SCVMM 2008: Fix for adding host in external trusted domain fails with error 2917 issue

When trying to add a System Center Virtual Machine Manager 2008 host in a remote domain configured with an external trust, you receive error, because WinRM requires Kerberos authentication. When WinRM tries to authenticate against servers in an external trust it defaults to use NTLM authentication and WinRM authentication fails, generating the error 2917 / 0x80070035. To […]

When trying to add a System Center Virtual Machine Manager 2008 host in a remote domain configured with an external trust, you receive error, because WinRM requires Kerberos authentication. When WinRM tries to authenticate against servers in an external trust it defaults to use NTLM authentication and WinRM authentication fails, generating the error 2917 / 0x80070035. To resolve, change the trust to be a cross-forest trust. This’ll allow for Kerberos authentication and WinRM’ll authenticate as designed. Once this occurs you’ll be able to successfully add the host to SCVMM.Depending on your environment, you may also have to apply KB971244 after you change to a cross-forest trust due to increased token sizes that’re generated with cross-forest trusts.