0

How do I restore WinRM on a Windows 2008 R2 machine back to it's 'out-of-the-box' state? Or alternatively, how do I get WinRM to start talking to me again?

I'm logged in as administrator via RDP. Any attempt to access or configure winrm is met with Access is Denied.

I have 3 other servers where WinRM works fine.

At some point in the last 2 months WinRM has become inaccessible on the 4th server.

I have spent about 2 days reading, researching, and trying different things to get WinRM working again. Here are a few:

LocalAccountTokenFilterPolicy is set to 1
Firewall rules are the same for all of the servers.
The Windows Remote Management service is up and running.

Here are some examples of what I'm seeing with various commands:

PS C:\> winrm id IdentifyResponse ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd ProductVendor = Microsoft Corporation ProductVersion = OS: 6.1.7601 SP: 1.0 Stack: 2.0

winrm quickconfig

PS C:\> winrm quickconfig WinRM already is set up to receive requests on this machine. WSManFault Message = Access is denied. Error number: -2147024891 0x80070005

winrm enumerate winrm/config/listener

PS C:\> winrm enumerate winrm/config/listener WSManFault Message = Access is denied. Error number: -2147024891 0x80070005 Access is denied.

Set-PSSessionConfiguration Microsoft.Powershell -ShowSecurityDescriptorUI

Performing operation "Set-PSSessionConfiguration" on Target "Name: Microsoft.PowerShell". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y Access is denied. At line:15 char:26 + if ((!$pluginName) -or <<<< !(test-path "$pluginDir")) + CategoryInfo : InvalidOperation: (:) [], InvalidOperationException + FullyQualifiedErrorId : WsManError Join-Path : Access is denied. At line:22 char:35 + $pluginFileNamePath = Join-Path <<<< "$pluginDir" 'FileName' + CategoryInfo : NotSpecified: (:) [Join-Path], InvalidOperationException + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.JoinPathCommand Test-Path : Cannot bind argument to parameter 'Path' because it is an empty string. At line:23 char:19 + if (!(test-path <<<< "$pluginFileNamePath")) + CategoryInfo : InvalidData: (:) [Test-Path], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed,Microsoft.PowerShell.Commands.Test PathCommand Get-Item : Cannot bind argument to parameter 'LiteralPath' because it is an empty string. At line:29 char:43 + $pluginFileName = get-item -literalpath <<<< "$pluginFileNamePath" + CategoryInfo : InvalidData: (:) [Get-Item], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed,Microsoft.PowerShell.Commands.GetI temCommand Set-PSSessionConfiguration : Session Configuration "Microsoft.PowerShell" is not a PowerShell based shell. At line:89 char:27 + Set-PSSessionConfiguration <<<< $args[0] $args[1] $args[2] $args[3] $args[4] $args[5] $args[6] $args[7] $args[8] + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Set-PSSessionConfiguration

and Server Manager

Server Manager - Configure Server Manager Remote Management

Improve this question
3

1 Answer 1

Reset to default
0

I have discovered that, on the affected server, access to winrm is limited to members of a single, custom Group (Local Users and Groups). Adding the administrator users to that Group enables access for those users.

Now I am trying to figure out how access was limited to members of the custom group. My consolation is that the IT specialists at our hosting company haven't figured it out yet either.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.