Active Directory error “-2147016672” occurred while searching for domain controllers in domain

Active Directory error “-2147016672” occurred while searching for domain controllers in domain

 

Recently i have an issue with my Powershell script which i prepared to install Skype for business server 2015. while running bootstrapper.exe remotely ( with invoke-command) to install S4B services it was giving error  “Active Directory error “-2147016672” occurred while searching for domain controllers in domain “.

On More research found that when running the cmdlets remotely you only get the local admin context on the remote computer during 2nd hop authentication,

PowerShell remoting supports a new authentication mechanism called CredSSP.  “CredSSP enables an application to delegate the user’s credentials from the client (by using the client-side SSP) to the target server (through the server-side SSP).” .

Solution :

There are lot of possible causes mention in multiple articles but the majority of the problems are because of PS remoting with 2nd hop authentication.

In my case the problem was with 2nd hop authentication in remoting , so i ran below code to make sure remoting is enabled on target FE server and also set trusted host to all.

# Configures the server for WinRM and WSManCredSSP
Write-Host “Configuring PowerShell remoting…”
$winRM = Get-Service -Name winrm
If ($winRM.Status -ne “Running”) {Start-Service -Name winrm}
Set-ExecutionPolicy Bypass -Force
Enable-PSRemoting -Force
Enable-WSManCredSSP -Role Server -Force | Out-Null
Set-Item wsman:localhostclienttrustedhosts *
Enable-WSManCredSSP -Role client -DelegateComputer *

Then on the script Server where the PowerShell scripts reside I ran this:
Enable-WsManCredSSP –Role Client –DelegateComputer *

 

(Visited 315 times, 1 visits today)

Add a Comment

Facebook