PyWinRM

发表于 2016-12-20 更新于 2021-11-27 Disqus：

PyWinRM

Double Hop/Second Hop

Active Directory ?  ????????'EXCHANGE\administrator'????????
At line:3 char:1
+ Get-Mailbox
+ ~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [], ADInvalidCredentialExcepti 
on
+ FullyQualifiedErrorId : [Server=WIN-2KOQERQDJNK,RequestId=1cdf09dc-9711- 
4dbb-99a7-555fbf562855,TimeStamp=2016/12/20 6:38:06] [FailureCategory=Cmdl  
et-ADInvalidCredentialException] E5C063D1

登录到本机的PowerShell执行一些命令是没问题的，当需要加载Exchange的PowerShell时，就会遇到Double Hop或者叫Second Hop问题
目前PyWinRM提供的支持Double Hop的方式是起用WinRM CredSSP

https://github.com/diyan/pywinrm#enabling-winrm-on-remote-host

Enable WinRM CredSSP authentication. This allows double hop support so you can authenticate with a network service when running command son the remote host. This command is run in Powershell.

1 2	Enable-WSManCredSSP -Role Server -Force Set-Item -Path "WSMan:\localhost\Service\Auth\CredSSP" -Value $true

同时需要pip install requests-credssp和pip install pywinrm[credssp]

但是目前pip库中的pywinrm是有问题的，是不提credssp组件的。所以需要从git源码python setup.py install

然后在winrm.Session的时候添加transport=“credssp”

credssp: Will use CredSSP authentication for both domain and local accounts. Allows double hop authentication. This only works over a HTTPS endpoint and not HTTP.