PS C:\util> invoke-command -ComputerName tgkw004 -ScriptBlock {get-service nscp}
[tgkw004] Connecting to remote server tgkw004 failed with the following error message : WinRM cannot complete the
operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and
that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM
firewall exception for public profiles limits access to remote computers within the same local subnet. For more
information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (tgkw004:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken
From the workstation
I run this
PS C:\util> winrm quickconfig
WinRM service is already running on this machine.
WSManFault
Message
ProviderFault
WSManFault
Message = WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again.
Error number: -2144108183 0x80338169
WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again.
PS C:\util> Enable-psremoting
WinRM is already set up to receive requests on this computer.
Set-WSManQuickConfig : <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2150859113"
Machine="localhost"><f:Message><f:ProviderFault provider="Config provider"
path="%systemroot%\system32\WsmSvc.dll"><f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"
Code="2150859113" Machine="TGKW004.our.network.tgcsnet.com"><f:Message>WinRM firewall exception will not work since
one of the network connection types on this machine is set to Public. Change the network connection type to either
Domain or Private and try again. </f:Message></f:WSManFault></f:ProviderFault></f:Message></f:WSManFault>
At line:116 char:17
+ Set-WSManQuickConfig -force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Set-WSManQuickConfig], InvalidOperationException
+ FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.SetWSManQuickConfigCommand
PS C:\util>
PS C:\util> $PSVersionTable
Name Value
---- -----
PSVersion 5.1.16299.1146
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.16299.1146
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
I tried upgrading to powershell 6.2.2 but that did not make any difference
This is not a firewall acl issue, but the fact you are using the Public firewall and not for a Domain or the Private firewall. The answer is in the error message as Olaf has already stated. You will need to enable to Domain or Public Firewall as well or have all three disabled. Disabling the firewall in Windows is not recommended unless you have a 3rd party firewall to replace it.
You set up your Microsoft Firewall included in your Windows operating system with one of 3 network types - Private, Domain or Public. In one of them - Public - the Firewall exception does not work as you wich it to work. So you have to use either the Domain profile - what’s recomended if your computer is a domain joined computer - or the Privat profile.
I’ve run into a similar issue in the past that was caused by multiple network adapters being present on a domain-joined computer, which one was set to DomainAuthenticated and the other, Public. Because WinRM applies to all adapters by default, if just one is Public, you’ll get an error enabling WinRM/PSRemoting.
PS C:\util> Enable-PSRemoting -force
WinRM is already set up to receive requests on this computer.
WinRM is already set up for remote management on this computer.
PS C:\util> winrm quickconfig
WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.
PS C:\util> Enable-PSRemoting -force
WinRM is already set up to receive requests on this computer.
WinRM is already set up for remote management on this computer.
PS C:\util>
Do I need to restart the computer?
After making the change to private
I still get the
PS C:\util> invoke-command -ComputerName tgkw004 -ScriptBlock {get-service nscp}
[tgkw004] Connecting to remote server tgkw004 failed with the following error message : WinRM cannot complete the
operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and
that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM
firewall exception for public profiles limits access to remote computers within the same local subnet. For more
information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (tgkw004:String) , PSRemotingTransportException
+ FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken
PS C:\util>
This error can come because of many reasons. Did you read about_Remote_Troubleshooting doc ? you can read by executing Get-Help about_Remote_Troubleshooting. Additional to it, check the state of Windows Firewall service, it should be running as well.
First is the default HTTP port, second is the default HTTPS port.
If neither of those are accessible then it’s most likely a firewall issue, if the TcpTestSucceeded is “true” then it’s a WinRM configuration issue.
Are you using Wifi or Ethernet? If you are on Wifi it could be that your Security Admins have configured wifi to be classified as Public instead of Domain Authenticated via GPO. Try using Ethernet instead, you want to see DomainAuthenticated for NetworkCategory if your computer is connnected to a domain. I would also ask why are you using invoke-command for Get-Service when you can just provide the computername?
Here’s my script to enable powershell remote in windows 10. It’s a PITA to get right. You don’t have to be on a domain. Don’t forget to set trustedhosts on the other end.
If you hadn’t tried it, you could have used ipconfig /registerdns to initialize/update name registration with DNS (no reboot required either) and avoid the domain rejoin.
first thing: thank you all for the infos that helped me figure out how to configure winRM. Now everything seems to work just fine. Here’s my concern: is it norma that whenever i issue a command (like get-process -computername MyRemoteComputer) i have to wait 10-15 seconds before i can see any output on screen?
I am studing powershell in a LAN enviroment with a laptop connected via wireless (the client) and a desktop connected via ethernet (the remote host).
Is there anything i can check to get faster response from the remote computer?