I am running a script from powershell that remotely executes from server A to server B and then outputs the file on share of server C. This was not possible until I made some recent changes in Active directory to allow "second hop". Specifically I checked all servers that get the script to "Trust this computer for delegation to specified services only" with service type cifs and computer C. This works perfectly on Windows server 2019, but on Server 2012 R2 I always get an error [Out-File], UnauthorizedAccessException. PS remoting is also enabled, and if I run the script directly from server B it successfully drops the file on server C's share.
I don't have any ideas left what to check. All windows servers 2019 have no problem.
PowerShell Remoting is a feature in PowerShell that lets administrators run commands on remote systems. And it is enabled by default in Windows Server 2012 R2. PowerShell Remoting uses Windows Remote Management (WinRM), to allow users to run PowerShell commands on remote computers.
By default, PowerShell Remoting uses Kerberos (if available) or NTLM for authentication. Both of these protocols authenticate to the remote machine without sending credentials to it.
And look at the error you are getting
UnauthorizedAccessExceptionwe can say that it's the "second hop problem", where the credentials you used to create the PowerShell Remoting session are not passed from ServerB to ServerC.Your problem can be solved by using Resource-based Kerberos constrained delegation, where you configure credential delegation on the server object where resources reside. In the second hop scenario, you configure ServerC to specify from where it accepts delegated credentials. Check this example to understand better.
Also read this document to understand and troubleshoot WinRM connection and authentication.