Share via

Getting error in connecting with remote Windows server using WinRM: WinRM cannot complete the operation.

Anonymous
2024-01-24T11:30:02+00:00

Hello Community,

I am currently encountering an issue connecting to a remote Windows Server using WinRM. Despite ensuring the server's validity, network accessibility, and enabling the necessary WinRM firewall exception, the connection is unsuccessful. I am able to connect to other windows servers but facing this issue in few servers only. Any guidance or insights on troubleshooting and resolving this matter would be highly appreciated.

Error:

Connecting to remote server HKJAUTDVM failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic. + CategoryInfo : OpenError: (:String) [], PSRemotingTransportException + FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken

Here are the troubleshooting steps i have tried:

  1. WinRM Service Status: Running
  2. Network Connectivity:

Test-NetConnection Server_name -Port 5985 Successful

Test-NetConnection Server_name -Port 5986 Successful

Telnet on 5985/5986 Successful

  1. Firewall for WinRM:

Firewall rules allow to everyone for WinRM (TCP port 5985 for HTTP, 5986 for HTTPS).

4.WinRM Config:

winrm get winrm/config

winrm enumerate winrm/config/listener : listener (HTTP or HTTPS) is enabled and listening

Trusted Hosts *

Set-Item wsman:\localhost\client\trustedhosts *

Restart-Service WinRM

  1. Authentication and Permissions: https://woshub.com/enable-winrm-management-gpo/ User account executing the Invoke-Command has the necessary permissions on the remote server.
  2. Enable in Group Policy: https://woshub.com/enable-winrm-management-gpo/
  3. Checked with Network team, Traffic is going from Source to Destination on 5985 Port when we try to login remotely.
  4. Checked with Administrator account but still getting same error.
  5. Checked if any Proxy is running, no proxy is running on the server
  6. I am able to connect using RDP to the remote server.

Reference:

https://helpcenter.gsx.com/hc/en-us/articles/202447926-How-to-Configure-Windows-Remote-PowerShell-Access-for-Non-Privileged-User-Accounts#:~:text=To%20validate%20remote%20PowerShell%20connectivity,Credential%20Get%2DCredential%20%2DAuthentication%20kerberos

https://docs.microfocus.com/doc/Operations_Orchestration/2018.12/Use/PowerShell_Wizard_Remoting https://serverfault.com/questions/1002098/winrm-will-not-connect-to-remote-computer-in-my-domain

Windows Server Accessibility

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-01-26T01:55:51+00:00

    Hello     SVC_Digital-XC,

    Thank you for posting in Microsoft Community forum.

    Based on the information you have provided, it seems that you have already tried several troubleshooting steps to resolve the issue. Here are a few additional steps you can try:

    1. Check if the remote server is added to the TrustedHosts list on the local computer. You can use the command "winrm s winrm/config/client '@{TrustedHosts="RemoteServer"}'" to add it.
    2. Check if the remote server has the necessary WinRM service startup type. You can do this by running the following command on the remote server: "Get-Service WinRM | Select-Object StartType". This will show you the current startup type of the WinRM service.
    3. Check if the remote server has the necessary WinRM service dependencies. You can do this by running the following command on the remote server: "Get-Service WinRM | Select-Object DependentServices". This will show you the current dependencies of the WinRM service.
    4. Check if the remote server is using a self-signed certificate. If it is, you may need to import the certificate into the local computer's Trusted Root Certification Authorities store.
    5. Try using a different authentication method such as Kerberos or NTLM.

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,

    Haijian Shan

    0 comments