Грешка PSRemoting при използване на сесия и CredSSP

Използвам Windows 8.1 Enterprise 64 bit и Powershell 4.0.

Искам да изпълня отдалечено управление на powershell и да използвам удостоверяване CredSSP.

Отварям Console Powershell, стартирам като администратор и изпълнявам командата Enter-PSSession, за да се свържа с отдалечен компютър.

Но получавам грешка относно връзката.

PS C:\Documents and Settings\kiquenet> Enter-PSSession -ComputerName DC -credential devrsg.com\Administrator

Както и да е, тествам команда от Windows XP и Windows 7 и връзката е наред.

PS C:\Documents and Settings\kiquenet> Enter-PSSession -ComputerName DC -credential devrsg.com\Administrator
[dc]: PS C:\Users\Administrator\Documents> exit

Сега тествам в Windows 8.1.

Тествам командата enable-psremoting и получавам грешка:

PS C:\Windows\system32> Enable-PSRemoting -force

WinRM ya está configurado para recibir solicitudes en este equipo.
WinRM has been updated to receive requests.
Set-WSManQuickConfig : <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2"
Machine="localhost"><f:Message><f:ProviderFault provider="Config provider"
path="%systemroot%\system32\WsmSvc.dll"><f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"
Code="2" Machine="MYCOMPUTERW8.mycompany.net"><f:Message>Unable to check the status of the firewall.
</f:Message></f:WSManFault></f:ProviderFault></f:Message></f:WSManFault>
En línea: 69 Carácter: 17
+                 Set-WSManQuickConfig -force
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Set-WSManQuickConfig], InvalidOperationException
    + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.SetWSManQuickConfigCommand

Същата грешка при използване на командата Enable-PSRemoting -force -SkipNetworkProfileCheck.

Тествам командата winrm quickconfig и получавам грешка:

PS C:\Windows\system32> winrm quickconfig  -force
WinRM service is already running on this machine.
WSManFault
    Message
        ProviderFault
            WSManFault
                Message = Unable to check the status of the firewall.

Nº de error:  -2147024894 0x80070002
The system cannot find the file specified.

Имам деактивирани SmartScreen и Firewall в моя Windows 8.1. (Имам деактивирана защита на Symantec Endpoint)

Някакви предположения?

актуализация:

Тествам тези команди:

PS C:\> Enable-PSRemoting -SkipNetworkProfileCheck -Force

PS C:\>Set-NetFirewallRule –Name "WINRM-HTTP-In-TCP-PUBLIC" –RemoteAddress Any

но получавам грешка:

PS C:\Windows\system32> Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP-PUBLIC" -RemoteAddress Any
Set-NetFirewallRule : No se encontraron objetos MSFT_NetFirewallRule cuya propiedad 'InstanceID' sea igual a
'WINRM-HTTP-In-TCP-PUBLIC'. Compruebe el valor de la propiedad e inténtelo de nuevo.
En línea: 1 Carácter: 1
+ Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP-PUBLIC" -RemoteAddress Any
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (WINRM-HTTP-In-TCP-PUBLIC:String) [Set-NetFirewallRule], CimJobException
    + FullyQualifiedErrorId : CmdletizationQuery_NotFound_InstanceID,Set-NetFirewallRule

Справка: http://technet.microsoft.com/en-us/library/hh849694.aspx

Актуализация 2

Сега изпълнявам Net stop MPSSVC (услуга за защитна стена на Windows) и получавам тази грешка

Enter-PSSession -ComputerName DC -credential dersg.com\Administrator
Enter-PSSession : Connecting to remote server DC failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
En línea: 1 Carácter: 1
+ Enter-PSSession -ComputerName DC -credential devrsg.com\Administrator
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (DC:String) [Enter-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

Актуализация 3.

