When trying to add a System Center Virtual Machine Manager 2008 host in a remote domain configured with an external trust, you receive the following error:
Error (2917) Virtual Machine Manager cannot process the request because an error occurred while authenticating server1.domain.com. Possible causes are: 1) The specified user name or password are not valid. 2) The Service Principal Name (SPN) for the remote computer name and port does not exist. 3) The client and remote computers are in different domains and there is not a two-way full trust between the two domains. (The network path was not found (0x80070035))
This occurs because WinRM requires Kerberos authentication. When WinRM tries to authenticate against servers in an external trust it defaults to use NTLM authentication and WinRM authentication fails, generating the error 2917 / 0x80070035.
To resolve this issue, change the trust to be a cross-forest trust. This will allow for Kerberos authentication and WinRM will authenticate as designed. Once this occurs you will be able to successfully add the host to SCVMM.
Depending on your environment, you may also have to apply KB971244 after you change to a cross-forest trust due to increased token sizes that are generated with cross-forest trusts.
Justin Luyt | SCVMM Senior Support Engineer
Does this also apply to SCVMM 2012?