Enabling CredSSP Authentication


CredSSP delegates the users credentials from one computer to another remote computer. When the remote server is located in a domain that differs from that of the Applications Manager's server domain, or is in the same domain and experiences a 'double-hop' issue, then CredSSP authentication should be utilized. This is used for Active Directory, SharePoint Server and Exchange Server monitors for some specific metrics.

Steps to enable CredSSP Authentication

Perform the following steps on the Remote Server:

  1. Open Windows PowerShell as Administrator and execute the below commands in the Administrator PowerShell:

    Enable-WSManCredSSP -Role Server

  2. Open gpedit.msc and go to Local Computer Policy -> Computer Configuration -> Administrative Templates -> System -> Credentials Delegation

    - Enable Encryption Oracle Remediation and set Protection Level to Mitigated (Optional)

Perform the following steps on the Applications Manager server:

Note: Replace <HostName> with the hostname of the Remote Server.

  1. Open Windows PowerShell as Administrator and execute the below commands in the Administrator PowerShell:

    Enable-WSManCredSSP -Role client -DelegateComputer <HostName>

  2. Open gpedit.msc and go to Local Computer Policy -> Computer Configuration -> Administrative Templates -> System -> Credentials Delegation

    - Enable Allow delegating fresh credentials and set value "wsman/<HostName>"
    - Enable Allow delegating fresh credentials with NTLM-only server authentication and set value "wsman/<HostName>"

  3. In the Administrator PowerShell run the below command:

    $testSession= New-PSSession -ComputerName <HostName> -Authentication Credssp -Credential Get-Credential

If Session is created without any error in the Edit Monitor page, enable the Use CredSSP authentication option and update the monitor.