We upgraded a system to 1903 and immediately we are unable to remote powershell to that box.
Already done:
No available updates to install.
rebooted several times more.
Firewall is disabled.
disable-pssession and re-enable pssession, no errors.
This is the error we get when trying to connect:
Enter-PSSession : Connecting to remote server testdesktop failed with the following error message : WinRM cannot process the
request. The following error with errorcode 0x80090322 occurred while using Kerberos authentication: An unknown security error
occurred.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS
transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information, see the
about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession testdesktop
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (testdesktop:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
The internet has a lot of stuff about broken SPN's on web servers and deleting or recreating:
http/host.domain.com
but this isn't a web server, it's just a Windows 10 desktop. there are no existing HTTP SPN's on this box.
Domain trust is fine, computer account is fine.
Any ideas are appreciated.