目标机器上的 Team Foundation Server (TFS) PowerShell
Team Foundation Server (TFS) PowerShell on Target Machine
我正在尝试自动化我的构建设置。它工作得很好。但是我对步骤“目标机器上的 PowerShell”有疑问。
只要 TFS 服务器和其他服务器在同一个域中,该步骤就可以正常工作。现在我有一个不在域内的服务器。 “Windows 机器文件复制”步骤正在运行。但是“目标机器上的 PowerShell”步骤不起作用。 powershell 脚本在远程机器上。我只需要执行脚本即可。
在服务器上,我有一个具有管理员权限的本地用户。
我已经检查过了:
- 防火墙不是问题
- WinRM 已设置
- TFS 服务器在受信任的主机列表中
- 使用 IP 地址、机器组和机器名称配置“目标机器上的 PowerShell”
当我使用 HTTP 时收到以下错误
WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic. For more info please refer to http://aka.ms/powershellontargetmachinesreadme
当我使用 HTTPS 时收到以下错误
The client cannot connect to the destination specified in the request.
Verify that the service on the destination is running and is accepting requests.
Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".
For more information, see the about_Remote_Troubleshooting Help topic.
For more info please refer to http://aka.ms/powershellontargetmachinesreadme
现在我迷路了,不知道该怎么办。有人知道接下来要检查什么吗?
提前致谢
似乎您想在位于构建机器 AD 域之外的目标机器上制作 TFS 运行 PS。这不是那么简单,即使你直接使用 tfs 任务,也会得到同样的错误。
To achieve this you have two options.
- Setup one way trust between your primary domain ans all of your sub domains so that your production domain credentials can be used on
all of your sub domains.
- use shadow accounts to allow cross domain authentication. These are local accounts with the same username and password across machines
that allows auth. This is the official MSFT work around for non trust
domain auth.
请看看这个类似的问题:
更新
来自 OP: 将客户端添加到服务器可信主机列表,反之亦然(将客户端上的服务器添加到可信主机列表)*
我正在尝试自动化我的构建设置。它工作得很好。但是我对步骤“目标机器上的 PowerShell”有疑问。
只要 TFS 服务器和其他服务器在同一个域中,该步骤就可以正常工作。现在我有一个不在域内的服务器。 “Windows 机器文件复制”步骤正在运行。但是“目标机器上的 PowerShell”步骤不起作用。 powershell 脚本在远程机器上。我只需要执行脚本即可。
在服务器上,我有一个具有管理员权限的本地用户。
我已经检查过了:
- 防火墙不是问题
- WinRM 已设置
- TFS 服务器在受信任的主机列表中
- 使用 IP 地址、机器组和机器名称配置“目标机器上的 PowerShell”
当我使用 HTTP 时收到以下错误
WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic. For more info please refer to http://aka.ms/powershellontargetmachinesreadme
当我使用 HTTPS 时收到以下错误
The client cannot connect to the destination specified in the request.
Verify that the service on the destination is running and is accepting requests.
Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".
For more information, see the about_Remote_Troubleshooting Help topic.
For more info please refer to http://aka.ms/powershellontargetmachinesreadme
现在我迷路了,不知道该怎么办。有人知道接下来要检查什么吗?
提前致谢
似乎您想在位于构建机器 AD 域之外的目标机器上制作 TFS 运行 PS。这不是那么简单,即使你直接使用 tfs 任务,也会得到同样的错误。
To achieve this you have two options.
- Setup one way trust between your primary domain ans all of your sub domains so that your production domain credentials can be used on all of your sub domains.
- use shadow accounts to allow cross domain authentication. These are local accounts with the same username and password across machines that allows auth. This is the official MSFT work around for non trust domain auth.
请看看这个类似的问题:
更新
来自 OP: 将客户端添加到服务器可信主机列表,反之亦然(将客户端上的服务器添加到可信主机列表)*