Using PowerShell Remoting with PIN-enabled Accounts

by Dec 14, 2016

If you have set up a PIN to log into your computer, PowerShell remoting against your own machine may fail with a weird error message:

 
PS C:\>  Invoke-Command { "Hello" } -ComputerName $env:computername 
[DESKTOP-7AAMJLF]  Connecting to remote server DESKTOP-7AAMJLF failed with the following error  message : WinRM cannot process the request. The following error with  errorcode 0x8009030e occurred while using Negotiate authentication: A specified logon session does not exist. It may already have been terminated. 
 Possible causes are:
  -The user name or password specified are  invalid.
  -Kerberos is used when no authentication  method and no user name are specified.
  -Kerberos accepts domain user names, but not  local user names.
  -The Service Principal Name (SPN) for the  remote computer name and port does not exist.
  -The client and remote computers are in  different domains and there is no trust between the two domains.
 After checking for the above issues, try the  following:
  -Check the Event Viewer for events related to  authentication.
  -Change the authentication method; add the  destination computer to the WinRM TrustedHosts configuration setting or use  HTTPS transport.
 Note that computers in the TrustedHosts list  might not be authenticated.
  -For more information about WinRM  configuration, run the following command: winrm help config. For more  information, see the 
about_Remote_Troubleshooting  Help topic.
    + CategoryInfo          : OpenError: (DESKTOP-7AAMJLF:String)  [], PSRemotingTransportException
    + FullyQualifiedErrorId :  1312,PSSessionStateBroken
 

To work around this, you have two choices:

  • Set up a user account with a password (needs local Administrator privileges). Then, use -Credential when you run Invoke-Command, and specify the account and password
  • If your computer is not domain-joined, and you enabled Negotiate authentication for PowerShell remoting, use the machine’s IP address instead of a computer name.

Twitter This Tip! ReTweet this Tip!