5

I have a virtual testing environment for developing scripts. As .NET isn't capable of all the possibilities PowerShell offers I use Remote PowerShell Runspaces.

My problem is now, that I can't reach the WinRM-Service on the FileShare-Memberserver, although the service is running.

fail message

Initial Situation:

  • winrm quickconfig tells me that the service is running and configured on all parties.
  • If I run the command Test-wsman on the FileShare itself it isn't a problem either.
  • I obviously restarted the service a couple of times
  • With my remote script, I can reach the Exchange Shell on the FileShare, but not the MS PowerShell
  • I can connect to the server manually with the "Remote Desktop Connection"-Application
  • At one point I deactivated all firewalls, because I wanted to merge out the possibility that the request gets stopped there.

I made a quick drawing of the Server structure within my virtual testing Environment. (Red Arrows mean that the Test-WSMan command didn't work)

Server structure

I'm have no clue how to continue on with this problem. I've read so many things on the Internet which didn't help. I went through all the steps of the TechNet Blog "about_Remote_Troubleshooting". Most of all that that my script can reach the Exchange PS on the same server blows my mind. I asked a question on this topic on SO a couple of months ago, because I thought the ShellUri of my script was wrong, although it worked for the PS on the DC.

So if anybody has a hint for me what I could try next, I'd be very thankful.

Community
  • 1
GrindelOh
  • 155
  • 1
  • 1
  • 7
  • on the remote file server, have you looked at the winrm logs? + is remote registry service running on the file server? – Sum1sAdmin May 19 '16 at 12:05
  • @Sum1sAdmin The remote registry service is running. The winrm logs dont show up any errors immediatly if I use the command. It only has 2 errors from today with the same description: The WinRM service could not use the following listener to receive WS-Management requests. The listener is enabled but the listener does not have an IP address configured. – GrindelOh May 19 '16 at 12:40
  • `winrm get winrm/config/service` tells another story though.. Everything is up and set on default – GrindelOh May 19 '16 at 12:43
  • on the fileserver, what is the outpu of 'winrm enum winrm/config/listener' – Sum1sAdmin May 19 '16 at 12:48
  • @Sum1sAdmin Listerner [Source="GPO"], Address = (star), Transport = HTTP, Port = 5985, Hostname, Enabled = True, URLPrefix = wsman, CertificateThumbprint, Listening0n = null.. I also found a difference to the settings on my DC. IPv4/v6-Filter is set to [Source="GPO"] instead of "*" – GrindelOh May 19 '16 at 12:52
  • It's not listening (null) - now you need to look at the resultant set of policy [Source GPO] - group policy is preventing you from creating listeners on that fileserver – Sum1sAdmin May 19 '16 at 12:54

1 Answers1

3

As discussed in the comments, local group policy is blocking the winrm quick config from creating http listener on the server - to solve this conflict.

connect to the remote server run the group policy editor (start >> run >> gpedit.msc)

Expand Computer Configuration, Administrative Templates, Windows Components, Windows Remote Management, and then select 'Allow remote Server Management through WinRM'*

* Windows server 2008 might read 'allow automatic configuration of listeners'

enable it/ allow it. put an * in the IP filter to listen on on all IP's

enter image description here

run gpupdate

restart WinRM

Sum1sAdmin
  • 1,914
  • 1
  • 11
  • 20
  • Congrats on solving a mistery :P I just set the GPO on the DC and thougth it would count for all server within the domain. Also I expected `winrm quickconfig` to have this as a default setting. Thanks! – GrindelOh May 19 '16 at 13:38
  • I still dont understand though, how the remote interaction with the Exchange Shell on the same server worked before. :D – GrindelOh May 19 '16 at 13:39
  • exchange shell runs from IIS – Sum1sAdmin May 19 '16 at 13:42
  • Great post @Sum1sAdmin! In my case, the configuration was enabled, but both IPv4 and IPv6 were blank (misconfigured). So, therefore the listeners were null. Also, in my case the "local policy" was not consistent on my other boxes and we depend on very specific domain policies--so we just reset the local policy to Not Configured. Thanks again! – kirkpabk Aug 23 '18 at 15:10
  • you're most welcome! - happy hunting. – Sum1sAdmin Aug 24 '18 at 10:11