@KaloferovLab remoting over WSMan is supported, but much more limited than what you get with Windows and WinRM. From Linux, you should use -Credential as unlike Windows you can't use the current security context. Also, use -Authentication Basic.

I have tried many times establishing a new session from linux RHEL7 to windows server 2016.
Always get the same error.
I also tried , athentication Kerberos, Basic, Negotiable, etc....

Enter-PSSession : MI_RESULT_ACCESS_DENIED
At line:1 char:1

• Enter-PSSession -ComputerName WSRVPRD001 -Credential (Get-Credential) ...
• ~~~~~~~~~~~~~~~~~
• CategoryInfo : InvalidArgument: (WSRVPRD001:String) [Enter-PSSession], PSInvalidOperationException
• FullyQualifiedErrorId : CreateRemoteRunspaceFailed

Did anyone manage to establish the connection?

New-PSSession -ComputerName remotehost -Credential $credential -Authentication Negotiate

Use Negotiate for authentication. I don't recommend using basic as that would send your password in plain text over the network and you would also need to manually allow the remote host to accept basic authentication as it is not allowed by default. Specifying Negotiate results in using NTLM authentication which can be verified by checking $PSSenderInfo.UserInfo.Identity.AuthenticationType

If you are seeing this error on Debian or Ubuntu, see https://github.com/PowerShell/PowerShell/issues/7342#issuecomment-477711182.

I also facing same problem when I am accessing from ubuntu 16.04, with powershell version and details are included

Name Value
---- -----
PSVersion 6.2.1
PSEdition Core
GitCommitId 6.2.1
OS Linux 4.15.0-1036-gcp #38~16.04.1-Ubuntu SMP Tue Jun 25 15:30:46 UTC 2019
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0

My error output :
PowerShell credential request
Enter your credentials.
Password for user XXXXXXXXXXXX: **

enter-pssession : MI_RESULT_ACCESS_DENIED
At line:1 char:1

• enter-pssession -credential XXXXXXXXXXXX
• ~~~~~~~~~~~~~
• CategoryInfo : InvalidArgument: (:String) [Enter-PSSession], PSInvalidOperationException
• FullyQualifiedErrorId : CreateRemoteRunspaceFailed

I also face this Issue on Centos 7 and Server 2012r2 / 2016

Same issue on Centos 7 and WinServer 2019

Invoke-Command gives the same error.

So it appears this issue has been open for a while. I recently ran into this issue via #10764. Any plans to get this resolved in future releases? This holding up some progress to port some Windows automation over to Linux based environment.

Experiencing this ongoing issue as well.

Linux > Windows 2012 R2

Enter-PSSession -Credential $creds -ConfigurationName microsoft.exchange -ConnectionUri http://x.x.x.x/powershell -Authentication Negotiate -Verbose

Enter-PSSession : Connecting to remote server x.x.x.x failed with the following error message : MI_RESULT_ACCESS_DENIED For more information, see the about_Remote_Troubleshooting Help topic.     



md5-5038a68b4bb736e3f9d7989587f9a908



 Enter-PSSession -Credential $creds -ComputerName x.x.x.x -Authentication Negotiate -Verbose



md5-c069a8610c4b91c8aab2324e31594f11



Enter-PSSession : Connecting to remote server x.x.x.x failed with the following error message : MI_RESULT_ACCESS_DENIED For more information, see the about_Remote_Troubleshooting Help topic.                                           

When remoting from Linux, you will likely need to explicitly use Basic auth. Negotiate requires additional libraries and configuration.

When remoting from Linux, you will likely need to explicitly use Basic auth. Negotiate requires additional libraries and configuration.

Are the extra libraries required on the Windows or Linux side. Or both?

Windows already has the necessary libs built into the OS. Here's an example where the docker image was updated with a lib to support NTLM on Linux: https://github.com/PowerShell/PowerShell-Docker/issues/124. This issue seems to indicate Kerberos can work on Linux.

Windows already has the necessary libs built into the OS. Here's an example where the docker image was updated with a lib to support NTLM on Linux: PowerShell/PowerShell-Docker#124. This issue seems to indicate Kerberos can work on Linux.

Hmm. Checked to verify that the package is installed in the Docker image and still get the same issue as above.

PS /> apt show gss-ntlmssp
Package: gss-ntlmssp
Version: 0.7.0-4build3
Status: install ok installed

PS /> Enter-PSSession -Credential $cred -ComputerName xxxxx -Authentication Negotiate -Verbose
Enter-PSSession : Connecting to remote server xxxxx failed with the following error message : MI_RESULT_FAILED For more information, see the about_Remote_Troubleshooting Help topic

Hey @arnydo,
All officially supported Docker images have gss-ntlmssp installed on them, except for Alpine and openSUSE. So as long as you are using one of the others, you should be good.

