Remote WMI query failing with 'A security package specific error occurred' when using Azure Active Directory user

Question

I'm attempting to query a remote machine with the PowerShell cmdlet: Get-WmiObject and using credentials for a user in Azure AD that has the Azure AD joined device local administrator role and the IAM role assignment of Virtual Machine Administrator Login on the remote machine.

When I run the following command:

Get-WmiObject -Class Win32_Process -Namespace "root/cimv2" -ComputerName <remote_computer_local_ip> -Impersonation Impersonate -Credential AzureAD\<username>

I receive the following error message:

Get-WmiObject : A security package specific error occurred. (Exception from HRESULT: 0x80070721)

Is the ability to run remote WMI queries supported when using an Azure AD user?

Remote machine specs:

• Windows Server 2019 Datacenter
• 10.0.17763 Build 17763

Other troubleshooting notes:

• I'm able to sign to the remote machine with the same user and have followed the steps in the https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows document
• When running the same command on the remote machine locally it properly returns the Win32_Process data
• If I use the local administrator credentials on the remote command it also works which suggests that remote WMI is working
• Both computers are Azure AD joined and show AzureAdJoined : YES from the dsregcmd /status command
• I've attempted to use the Computer Name, Local IP, and FQDN and they all yield the same result

Answer 1

After talking with Microsoft support about this issue, it seems that the error stems from the different authentication methods between a local user account and an Azure AD account.

It seems it is not supported as they are using different authentication protocols. Azure AD user uses OAuth and the security error is due to Kerberos.

Here is the reference article for more details: Authentication protocols in Azure Active Directory B2C | Microsoft Docs

They have also mentioned that there is no current information on whether or not this will be supported in the future and have recommend checking Azure updates for future product updates.

Answer 2

It could happen for number of reasons. Please check if any of these in your case is the one.

1. When You try to setup a WMI session when:

a. There are more than one computer accounts with the same name in play and one of those stale computer accounts resides in the same domain as your user account

b. Or when servers operating reside in the same AD DS forest but in different domains.

2. When server is not able to find the user object due to password credentials that may be stored as cache from previous login.
3. Incorrect time on machines/server that doesn’t match.
4. If firewalls are enabled for server which may restrict the access.

possible work arounds

1. Try azuread\user@mydomain.com or user@mydomain.com or domainame\username format to login or Try taking out the domain and adding it back again.
2. The local PC and remote PC must be in the same Azure AD tenant.
3. Run AAD delta Sync to make sure everything is Synced and make sure of internet connectivity and network.
4. Try if you can turn off firewall.

References:

1. remote access - AAD- Server Fault
2. rdp -Azure AD Joined - Server Fault
3. «0x80070721 | exchange12rocks.org)
4. A security package specific error occurred | Microsoft Docs