo.AuthenticationMechanism = AuthenticationMechanism.Basic;
    using (runspace)
    {
        Collection<PSObject> psObject = GetUserInformation(10, runspace);

    }

public Collection GetUserInformation(int count, Runspace runspace)
{
using (PowerShell powershell = PowerShell.Create())
{

        powershell.AddCommand("Get-Users");
        powershell.AddParameter("ResultSize", count);

        runspace.Open();//**error happens**

        powershell.Runspace = runspace;

        return powershell.Invoke();
    }
}

Error message:
"Connecting to remote server failed with the following error message : The WinRM client cannot process the request. The WinRM client tried to use Negotiate authentication mechanism, but the destination computer (www.xxx.com:443) returned an 'access denied' error. Change the configuration to allow Negotiate authentication mechanism to be used or specify one of the authentication mechanisms supported by the server. To use Kerberos, specify the local computer name as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the local computer name as the remote destination, specify Basic authentication and provide user name and password."

I use basic authentication, and provide username and credential, why it says "tried to use Negotiate authentication mechanism"?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

儭儭莪哋寶赑 2024-12-03 12:08:23

首先,在创建运行空间之前尝试设置 connectionInfo.AuthenticationMechanism 属性。因此,交换第一个代码片段中第 2 行和第 3 行的顺序。

如果这不能解决问题,请确保在 PowerShell 网站上启用基本身份验证。

为此,您需要转到 IIS 管理器、站点、默认网站、PowerShell,选择身份验证功能,然后启用基本身份验证。

如果“身份验证”功能页面上没有“基本身份验证”选项,则需要通过以下方式安装它:转到服务器管理器,选择 Web 服务器角色,例如“添加角色服务”,在树视图中的“安全”节点下,选择“基本身份验证”。

First, try to set the connectionInfo.AuthenticationMechanism property BEFORE you create your runspace. So swap the order of lines 2 and 3 on your first code snippet.

If that does not fix it, make sure Basic Authentication is enabled on the PowerShell website.

To do this you need to go to the IIS Manager, Sites, Default Website, PowerShell, select the Authentication Feature, and enable Basic Authentication.

If Basic Authentication is not an option on the Authentication feature page, you need to install it by going to the Server Manager, select the Web Server role, say "Add Role Services", under the Security node in the treeview, select Basic Authentication.

回复 原文
尾戒 2024-12-03 12:08:23

在这种情况下不允许使用基本身份验证,除非在服务器上明确配置...您可以在服务器端启用它或使用 Kerberos/NTLM...

有关详细信息,请参阅 http://technet.microsoft.com/en-us/library/dd351136.aspxhttp://technet.microsoft.com/en-us/library/dd347642.aspx

Using Basic Authentication is not allowed in this scenario unless explicitly configured on the server... you could enable it server-side or use Kerberos/NTLM...

For details see http://technet.microsoft.com/en-us/library/dd351136.aspx and http://technet.microsoft.com/en-us/library/dd347642.aspx

回复 原文
不顾 2024-12-03 12:08:23

我可以总结使基本身份验证即使在域外的计算机上也能工作的步骤:

  • 在客户端和服务器上将 ExecutionPolicy 设置为无限制
  • 正确配置客户端和服务器上的 TrustedHosts
  • 在客户端和服务器上启用基本身份验证
  • 确保基本身份验证角色安装在Web 服务器 (IIS) 的安全性
  • 为 PowerShell 虚拟目录启用基本身份验证,
  • 使用 HTTP(而不是 https)访问服务器。

这也是工作代码:

PowerShell powershell = PowerShell.Create();
String pass = "password";
SecureString passSecure = new SecureString();
foreach (char c in pass.ToCharArray())
{
    passSecure.AppendChar(c);
}
PSCredential cred = new PSCredential("user", passSecure);

string schemaURI = "http://schemas.microsoft.com/powershell/Microsoft.Exchange";
Uri connectTo = new Uri("http://192.168.69.116/powershell/");            
WSManConnectionInfo connectionInfo = new WSManConnectionInfo(connectTo, schemaURI, cred);
connectionInfo.MaximumConnectionRedirectionCount = 5;
connectionInfo.AuthenticationMechanism = AuthenticationMechanism.Basic;
//connectionInfo.AuthenticationMechanism = AuthenticationMechanism.Default;
connectionInfo.SkipCACheck = true;
connectionInfo.SkipCNCheck = true;
connectionInfo.SkipRevocationCheck = true;
Runspace remoteRunspace=null;
try
{
   remoteRunspace = RunspaceFactory.CreateRunspace(connectionInfo);
   remoteRunspace.Open();
}
catch (Exception err)
{
    //Handle error 
}

I can summarize the steps to make Basic authentication work even from computers outside the domain:

  • Set-ExecutionPolicy to Unrestricted on both Client and Server
  • configure properly the TrustedHosts on client and server
  • enable Basic authentication on client and server
  • make sure Basic Authentication Role is installed under Security for the Web Server (IIS)
  • enable Basic Authentication for the PowerShell virtual directory
  • use HTTP, not https to access the server.

Here is the working code as well:

PowerShell powershell = PowerShell.Create();
String pass = "password";
SecureString passSecure = new SecureString();
foreach (char c in pass.ToCharArray())
{
    passSecure.AppendChar(c);
}
PSCredential cred = new PSCredential("user", passSecure);

string schemaURI = "http://schemas.microsoft.com/powershell/Microsoft.Exchange";
Uri connectTo = new Uri("http://192.168.69.116/powershell/");            
WSManConnectionInfo connectionInfo = new WSManConnectionInfo(connectTo, schemaURI, cred);
connectionInfo.MaximumConnectionRedirectionCount = 5;
connectionInfo.AuthenticationMechanism = AuthenticationMechanism.Basic;
//connectionInfo.AuthenticationMechanism = AuthenticationMechanism.Default;
connectionInfo.SkipCACheck = true;
connectionInfo.SkipCNCheck = true;
connectionInfo.SkipRevocationCheck = true;
Runspace remoteRunspace=null;
try
{
   remoteRunspace = RunspaceFactory.CreateRunspace(connectionInfo);
   remoteRunspace.Open();
}
catch (Exception err)
{
    //Handle error 
}
回复 原文
~没有更多了~

关于作者

晨敛清荷

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

Promise

文章 0 评论 0

qq_lbRlsh

文章 0 评论 0

待"谢繁草

文章 0 评论 0

yy2010hell

文章 0 评论 0

漫无边际

文章 0 评论 0

傲娇萝莉攻

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文