2

Using 2 machines, a local and a remote (with an address marked as remoteAddress), I'm trying to run this on the local machine:

Invoke-Command -ComputerName remoteAddress -ScriptBlock { dir c:\ }

but I get this error:

[remoteAddress] Connecting to remote server remoteAddress failed with the
following error message : WinRM cannot complete the operation. Verify that
the specified computer name is valid, that the computer is accessible over
the network, and that a firewall exception for the WinRM service is enabled
and allows access from this computer. By default, the WinRM firewall exception
for public profiles limits access to remote computers within the same local
subnet.
For more information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (remoteAddress:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken

I followed fixes to similiar situations. What I've checked:

  • Pinging to the remote address was successful.

  • On both machines Enable-PSRemoting -Force returned

    WinRM is already set up to receive requests on this computer.
WinRM is already set up for remote management on this computer.

  • on both machines Set-WSManQuickConfig returned

    WinRM is already set up to receive requests on this computer.
WinRM is already set up for remote management on this computer.

But still, I get this error trying to connect to the remote machine.

I ran test-wsman -ComputerName _remote-machine_ -Port 5985 from my local-machine And I got this error:

test-wsman : WinRM cannot complete the operation. Verify that the specified computer
name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service
is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits
access to remote computers within the same local subnet. 
At line:1 char:1
+ test-wsman -ComputerName _remote_ -Port 5985
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (_remote-machine_:String) [Test-WSMan], InvalidOperationExcept
   ion
    + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.TestWSManCommand
rotemp
  • 63
  • 1
  • 1
  • 8
  • The error message points you towards [`Get-Help about_Remote_Troubleshooting`](https://technet.microsoft.com/en-us/library/hh847850.aspx). Did you follow the instructions given there? – Ansgar Wiechers Nov 20 '16 at 11:37
  • Yes, I changed the policy settings and enabled the following: Computer configuration>Administrative Templates>Windows Components> Windows Remote Management (WinRM)>WinRM Service -Allow remote server management through WinRM -Allow CredSSP authentication -Turn On Compatibility HTTP Listener -Turn On Compatibility HTTPS Listener Windows Remote Shell -Allow Remote Shell Access Network>Network Connections>Windows Firewall>Domain Profile -Windows Firewall: Allow ICMP exceptions -Windows Firewall: Allow local port exceptions But unfortunately, none of these steps has solved my problem. – rotemp Nov 21 '16 at 10:16
  • Are the computers in a domain or a workgroup environment? Can you telnet port 5985 on the remote host? – Ansgar Wiechers Nov 21 '16 at 10:23
  • The computers are in the same domain, 'telnet _remote-ip_ 5985' works. – rotemp Nov 21 '16 at 11:35
  • Check the output of `winrm get winrm/config` on both hosts. – Ansgar Wiechers Nov 21 '16 at 11:49
  • I marked in red the changes between the ‘winrm get winrm/config’ output in both machines [link](http://imgur.com/a/RJOyo?) – rotemp Nov 21 '16 at 12:55
  • Looks like the server is configured to use CredSSP, but the client isn't. – Ansgar Wiechers Nov 21 '16 at 13:57
  • I don't think that this is the problem. I changed the CredSSP values in both of the machines to be true and false together but the error remain the same. What do you think about the [source=”GPO”]? – rotemp Nov 21 '16 at 15:18
  • AFAICT it's just indicating that the setting was applied via GPO. – Ansgar Wiechers Nov 21 '16 at 15:29

3 Answers3

0

Did you add the remotes to your local trusted host list? If not you can add them via

winrm s winrm/config/client '@{TrustedHosts="RemoteComputer"}'
Ansgar Wiechers
  • 193,178
  • 25
  • 254
  • 328
Moerwald
  • 10,448
  • 9
  • 43
  • 83
  • Thanks for your response! I ran it and this is the output: Client NetworkDelayms = 5000 URLPrefix = wsman AllowUnencrypted = false Auth Basic = true Digest = true Kerberos = true Negotiate = true Certificate = true CredSSP = true DefaultPorts HTTP = 5985 HTTPS = 5986 TrustedHosts = * But it still not works... – rotemp Nov 21 '16 at 10:20
  • This is for computers in a workgroup environment. Do not use it for domain members. – Ansgar Wiechers Nov 21 '16 at 11:51
  • Are the ports 5985, 5986 may be occupied by another process? You could also try `test-wsman`, maybe it delivers some usefull hints. – Moerwald Nov 21 '16 at 12:28
0

Do you have an active remote session, like Remote Desktop, to the computer?

I have experienced that that can be the only reason for Invoke-Command to fail.

Smorkster
  • 322
  • 3
  • 10
0

Make sure your NetConnectionProfile should be Private. enter image description here

And here is the reason for the public profile. enter image description here

In my case, it got worked after changing NetConnectionProfile as Private from Public. I hope this works for you.

NARENDER
  • 11
  • 1