Hey @arnydo,
All officially supported Docker images have gss-ntlmssp installed on them, except for Alpine and openSUSE. So as long as you are using one of the others, you should be good.

I am using the latest Docker image for Powershell with no luck.

@arnydo Did you check whether /etc/services was the issue? See https://github.com/PowerShell/PowerShell/issues/7342#issuecomment-477711182.

@arnydo Did you check whether /etc/services was the issue? See #7342 (comment).

Hey, what does /etc/services have to do with this particular issue? That isn't sarcastic...

haha, yes, that's a fair question! There is an issue with the native OMI library PowerShell uses on Linux that only crops up with NTLM authentication when /etc/services is missing, as it is in some Docker images (like the official PowerShell images, IIRC). See https://github.com/microsoft/omi/issues/623.

@danports I built a new image based on the latest Ubuntu 18.04 Powershell Dockerfile but with the addition of the RUN echo 'http 80/tcp www www-http' > /etc/services.

Same result...

Hmm, perhaps you're experiencing a different problem then. You might want to try enabling OMI logging inside the container - reviewing the OMI logs is what eventually helped me to diagnose my issue.

Doesn't look like omi is present at all in the Powershell images...is that even used in this case?

What do you mean by not present? You'll probably need to create the OMI log and configuration directories to enable logging - I don't think they are there by default.

@SteveL-MSFT, This is all well and good:

When remoting from Linux, you will likely need to explicitly use Basic auth. Negotiate requires additional libraries and configuration.

Except, it's not supported:

> Enter-PSSession -Credential $creds -ComputerName <HOSTNAME> -Authentication Basic -Verbose
Enter-PSSession : Basic authentication is not supported over HTTP on Unix.
At line:1 char:1
....

You'd think that such a useful feature, with multiple bug reports, would have been implemented and/or documented properly a year and a half later after the issue was first reported...

Which version of the Power shell

Just bumped against this too, using a rhel7.7 azure devops agent that needs to remote into a windows 2016 vm

Same issue.
Any solution or workaround?
CentOS 7 --> Server 2016

PS /tmp> Enter-PSSession -ComputerName "HostName"
Enter-PSSession : MI_RESULT_ACCESS_DENIED
At line:1 char:1
+ Enter-PSSession -ComputerName "HostName"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidArgument: (HostName:String) [Enter-PSSession], PSInvalidOperationException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed

I am also facing same issue
CentOS 7 --> Windows Server 2019
PowerShell 6.0.0 Beta 6

PS /root> Enter-PSSession -ComputerName "TEST.mydomain.com"
Enter-PSSession : MI_RESULT_ACCESS_DENIED
At line:1 char:1

• Enter-PSSession -ComputerName "TEST.mydomain.com"
• ~~~~~~~~~~~~~~
• CategoryInfo : InvalidArgument: (TEST.mydomain.com:String) [Enter-PSSession], PSInvalidOperationException
• FullyQualifiedErrorId : CreateRemoteRunspaceFailed

But if I try Invoke-Command it works
$dn='DomainNameAdministrator'
$pwsd='GiveYourPassword'
$ip='192.168.20.119'
$secpasswd = ConvertTo-SecureString $pwsd -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential -argumentlist $dn, $secpasswd

Now I have another interesting issue i.e. latency
Can someone please help?
If I use Powershell 6.2.3 RC build, Invoke-Command takes approx 30 sec. For more details #6531

The reason this wasn't working for me was that I didn't have the NTLM authentication package ( gssntlmssp) for my distro (CentOS) installed. Rather than fiddling with installing the correct packages, I took a look at the official Microsoft PowerShell docker image. Currently the folks over there have been working on adding NTLM support into the docker container (https://github.com/PowerShell/PowerShell-Docker/issues/124) and have every platform but Photon which prevents it from being added to latest.

Here's a workaround I used, YMMV. To run the PowerShell docker container on CentOS that should allow you to Enter-PSSession into Windows computers run the following
docker run -it mcr.microsoft.com/powershell:7.0.0-preview.6-centos-7 or docker run -it mcr.microsoft.com/powershell:preview (which should work on any platform), this will start up a docker container interactively and will give you a PowerShell command line at the end, which suited my needs (I did have to add -Authentication Negotiate on the Enter-PSSession though). When you exit the PowerShell terminal the docker container will stop and you'll need to rerun that command. Keep in mind it is a container so be mindful when attempting to use files. If a container doesn't suit your needs, read on.

I was able to successfully remote into things using that Docker container as a workaround. If you don't want to use the docker container then have a look at the Docker file in the PowerShell-Docker repo under /release/preview/ for the corresponding architecture and see what commands it's running to get the container up.

