对 CredSSP 进行故障排除Troubleshoot CredSSP

适用于 Azure Stack HCI 版本 v20H2Applies to Azure Stack HCI, version v20H2

某些 Azure Stack HCI 操作使用 Windows 远程管理 (WinRM),该功能默认情况下不允许凭据委派。Some Azure Stack HCI operations use Windows Remote Management (WinRM), which doesn't allow credential delegation by default. 若要允许委派,计算机需要暂时启用凭据安全支持提供程序 (CredSSP)。To allow delegation, the computer needs to have Credential Security Support Provider (CredSSP) enabled temporarily. CredSSP 是一种安全支持提供程序,支持客户端将凭据委派给目标服务器以进行远程身份验证。CredSSP is a security support provider that allows a client to delegate credentials to a target server for remote authentication.

启用 CredSSP 意味着安全状态降级,在大多数情况下,应在任务或操作完成后禁用。Enabling CredSSP is a degraded security posture, and in most circumstances should be disabled after the task or operation is completed.

需要启用 CredSSP 的某些任务包括:Some tasks that require CredSSP to be enabled include:

  • 创建群集向导工作流Create cluster wizard workflow
  • Active Directory 查询或更新Active Directory queries or updates
  • SQL Server 查询或更新SQL server queries or updates
  • 查找不同域或未加入域的环境中的帐户或计算机Locating accounts or computers on a different domain or non-domain joined environment

故障排除提示Troubleshooting tips

如果遇到关于 CredSSP 的问题,以下故障排除方法可能会有所帮助:If you experience issues with CredSSP, the following troubleshooting tips may help:

  • 运行创建群集向导时,如果未建立 Active Directory 信任或该信任中断,则 CredSSP 可能会报告问题。When running the Create cluster wizard, CredSSP may report an issue if an Active Directory trust isn't established or is broken. 当将基于工作组的服务器用于群集创建时,会产生这种结果。This results when workgroup-based servers are used for cluster creation. 在这种情况下,请尝试手动重启群集中的每个服务器。In this case, try manually restarting each server in the cluster.

  • 在服务器(服务器模式)上运行 Windows 管理中心时,请确保用户帐户是网关管理员组的成员。When running Windows Admin Center on a server (service mode), make sure the user account is a member of the Gateway administrators group.

  • 若要在服务器上启用或禁用 CredSSP,请确保你是该计算机上的网关管理员组中的一员。To be able to enable or disable CredSSP on a server, make sure you belong to the Gateway administrators group on that computer. 有关详细信息,请参阅配置用户访问控制和权限的前两个部分。For more information, see the first two sections of Configure User Access Control and Permissions.

后续步骤Next steps

有关 CredSSP 的详细信息,请参阅凭据安全支持提供程序For more information on CredSSP, see Credential Security Support Provider.