Home/ Questions/Q 4047228
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T13:39:51+00:00

Has anybody gotten powershell remoting to work against CNAMES or host files. a way

  • 0

Has anybody gotten powershell remoting to work against CNAMES or host files.

a way to test, create a PSsession against localhost to make sure its working fine… then have a host record to 127.0.0.1 called something, then try to create a pssession against that.

I get this sort of error

[funkymonkey] Connecting to remote server failed with the following error message : WinRM cannot pr
ocess the request. The following error occured while using Kerberos authentication: The network pat
h was not found.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two d
omains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configu
ration setting or use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. F
or more information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PS
   RemotingTransportException
    + FullyQualifiedErrorId : PSSessionOpenFailed
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If NTLM isn’t working, I think you’re getting hit by the loopback check stuff added in winsrv 2003 sp1+. You can add the CNAMEs to a special registry key that will include them in the exception list (which already includes localhost.)

    ps> new-itemproperty hklm:\system\currentcontrolset\control\Lsa\MSV1_0
    BackConnectionHostNames `
    -propertyType multistring -val “cname1″,”cname1.local”

    Some people just turn it off entirely (the loopback check) by setting a dword DisableLoopbackCheck (google it) but you really should control it tighter with the former method instead of taking the lazy route.

    IIRC, this security feature prevents a particular type of credential theft called a “reflection attack.” I don’t remember the methodology but i’m sure you could find it online.

    • 0