Hello everyone,

I’m currently facing an issue with establishing an Enter-PSSession connection between two computers in my setup. Here are the details:

Computer1: Hybrid Entra Joined, hostname: Computer1Computer2: Workplace/Entra Joined, hostname: Computer2

I would like to connect from Computer1 to Computer2 using Enter-PSSession. My account is a Hybrid Account and part of the Local Admin Group on Computer2. Both computers are connected with the same Entra ID.

The firewall on Computer2 has an open port (HTTP Port 8085). Although the computers are not in the same subnet, the network layer seems to be functioning correctly.

I have made the following registry entries on Computer1:

Registry-Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWSMANClient trusted_hosts “*”

Registry-Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWSMANClient spn_prefix “HOST”

To establish a connection, I use the following string:

​Hello everyone,I’m currently facing an issue with establishing an Enter-PSSession connection between two computers in my setup. Here are the details:Computer1: Hybrid Entra Joined, hostname: Computer1Computer2: Workplace/Entra Joined, hostname: Computer2I would like to connect from Computer1 to Computer2 using Enter-PSSession. My account is a Hybrid Account and part of the Local Admin Group on Computer2. Both computers are connected with the same Entra ID.The firewall on Computer2 has an open port (HTTP Port 8085). Although the computers are not in the same subnet, the network layer seems to be functioning correctly.I have made the following registry entries on Computer1: Registry-Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWSMANClient trusted_hosts “*”Registry-Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWSMANClient spn_prefix “HOST” To establish a connection, I use the following string:$aadusername1 = Get-Credential -UserName “AzureADusername1 @domain.ch” -Message “AzureADemail address removed for privacy reasons”

Enter-PSSession -ComputerName XX.XX.XXX.55 -Port 5985 -Credential $aadusername1 -Authentication NegotiateUnfortunately, I am unable to connect to Computer2. I receive the following error message:Connecting to remote server XX.XX.XXX.55 failed with the following error message: Access is denied. For more information, please refer to the about_Remote_Troubleshooting Help topic.In the Event Log of Computer2 i see following Event Log entry:Event ID: 4625

Antragsteller:
Sicherheits-ID: NULL SID
Kontoname: –
Kontodomäne: –
Anmelde-ID: 0x0

Anmeldetyp: 3

Konto, für das die Anmeldung fehlgeschlagen ist:
Sicherheits-ID: NULL SID
Kontoname: email address removed for privacy reasons
Kontodomäne: AzureAD

Fehlerinformationen:
Fehlerursache: Unbekannter Benutzername oder ungültiges Kennwort.
Status: 0xC000006D
Unterstatus:: 0xC0000064

Prozessinformationen:
Aufrufprozess-ID: 0x0
Aufrufprozessname: –

Netzwerkinformationen:
Arbeitsstationsname: Computer1
Quellnetzwerkadresse: YY.YY.YYY.11
Quellport: 55343

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: NtLmSsp
Authentifizierungspaket: NTLM
Übertragene Dienste: –
Paketname (nur NTLM): –
Schlüssellänge: 0We encountered an issue where establishing a connection using Basic Authentication is not possible. However, when connecting from Computer2 to Computer2 using the described connection, the connection can be successfully established. The Event Log shows the following security protocols:Anmeldeprozess: Pku2uSspAuthentifizierungspaket: NegoExtenderIf anyone has any insights or suggestions on how to solve this problem and enable a successful connection with the desired security protocols, your input would be greatly appreciated. Thank you!    Read More

​