WINRM不使用VPN来源的GCP内部IP地址
在使用GCP VPN连接我的本地网络与GCP VPC时,从本地网络可以使用内部IP地址访问GCP VPC中的虚拟机。我已经配置了GCP Windows VM来启用WinRM并在GCP中创建了防火墙规则,并确保WinRM Service开启了适当的端口。
如果我使用外部IP,我可以运行该命令从不在VPN上的计算机中获取输出。
Invoke-Command -ComputerName <ExternalIP> -ScriptBlock {Get-UICulture} -Credential $credential
如果我从带有内部IP的VPN网络上的计算机上运行相同的命令,则会给我错误
连接到远程服务器10.xxx.x.xx失败了以下 错误消息:WINRM客户端无法处理请求。如果是 身份验证方案与Kerberos不同,或者客户 计算机未连接到域,然后必须使用HTTPS运输 或目标机必须添加到TrustedHosts 配置设置。使用winrm.cmd配置TrustedHosts。笔记 TrustedHosts列表中的计算机可能没有得到认证。 您可以通过运行以下内容获得有关此信息的更多信息 命令:winrm帮助配置。有关更多信息,请参阅 关于_remote_troubleshooting帮助主题。
categoryInfo:openerror:(10.xxx.x.xx:string)[], PSREMOTINGTRANSPORTEXCEPTION完全QualififiedErrid: servernottrusted,pssessionStateBroken
不确定,因为所有防火墙规则都很好,没有规则说我不能为WinRM命令使用内部IP地址。
On connecting my on-prem network with GCP VPC using GCP VPN, from the on-prem network can i access the virtual machine in GCP VPC using the internal IP address. I have configured GCP windows VM to enable WinRM and created firewall rules in GCP and made sure WinRM service is on with appropriate ports open.
If I use external IP I can run the command to get output from a machine which is not on VPN.
Invoke-Command -ComputerName <ExternalIP> -ScriptBlock {Get-UICulture} -Credential $credential
If I run the same command from a machine which is on VPN network with internal ip, it gives me error
Connecting to remote server 10.xxx.x.xx failed with the following
error message : The WinRM client cannot process the request. If the
authentication scheme is different from Kerberos, or if the client
computer is not joined to a domain, then HTTPS transport must be used
or the destination machine must be added to the TrustedHosts
configuration setting. Use winrm.cmd to configure TrustedHosts. Note
that computers in the TrustedHosts list might not be authenticated.
You can get more information about that by running the following
command: winrm help config. For more information, see the
about_Remote_Troubleshooting Help topic.CategoryInfo : OpenError: (10.xxx.x.xx:String) [],
PSRemotingTransportException FullyQualifiedErrorId :
ServerNotTrusted,PSSessionStateBroken
Not sure as all the firewall rules are fine and there is no rule which says that I can't use internal ip address for winrm commands.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论