Windows Server Manager

TeeJayHoward

TeeJayHoward

Limpness Supreme
Joined
Feb 8, 2005
Messages
12,316
I'm having a bit of an issue, and it's got me scratching my head.

ESXi box:
Server 2K8 R2 SP1 Datacenter as Active Directory and DNS server
Web Server 2K8 R2 SP1 Core with no roles installed, remote management enabled via sconfig

Standalone box:
Server 2K8 R2 SP1 Standard with File Services installed (NFS share)

All three machines are on the same domain. I am attempting to use Server Manager from the standalone box to manage the Web Server, and I cannot connect. The exact error is:

[Window Title]
Server Manager

[Main Instruction]
Server Manager cannot connect to webserver. Click Retry to try to connect again.

[Expanded Information]
Connecting to remote server failed with the following error message : WinRM cannot process the request. The following error occured while using Kerberos authentication: A specified logon session does not exist. It may already have been terminated.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.

[^] Hide details [Retry] [Cancel]
PS C:\Users\Administrator> winrm id -r:webserver
WSManFault
Message = WinRM cannot process the request. The following error occured while using Kerberos authentication: A speci
fied logon session does not exist. It may already have been terminated.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use
HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config.

Error number: -2147023584 0x80070520
A specified logon session does not exist. It may already have been terminated.
The odd thing is that it works just fine from the Datacenter box. I've tried it with the firewall disabled, with MSE's Real-Time protection disabled, and nothing I do seems to work. While I certainly COULD just administer the web server from the datacenter VM, it'd be much more convenient for me to connect to it from the standalone box, and frankly, it just irks me that something's not working the way I imagined it to.

Can anyone offer any advice as to what might be going on here?

EDIT: SOLVED - I WASN'T LOGGED IN TO THE DOMAIN.
 
Last edited:
Can you check that the machines clocks are all in sync? If they are out of sync, that can cause problems with kerberos.
 
So, on the standalone box, is the Username you are logged in as, the same as a username on the domain, BUT with a different password?

That tends to make windows unhappy.

Also, do you have any mapped drives using a DIFFERENT user name?
(Run net use * /d to kill them all)
 
extide said:
So, on the standalone box, is the Username you are logged in as, the same as a username on the domain, BUT with a different password?

That tends to make windows unhappy.

Also, do you have any mapped drives using a DIFFERENT user name?
(Run net use * /d to kill them all)
Click to expand...
All three boxes use the same local username and password.
...Although, come to think of it, I might still be logged in to the local box instead of to the domain. Rebooting.

edit: Thank you, thank you, thank you. That was it. I wasn't logged in to the domain. I feel like an idiot.
 
Last edited:
Gah, 2K8R2 Core is driving me bonkers!

Microsoft said:
Tasks that you cannot perform remotely by using Server Manager

Add or remove roles, role services, and features
Configure Remote Desktop settings
Configure System Properties
Check for new roles
Change Windows automatic updating settings
Change network settings
Change the computer name or domain membership
Click to expand...

Just, you know, the standard things you do when setting up a server. Seems to me like Server Manager's only good for adding a user, formatting a disk, and editing firewall settings. They really gimped the heck out of it for security's sake.
 
You must log in or register to reply here.
Back
Top