How to Solve the Powershell Remoting Double-Hop Issue with Constrained Delegation?

Constrained delegation can be tricky. It typically requires that the entity performing the authentication on the first hop needs to be the one granted permission to delegate. I recommend testing out access to resources like SMB shares for simplicity. You can set it up with:
`Set-ADComputer host1.domain.com -Add @{'msDS-AllowedToDelegateTo' = @('cifs/host2')}` and ensure that all relevant SPNs are configured on your accounts.

You might just need to pass credentials directly. You can modify your script block to include a Credential parameter for the second hop. Something like this should work:
`$Credential = Get-Credential; Invoke-Command -ComputerName winrm1.mydom.corp -ScriptBlock { Invoke-Command -ComputerName winrm2.mydom.corp -ScriptBlock { hostname } -Credential $using:Credential }`.

From what I gathered from the docs, make sure to set the correct delegation permissions. You might want to try granting resource-based Kerberos constrained delegation with a command like:
`Set-ADComputer -Identity $ServerC -PrincipalsAllowedToDelegateToAccount $ServerB`. Also, check if your user account has the delegation rights:
`Set-ADUser -Identity "username" -TrustedForDelegation $true`. Don’t forget to use `-Authentication Kerberos` on your Invoke-Command as well.

This double-hop issue is quite annoying! If the current setup doesn’t work, you might try using CredSSP or fall back to unconstrained delegation as a temporary fix. A lot of us have been in the same boat, unfortunately.

Honestly, I would just connect directly to your second server instead of going through the first. It simplifies things significantly and avoids the double-hop problem. But if you need to stick with delegation, consider using CredSSP, though it’s not typically preferred.