We are planning to onboard our on-premises Windows Server (lowest version is 2012 R2) to Azure Arc on a scale (Approx. 400 Servers).
We downloaded PS script from Azure Arc and ran from one of the servers to other remote servers using PS Session to automate the installation.
We encountered with below errors:
"New-PSSession : [ABCDSERVER001] Connecting to remote server ABCDSERVER001 failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090322 occurred while using Negotiate authentication: An unknown security error occurred.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains. After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic. At line:3 char:11 + $SESSION= New-PSSession -Computer 'ABCDSERVER001' -Cred $credential + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:Re moteRunspace) [New-PSSession], PSRemotingTransportException + FullyQualifiedErrorId : -2144108387,PSSessionOpenFailed"
What We can NOT do:
- We can not do installation using SCCM /Group Policy.
- We do not have Domain Admin rights.
- We can not use PSExcec.
What we verified:
- Username and credentials are correct.
- Using domain credentials (not local credentials).
- All servers are in same domain.
- SPN of the remote server.
Any help on this would be greatly appreciated.
Please also help with any alternate method to on-board Azure Arc without much involvement of existing AD /SCCM.
Thanks in Advance