In this post we will take a look how we can we add a vCO powershell host with account other than the default domain administrator account. Also we will take a look how to generally configure which accounts and user groups can remotely execute powershell commands in Windows.
This post assumes that you have already configured vCO and the domain for Kerberos authentication and configured WinRM. If you haven’t you can find the steps necessary to do it in the Using CredSSP with the vCO Powershell Plugin post.
Goal/Issue
This blog post will resolve the following goals/issues:
• vCO: When you try to add a powershell host with an account that is not the default domain administrator account, the operation fails with error: Unauthorized Access. Authentication mechanism requested by the client may not be supported by the server. (Dynamic Script Module name : addPowerShellHost#16
• vCO: When you try to add a powershell host with an account that is not the default domain administrator account, the operation fails with error:<f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="5" Machine="lan1dc1.vmware.com"> <f:Message>Access is denied.</f:Message>
• vCO: You want to use custom user account (other than the default domain administrator account) under which the vCO will execute powershell commands and this is the account with which the Powershell host will be added.
• PS: You want to grant customer user accounts or security groups the permissions to be able to remotely execute powershell commands on a windows machine.
Adding vCO Powershell Host with account other than the default domain administrator account
Best Regards / Поздрави
Spas Kaloferov| Technical Solutions Architect