TL;DR Use the latest preview tagged Docker image for your architecture which will include the proper NTLM libraries. Alternatively, install gss-ntlmssp/gssntlmssp on your machine and it should solve most issues with Enter-PSSession.

Installing gss-ntlmssp as stated in #11374 solved this issue for me.
I'm using -Authentication Negotiate.

@SteveL-MSFT Please look previous comment. I believe we can close the issue and fix it in #11374

Installing gss-ntlmssp as stated in #11374 solved this issue for me.
I'm using -Authentication Negotiate.

It's solution.....

I still have this issue, on Ubuntu 20.04
Powershell installed today with snap.
I'm trying to Enter-PSSession -Authenthication Negotiate using my $creds.

~> snap list powershell
Name        Version  Rev  Tracking       Publisher              Notes
powershell  7.0.1    129  latest/stable  microsoft-powershell✓  classic

~> apt info gss-ntlmssp
Package: gss-ntlmssp
Version: 0.7.0-4build3
...
APT-Manual-Installed: yes

The error message is:

Enter-PSSession: Connecting to remote server 172.18.42.64 failed with the following error message : acquiring creds with username only failed Unspecified GSS failure.  Minor code may provide more information SPNEGO cannot find mechanisms to negotiate For more information, see the about_Remote_Troubleshooting Help topic.

Same here. Ubuntu 20.04, PowerShell 7.0.1 from Store. I guess the Snap package should be changed to add gss-ntlmssp?

PS /home/himura> Enter-PSSession -ComputerName ... -Credential ... -Authentication Negotiate

PowerShell credential request
Enter your credentials.
Password for user ...: ***************

Enter-PSSession: Connecting to remote server ... failed with the following error message : acquiring creds with username only failed Unspecified GSS failure.  Minor code may provide more information SPNEGO cannot find mechanisms to negotiate For more information, see the about_Remote_Troubleshooting Help topic.

I am also facing the same issue with the latest version of PowerShell (7.0.1).

Trying to connect to Windows 2012 from CentOS Linux 7.

As suggested by @BitDesert above, it works for me after installing gss-ntlmssp and with -Authentication Negotiate.

But there is a huge latency. Authentication itself takes around 20 seconds. Both the Linux and Windows machines are in the same subnet.

Any suggestion on how to reduce the latency?

Having the same issue here on Arch Linux with Powershell Core 7.0.0. Installing the gss-ntlmssp AUR package and using -Authentication Negotiate did not solve the problem. Still get:

PS /home/jon> Enter-PSSession -Credential $credentials -Authentication Negotiate -ComputerName 192.168.1.203
Enter-PSSession: Connecting to remote server 192.168.1.203 failed with the following error message : acquiring creds with username only failed Unspecified GSS failure.  Minor code may provide more information SPNEGO cannot find mechanisms to negotiate For more information, see the about_Remote_Troubleshooting Help topic.

Hey guys, op of PowerShell/PowerShell-Docker#124 here.

You can literally just use the docker://mcr.microsoft.com/powershell:centos-7 container w/ podman/docker/rkt/whatev to get it to work. Just run the container w/ interactivity and a tty and it kicks you into pwsh. If it doesn't work, then check that the server you're trying to connect to is configured properly because tokens aren't exchanged across both platforms. Not all platforms support gssapi/ntlm, and I don't think they're any tests..but because of @RDIL's work, it's super straightforward regardless.

Downloading sha256:d06345b12b6 [=============================]   106 MB / 106 MB 
Downloading sha256:524b0c1e57f [=============================] 75.9 MB / 75.9 MB 
PowerShell 7.0.3
Copyright (c) Microsoft Corporation. All rights reserved.

https://aka.ms/powershell
Type 'help' to get help.

PS /> enter-pssession -computername 10.7.17.218 -Credential $u -Authentication negotiate

PowerShell credential request
Enter your credentials.
User: root
Password for user root: ************************************************

[10.7.17.218]: PS C:\Users\root\Documents> exit

This is literally what containers are for, so you don't have to fight with crazy deps to get a simple task handled.

If you're trying to get kerberos to work with it (instead of ntlm), I don't think the containers will work (despite gssapi supporting it) because you'll need to get your tgt with kinit and then get the gssapi library to see it. You can probably do some clever mounting to get its library to see your tgt w/ the container though.

I'd like to add that Linux Mint 20 has the same issue as Ubuntu 20.04.

I installed the package with snap and manually installed gss-ntlmssp via apt but I still get the error:

New-PSSession: [SERVER] Connecting to remote server SERVER failed with the following error message : acquiring creds with username only failed Unspecified GSS failure.  Minor code may provide more information SPNEGO cannot find mechanisms to negotiate For more information, see the about_Remote_Troubleshooting Help topic.