Изпълнявам тази команда (https://stackoverflow.com/a/22816386/206730)

Set-PSSessionConfiguration -ShowSecurityDescriptorUI -Name Microsoft.PowerShell

Сега изпълнявам командата и всичко е наред

PS C:\Documents and Settings\kiquenet> Enter-PSSession -ComputerName DC -credential devrsg.com\Administrator
[dc]: PS C:\Users\Administrator\Documents> exit

Сега активирам CredSSP в сървър и в клиент:

Enable-WSManCredSSP -Role Server –Force

Enable-WSManCredSSP -Role Client -DelegateComputer * -Force

Сега тествам команда с CredSSP:

$serverName = "DC"
$username = "devrsg\Administrator"
$password = "xxxxxx"   

$adjPwd = $password | ConvertTo-SecureString -asPlainText -Force
$testCred = (New-Object System.Management.Automation.PSCredential($username,$adjPwd))   

$scriptBlock = {
  Write-Host ("hello, world: {0}, {1}" -f $env:USERNAME, (hostname))
}

Invoke-Command $scriptBlock -computername $serverName -credential $testCred  -Authentication Credssp

и получавам грешката:

PS C:\> .\testRemoteCredSSP.ps1
[DC] Error de conexión al servidor remoto DC. Mensaje de error: El cliente WinRM no puede procesar la solicitud. Una
directiva de equipo no permite delegar credenciales de usuario en el equipo de destino porque éste no es de confianza.
La identidad del equipo de destino se puede comprobar si configura el servicio WSMAN para usar un certificado válido
con el siguiente comando: winrm set winrm/config/service '@{CertificateThumbprint="<huellaDigital>"}'  O bien puede
comprobar en el Visor de eventos si hay un evento que especifique que no se pudo crear el siguiente SPN:
WSMAN/<FQDNdelEquipo>. Si encuentra este evento, puede crear manualmente el SPN con setspn.exe .  Si el SPN existe,
pero CredSSP no puede usar Kerberos para validar la identidad del equipo de destino y desea permitir la delegación de
credenciales de usuario en el equipo de destino, use gpedit.msc y mire la siguiente directiva: Configuración del
equipo -> Plantillas administrativas -> Sistema -> Delegación de credenciales -> Permitir credenciales nuevas con
autenticación solo NTLM de servidor.  Compruebe que esté habilitada esta opción y configurada con el correspondiente
SPN para el equipo de destino. Por ejemplo, para un nombre de equipo de destino "miservidor.dominio.com", el SPN puede
ser alguno de los siguientes: WSMAN/miservidor.dominio.com o WSMAN/*.dominio.com. Pruebe de nuevo la solicitud después
de realizar estos cambios. Para obtener más información, consulte el tema de la Ayuda about_Remote_Troubleshooting.
    + CategoryInfo          : OpenError: (DC:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : -2144108124,PSSessionStateBroken

съобщение на английски:

Enter-PSSession : Connecting to remote server failed with the following error me
ssage : The WinRM client cannot process the request. 
A computer policy does not allow the delegation of the user credentials to the target computer because the computer is not trusted. The identity of the target computer can be verified if you configure the WSMAN service to use a valid certificate using the following command: winrm set winrm/config/service '@{CertificateThumbprint="<thumbprint>"}' 

Or you can check the Event Viewer for an event that specifies that the following SPN could not be created: WSMAN/<computerFQDN>. If you find this event, you can manually create the SPN using setspn.exe .  

If the SPN exists, but CredSSP can not use Kerberos to validate the identity of the target computer and you still want to allow the delegation of the user credentials to the target computer, use gpedit.msc and look at the following policy: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Allow Fresh Credentials with NTLM-only Server Authentication.  

Verify that it is enabled and configured with an SPN appropriate for the target computer. 
For example, for a target computer name "myserver.domain.com", the SPN can be one of the following: WSMAN/myserver.domain.com or WSMAN/*.domain.com. 

Try the request again after these changes. 
    For more information, see the about_Remote_Troubleshooting Help topic.