Azure Stack HCI is now part of Azure Local. However, older versions of Azure Stack HCI, for example 22H2 will continue to reference Azure Stack HCI and won't reflect the name change. Learn more.
Some Azure Stack HCI operations use Windows Remote Management (WinRM), which doesn't allow credential delegation by default. To allow delegation, the computer needs to have Credential Security Support Provider (CredSSP) enabled temporarily. CredSSP is a security support provider that allows a client to delegate credentials to a server for remote authentication.
Enabling CredSSP is a degraded security posture, and in most circumstances should be disabled after the task or operation is completed.
Some tasks that require CredSSP to be enabled include:
Create Cluster wizard workflow
Active Directory queries or updates
SQL Server queries or updates
Locating accounts or computers on a different domain or nondomain joined environment
Troubleshooting tips
If you experience issues with CredSSP, the following troubleshooting tips may help:
To use the Create Cluster wizard when running Windows Admin Center on a server instead of a PC, you must be a member of the Gateway administrators group on the Windows Admin Center server. For more information, see User access options with Windows Admin Center.
When running the Create Cluster wizard, CredSSP may report an issue if an Active Directory trust isn't established or is broken. This results when workgroup-based servers are used for cluster creation. In this case, try manually restarting each server in the cluster.
When running Windows Admin Center on a server, make sure the user account is a member of the Gateway administrators group.
We recommend running Windows Admin Center on a computer that is a member of the same domain as the managed servers.
To be able to enable or disable CredSSP on a server, make sure you belong to the Gateway administrators group on that computer. For more information, see the first two sections of Configure User Access Control and Permissions.
Restarting the WinRM service on the servers in the cluster might prompt you to re-establish the WinRM connection between each cluster server and Windows Admin Center.
One way to do this is by going to each cluster server, and in Windows Admin Center on the Tools menu, select Services, select WinRM, select Restart, and then on the Restart Service prompt, select Yes.
Manual troubleshooting
If you receive the following WinRM error message, try using the manual verification steps in this section to resolve the error. Example error message:
Connecting to remote <sever name> failed with the following error message: The WinRM client cannot process the request. A computer policy does not allow the delegation of the user credentials to the target computer because the computer is not trusted. The identity of the target computer can be verified if you configure the WSMAN service to use a valid certificate.
The manual verification steps in this section require you to configure the following computers:
The computer running Windows Admin Center
The server where you received the error message
To resolve the error, try the following remedy steps as needed:
Remedy 1:
Restart the computer running Windows Admin Center and the server.
If any of the previous remedy steps failed or didn't complete, this might indicate a record conflict in Active Directory. You can use a different computer name to reset the record as a new record in Active Directory.
To reset the record in Active Directory, reinstall the Azure Stack HCI operating system with a new computer name.
Remedy 5:
If the error message you're seeing mentions NTLM then try the following:
On the computer running Windows Admin Center (the one with the "client" CredSSP role), run the following command to see what policies are configured:
Azure HPC is a purpose-built cloud capability for HPC & AI workload, using leading-edge processors and HPC-class InfiniBand interconnect, to deliver the best application performance, scalability, and value. Azure HPC enables users to unlock innovation, productivity, and business agility, through a highly available range of HPC & AI technologies that can be dynamically allocated as your business and technical needs change. This learning path is a series of modules that help you get started on Azure HPC - you
As a Windows Server hybrid administrator, you integrate Windows Server environments with Azure services and manage Windows Server in on-premises networks.