vmbaz9
Contributor
Contributor

Preauthentication issue on powershell AD module in VCO

We are trying to use the VCO powershell plugin to run simpla AD commands, for example

import-module ActiveDirectory

get-aduser username -server servername.domainname

From the powershell host, I can open up a powershell command and run these commands successfully.

However,  when trying to run this workflow inside vco, the error fails and says  that the host may not be available.  The error occurs on the get-aduser  command, the import-module ActiveDirectory command runs okay.

Our  VCO host is configured for HTTP, Kerberos authentication, we are using  the FQDN for hostname, and for the time being we are using a shared  session, although we have tried it with user session, and get the same  result.

A wireshark capture shows when trying to establish the Kerberos session, we are getting a KRB5KDC_ERR_PREAUTH_REQUIRED.

We  have the krb5.conf file in place, and have allow_weak_crypto set to  true.  Inside winrm, we have enabled Kerberos on client and service,  have added trusted hosts, and have verified that kerberos is working  with the winrm id -r:hostname.domainname -a:kerberos -u:username -p.

We  are running the latest powershell vco, and have the VCO 5.1 U1 just  released (but it was happening with older versions as well, i.e. we have  not been successful in getting this to ever work).

Any thoughts?

1 Reply
vmbaz9
Contributor
Contributor

Found the solution

forwardable = true in krb5.conf file fixed it