On a freshly deployed workstation I was testing an application package.
Whenever I’d like to validate the installation I run this from a command prompt with SYSTEM privileges (like Configuration Manager does).
To open a command prompt with these privileges I use:
psexec /s /i cmd
In this occasion, psexec returned:
Error establishing communication with PsExec service on [HOSTNAME]:
Access is denied.
Googling led me to:
This thread offers a bunch of possible solutions; however, none was working for me (maybe it is useful for you?).
In my case the issue was created by the security hardening of the workstation, the following local policy caused the “Access is denied” error message:
“Microsoft network server: Server SPN target name validation level”.
On my machine it was set to “Accept if provided by client”. The Windows 10 standard setting is “Not configured” which defaults to “None”.
If the setting is enabled it can be found in the registry at: