When trying to add a System Center Virtual Machine Manager 2008 host in a remote domain configured with an external trust, you receive error, because WinRM requires Kerberos authentication. When WinRM tries to authenticate against servers in an external trust it defaults to use NTLM authentication and WinRM authentication fails, generating the error 2917 / 0x80070035. To resolve, change the trust to be a cross-forest trust. This’ll allow for Kerberos authentication and WinRM’ll authenticate as designed. Once this occurs you’ll be able to successfully add the host to SCVMM.Depending on your environment, you may also have to apply KB971244 after you change to a cross-forest trust due to increased token sizes that’re generated with cross-forest trusts.
Get Latest News
Subscribe to Digital News Hub
Get our daily newsletter about the latest news in the industry.