WinRM cannot process the request.. with errorcode 0x80090311

Recently I was having troubles Remoting to servers in another forest. The thing worked on certain computers but not on others. No mather what I did I was constantly getting error:

Enter-PSSession : Connecting to remote server Server01 failed with the following error message : WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are
currently no logon servers available to service the logon request.

The solution in my case was not to use Down-Level Logon Name (DOMAIN\UserName) but User principal name (UPN) format instead. UserName@domain.name

If you want to read more or if this does not help you here are some details.

This is what I have tried..

I found article which instructed me to clear DNS and Kerberos tickets cache. Unfortunately it did not solve my problem. Here is a link to article.

I also found another post. Here the solution was to disable anti-virus on remote machine. I tried it with no luck. This one might be useful to you so here is full article.

Then I started capturing and analysing traffic. Here is what I have got..

When running
Enter-PSSession NW-Remote01 -Credential northwindtraders\UserName

DNS Query looked like this:
Standard query SRV _kerberos._tcp.Site-N._sites.dc._msdcs.northwindtraders.contoso.com
No such Name

Standard query SRV _kerberos._tcp.Site-N._sites.dc._msdcs.northwindtraders.northwindtraders.com
No such Name

Standard query SRV _kerberos._tcp.dc._msdcs.northwindtraders.com.contoso.com
No such Name

Standard query SRV _kerberos._tcp.dc._msdcs.northwindtraders.northwindtraders.com
No such Name

Obviously this will not work. But how to persuade client to ask DNS differently. You can say pleassse, but this will not help.. OR:

You can run:
Enter-PSSession NW-Remote01 -Credential UserName@northwindtraders.com
or
Enter-PSSession NW-Remote01 -Credential northwindtraders.com\UserName

The DNS Query looked like this:
Standard query SRV _kerberos._tcp.Site-N._sites.dc._msdcs.northwindtraders.com
No such Name

Standard query SRV _kerberos._tcp.dc._msdcs.northwindtraders.com
Standard query response SRV 0 100 88 NW-DC02.northwindtraders.com SRV NW-DC01.northwindtraders.com

Standard query A NW-DC02.northwindtraders.com
Standard query response A 10.20.1.11

Standard query A NW-Remote01.contoso.com
No such name

Standard query 0xba0c  A NW-Remote01.northwindtraders.com
Standard query response A 10.20.1.21

Conclusion

If you are having problems with PS Remote:
1.) Check if remoting is enabled
test-wsman -computername server01 -authentication default

2.) Check Firewall

3.) Check Trusted hosts
Get-Item wsman:localhost\client\trustedhosts

4.) Use UPN name instead of Down-Level Logon Name

5.) Clear caches on both servers:
To clear DNS name cache you type in: IPConfig /FlushDNS
To clear NetBIOS name cache you type in: NBTStat –R
To clear Kerberos tickets will need KList.exe: KList purge

6.) Turn off anti-virus software on both sides to test if anti-virus is blocking  communication

Hope this helps You
Jure

Advertisements
This entry was posted in PowerShell, Troubleshooting and tagged , , , . Bookmark the permalink.

3 Responses to WinRM cannot process the request.. with errorcode 0x80090311

  1. Pingback: Operations Manager 2012 R2 Custom PowerShell Module | Rather Serious SCOM Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s