The double-hop problem
The double-hop problem describes a scenario in PowerShell where remoting is used to connect to a host and the remote host tries to connect to another resource. In this scenario, the second connection, the second hop, fails because authentication cannot be implicitly passed.
The command below would cause a double-hop problem:
Invoke-Command -ComputerName WEB01 -ScriptBlock {
Get-Content \\FS01\share\somefile.txt
}
The connection from the client to the server WEB01 is the first hop and the credentials of the current user are acceptable for this. The connection from WEB01 to FS01 (using an SMB file share) is a second hop and will fail.
The same can be seen for any service that requires an authenticated request. For example, the Microsoft Active Directory module:
Invoke-Command -ComputerName FS01 -ScriptBlock {
$adUser = Get-ADUser -Identity username
}
This time the second hop is from FS01 to the Active Directory web services gateway...
