5

I have PSRemoting working on 90% of my servers. But there are a handful that I'm not sure what's going on with them. Server 2016.
Most of them are Hyper-V hosts, but not all.

  • Enable-PSRemoting -Force works. The Windows Firewall is set to accept.

  • Test-WSMan error is Code="2150858770".

  • Test-NetConnection -ComputerName remoteserver -port 5985 shows success.
  • Telnet with Putty to 5985 shows Software caused connection abort
  • The listener is set by GPO and on port 5985 with * in TrustedHosts. And this is verified by netstat -abn.
  • I can get Properties in wmimgmt.msc both locally and remotely.
  • With a Wireshark packet trace (I set the Capture Filter to port 5985), I get [SYN], [SYN,ACK], [ACK], [PSH,ACK], a POST, then [RST,ACK].
  • The Windows Firewall log shows the packet accepted.

Any ideas or things I could try?

UnknownGnome
  • 51
  • 4
  • 1
    Nice question. Welcome to Servfault and thanks for contributing. Interesting in seeing what the answer might be. Cheers and Happy New Year! – Citizen Dec 31 '19 at 20:33
  • Seems that WinRM is not working, can you use [winrm quickconfig](https://docs.microsoft.com/en-us/windows/win32/winrm/installation-and-configuration-for-windows-remote-management) and see if it works ? If not, I suggest you to read the following log (client side and server side) and see if you can find interesting informations: _Event Viewer -> Application and services logs -> Microsoft -> Windows -> Windows Remote Management -> Operational_ – Swisstone Jan 01 '20 at 00:02
  • winrm quickconfig is successful. The client event log shows: WSMan operation CreateShell failed, error code 2150858770 – UnknownGnome Jan 02 '20 at 18:37
  • What happens when you try either Enter-PSSession or Invoke-Command with one of these hosts (what's the error). Are these hosts on the same domain, behind a load balancer, any BOM edits being made to the packets, are you connecting using kerb, negotiate, credssp? – Colyn1337 Jan 02 '20 at 19:57
  • Enter-PSSession error: ```The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:1``` – UnknownGnome Jan 02 '20 at 20:44
  • Same domain. No load balancer or BOM edits. Connecting with negotiate. – UnknownGnome Jan 02 '20 at 20:45
  • This [stack](https://serverfault.com/questions/878052/events-logs-are-not-collected-but-event-collection-subscriptions-are-active) and [this one](https://serverfault.com/questions/775572/winrm-will-not-work-error-code-2150858770) look relevant, as does this [forum thread](https://social.technet.microsoft.com/Forums/Lync/en-US/f986e603-3f59-4b56-8045-57fd985aba38/wsman-operation-createshell-failed-error-code-2150858770?forum=winservergen) – RichVel Jan 06 '20 at 18:20
  • Late comment, but I would also suggest checking to see if the non-working servers have TLS 1.1 and (or at least now in 2021) TLS 1.2 enabled. An SSL version mismatch can cause RSTs. – SamErde Jun 29 '21 at 20:09

0 Answers0