cannot enable PS Remoting - Access Denied

Hi All,

I have a Windows Server 2016 server running ADFS. I need to enable PS remoting on the servers however when I try to enable it I get the below error. I am running PowerShell as an Domain Administrator and have the required permissions

PS C:\Windows\system32> Enable-PSRemoting -Force
remove-item : Access is denied.
At line:69 char:21
+ ...                   remove-item -path "$securityIDPath" -recurse -force
+                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [Remove-Item], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.RemoveItemCommand

I cannot find what is the reason I am getting this error makes no sense to me.

any help would be appreciated.

thanks again

Regards

Shihan

Is this a new server install, any other Windows role on the box does not matter?

If this is Ws21 or 2012R2, then PS Remoting is enabled by default.

As for this error… Agreed it makes zero sense, unless something else is running on the box and thinks it should executed, and thus getting in the way of your effort.

Before trying to enable PS remoting:

  • Shutdown and cold start the box
  • Check the WinRM state on the box
  • test to see if it is already enabled / configured
wimrm quickconfig
Test-WSMan
https://social.technet.microsoft.com/wiki/contents/articles/19677.winrm-survival-guide.aspx

Hi Postanote,

thank you for the reply. The only role that is installed is ADFS. I have tried completely shutting down the server and rebooting it to no avail.

I have checked Winrm and tested results below

PS C:\Windows\system32> winrm quickconfig
WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.

PS C:\Windows\system32> Test-WSMan

wsmid           : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor   : Microsoft Corporation
ProductVersion  : OS: 0.0.0 SP: 0.0 Stack: 3.0

I think its something related to ADFS

on this blog post I have seen someone else have the same issue but, no clear indication on how to remediate it

https://blogs.technet.microsoft.com/rmilne/2017/05/26/psremoting-for-office-365-ad-fs-configuration/

any ideas

thanks again

 

Hi All,

After various troubleshooting, i have concluded that this is due to ADFS 4.0 been installed. I have verified this by removing the ADFS server role and then attempting to Enable PowerShell Remoting with success.

however after re-installation of the ADFS 4.0 (server 2016) role i cannot enable PowerShell Remoting again.

I am not going to say its a bug as I am not 100% if this is by design or some sort of restriction. But it does cause an issue if you need to update the ADFS Farm Behavior Level to 2016 in a migration from ADFS 3.0 (2012) as it uses PowerShell Remoting to perform the upgrade on all secondary ADFS servers

My workaround was rather straight forward as I only had 2 ADFS servers so I removed the secondary server from the ADFS farm and Removed the ADFS Server Role, Upgraded the FBL to 2016 then re added the Secondary ADFS server.

Thanks for all your help

Regards

Shihan