locked
A call to SSPI failed, see inner exception RRS feed

  • Question

  • Hi Team,

    I create some scripts where I work, but since last week I can no longer run even a simple Get-<g class="gr_ gr_13 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="13" id="13">Aduser</g>.

    The way we are set up here is:

    We have Multiple domains, but I connect to Canadian one (local). We have a privileged account to run things as Admins - which is the use that I use to run Powershell.

    The error that I am getting is A call to SSPI failed, see <g class="gr_ gr_17 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep" data-gr-id="17" id="17">inner</g> exception, after running "$error[0]<g class="gr_ gr_22 gr-alert gr_gramm gr_inline_cards gr_run_anim Style replaceWithoutSep" data-gr-id="22" id="22">.Exception</g> | fl * -Force" I received the following:

    Message        : A call to SSPI failed, see inner exception.
    Data           : {}
    InnerException : System.ServiceModel.Security.SecurityNegotiationException: A call to SSPI failed, see inner exception. ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, 
                     see inner exception. ---> System.ComponentModel.Win32Exception: The system detected a possible attempt to compromise security. Please ensure that you can contact the server that 
                     authenticated you
                        --- End of inner exception stack trace ---
                        at System.Net.Security.NegoState.StartSendAuthResetSignal(LazyAsyncResult lazyResult, Byte[] message, Exception exception)
                        at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult)
                        at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult)
                        at System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential credential, String targetName, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel 
                     allowedImpersonationLevel)
                        at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
                        --- End of inner exception stack trace ---
                     
                     Server stack trace: 
                        at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
                        at System.ServiceModel.Channels.StreamSecurityUpgradeInitiatorBase.InitiateUpgrade(Stream stream)
                        at System.ServiceModel.Channels.ConnectionUpgradeHelper.InitiateUpgrade(StreamUpgradeInitiator upgradeInitiator, IConnection& connection, ClientFramingDecoder decoder, 
                     IDefaultCommunicationTimeouts defaultTimeouts, TimeoutHelper& timeoutHelper)
                        at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.SendPreamble(IConnection connection, ArraySegment`1 preamble, TimeoutHelper& timeoutHelper)
                        at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.DuplexConnectionPoolHelper.AcceptPooledConnection(IConnection connection, TimeoutHelper& timeoutHelper)
                        at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
                        at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
                        at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
                        at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
                        at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
                        at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
                        at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
                        at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
                        at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
                        at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
                        at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
                     
                     Exception rethrown at [0]: 
                        at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
                        at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
                        at Microsoft.ActiveDirectory.WebServices.Proxy.Resource.Get(Message request)
                        at Microsoft.ActiveDirectory.Management.AdwsConnection.SearchAnObject(ADSearchRequest request)
    TargetSite     : Void ThrowAuthenticationRelatedExceptionIfAny(System.ServiceModel.CommunicationException)
    StackTrace     :    at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowAuthenticationRelatedExceptionIfAny(CommunicationException exception)
                        at Microsoft.ActiveDirectory.Management.AdwsConnection.SearchAnObject(ADSearchRequest request)
                        at Microsoft.ActiveDirectory.Management.AdwsConnection.Search(ADSearchRequest request)
                        at Microsoft.ActiveDirectory.Management.ADWebServiceStoreAccess.Microsoft.ActiveDirectory.Management.IADSyncOperations.Search(ADSessionHandle handle, ADSearchRequest request)
                        at Microsoft.ActiveDirectory.Management.ADObjectSearcher.GetRootDSE()
                        at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase.GetRootDSE()
                        at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase.GetConnectedStore()
                        at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase.GetCmdletSessionInfo()
                        at Microsoft.ActiveDirectory.Management.Commands.SetADGroupMember`1.ProcessRecordOverride()
                        at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase.ProcessRecord()
    HelpLink       : 
    Source         : Microsoft.ActiveDirectory.Management
    HResult        : -2146233087

    I've been tried to figure this out for 1 week, read a lot of websites and most of them tell that it could be a permission issue. I then tried running a Get-<g class="gr_ gr_16 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="16" id="16">ADUSER</g> using my non-admin account, which worked, however, it won't allow me to make any modifications -not <g class="gr_ gr_779 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="779" id="779">enought</g> permission-.

    IF I run with my local user and set the credentials up front and run it with -Credentials it will work but then it will be a pain to add this on every single like that has a set- and what is driving me crazy is, it was working before and suddenly stopped, tried run on different machines, though that could be an update issue on mine, same problem.

    Hope you guys can give me a clue how to sort this out this is delaying all my projects =/





    Wednesday, February 27, 2019 3:44 PM

All replies

  • Your post is unreadable.  Please turn off Grammarly for this site or update Grammarly to the fixed version.


    \_(ツ)_/

    Wednesday, February 27, 2019 7:22 PM