Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
tutorial:adm:configuration_-_winrm [2021/10/20 05:03]
kucerar sddl registry 		tutorial:adm:configuration_-_winrm [2021/10/20 05:10]
kucerar credential delegation policy
Line 139: Line 139:
 <code>winrm set winrm/config/service '@{CertificateThumbprint=""}'</code> <code>winrm set winrm/config/service '@{CertificateThumbprint=""}'</code>
 The configuration of certificate thumbprint in the Listener should remain there. The configuration of certificate thumbprint in the Listener should remain there.
 +
 +=== CredSSP Delegate credentials error ===
 +If you get this error when you are trying to use CredSSP over HTTPS connection. the problem can be that the server with WinRM has credential delegation turned off
 +<code>
 +<class 'requests_credssp.exceptions.AuthenticationException'>("Server did not response with a CredSSP token after step Step 5. Delegate Credentials - actual ''",)
 +</code>
 +
 +To turn the credentials delegation on. Open Group policy setting and navigate to Computer Configuration\Administrative template\Windows Components\Windows Remote Management (WinRM)\WinRM Service.
 +
 +The Allow Delegating Fresh Credentials (AllowFreshCredentials) policy setting must be enabled. If it's enabled validate if correct value (values) are added to this policy.
 +The correct value is WSMAN/SPN of your server. For example
 +<code>
 +WSMAN/myComputer.myDomain.com
 +WSMAN/*.myDomain.com
 +</code>
 +
 +You need to restart the computer after that.
  
 === x509 attribute parsing error === === x509 attribute parsing error ===
  • by erbenr