Why Enable-PSRemoting/Set-WSManQuickConfig can not "check the status of the firewall" running under Administrator on Windows 2012R2, Azure WebRole? How to fix this?
PS D:\Users\***User> enable-psremoting -force
WinRM is already set up to receive requests on this computer.
Set-WSManQuickConfig : <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2"
Machine="localhost"><f:Message><f:ProviderFault provider="Config provider"
path="%systemroot%\system32\WsmSvc.dll"><f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"
Code="2" Machine="RD***CA2"><f:Message>Unable to check the status of the firewall.
</f:Message></f:WSManFault></f:ProviderFault></f:Message></f:WSManFault>
At line:69 char:17
+ Set-WSManQuickConfig -force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Set-WSManQuickConfig], InvalidOperationException
+ FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.SetWSManQuickConfigCommand
OS Name: Microsoft Windows Server 2012 R2 Datacenter. OS Version: 6.3.9600 N/A Build 9600. Powershell: 4.0
PS.
Yes, there are:
Error PSRemoting using Session and CredSSP. No clear solution
Winrm quick config shows error . Rebooting/reimaging the instance does not help.
https://support.microsoft.com/en-us/kb/2697738. Hotfix (2012 year!) is not installed but then it needs installed each deployment?
https://technet.microsoft.com/en-us/library/hh849694.aspx. Has this message but that is for "client versions"
http://terenceluk.blogspot.ru/2012/05/executing-command-winrm-quickconfig.html Restarting firewall does not help
How to enable powershell remoting in Powershell V3?. No "HKLM:\SYSTEM\Policies\Microsoft\Windows Firewall" to change. restarting firewall service does not help.
Update.
Other valuable refs:
http://www.thomasmaurer.ch/2011/01/quick-powershell-remoting-guide/
http://www.davidaiken.com/2011/01/12/enable-powershell-remoting-on-windows-azure/
Get-Help about_Remote_Troubleshooting
In my case running this helped (manually creates the firewall rule):
netsh advfirewall firewall add rule name="Windows Remote Management (HTTP-In)" dir=in action=allow service=any enable=yes profile=any localport=5985 protocol=tcp
Taken from http://www.davidaiken.com/2011/01/12/enable-powershell-remoting-on-windows-azure/
I tried to enable winrm for ansible testing, nothing helped, the rules were in place. Changing the Windows display language from czech to english fixed my problem.
Related
I am wanting to access another windows device on my local network and run powershell commands. In my mind, it would be similar to SSH into a linux box. I would have an open window on my machine, but would be operating within the remote machine so that I can execute composer install or php artisan migrate type commands on the remote machine.
I have followed the instructions from:
https://www.howtogeek.com/117192/how-to-run-powershell-commands-on-remote-computers/
I am attempting to use
Enter-PSSession -ComputerName <RemoteComputerName> -Credential <RemoteUser>
When I run the command, I get a popup with the username populated and asking for a password. I have entered my MS password for the account. (I have changed the password from within Windows to ensure they are synced)
And I get the following error:
Enter-PSSession : Connecting to remote server <REMOTECOMPUTER> failed with the following error message : The WinRM client
cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not
joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts
configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not
be authenticated. You can get more information about that by running the following command: winrm help config. For
more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession -ComputerName <REMOTECOMPUTER> -Credential <USER>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (<REMOTECOMPUTER>:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
I can't seem to figure out how to do this. And, maybe more importantly, is there a better way/utility to accomplish my goal? The remote computer is hosting WAMP and I just want to be execute development commands remotely so I can move the RemoteComputer into the basement and not have to spin my chair around to type on it.
TIA
I have a Windows 10 host machine that connects to a Hyper-V Windows 10 VM hosted on the same box.
I've been following along the Pluralsight PowerShell tutorial.
I'm trying to get the services available on a remote computer.
I can start a session on the remote computer with the following command:
Enter-PSSession -ComputerName Client1 -Credential username
Once the session has started and I am connected, I attempt to call Get-Service to identify the services on the client computer.
[Client1]: PS C:\Users\username\Documents>Get-Service
When I run the above command, I get the following error message:
Remote host method get_WindowSize is not implemented.
+ CategoryInfo : ResourceUnavailable: (:) [out-lineoutput], PSRemotingDataStructureException
+ FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException,Microsoft.PowerShell.Commands.OutLineOutputCommand
I am running the same version of PowerShell on the host and client machines (5.1.18362.145).
I assume that somehow this is an issue on the client machine?
[Client1]: PS C:\Users\username\Documents>Get-Service | out-string
That should work, maybe a bug with PowerShell or new version of Windows 10
Other link : https://social.technet.microsoft.com/Forums/en-US/67142783-2acd-4d54-aef2-8d89d71457c5/powershell-remoting-broken-in-windows-10-1903?forum=winserverTS
"Remote host method get_WindowSize is not implemented."
This happens to all Remoting Sessions started With Powershell_ISE on the Client-Side.
The workaround with Out-String sucks, it destroys the Result-Object of that call.
Best fix so far is either using not ISE or embed your remote Procedure in a Script and call it with Powershell.exe
Really annoying...and not fixed by now.
Workaround Example: Instead of using enter-pssession and then asking for a result of running services, you could use: $YourServices=Invoke-command -ComputerName <computername> -ScriptBlock {get-service}. Then you have all Service-Stats in your Object $YourServices.
I am new to powershell and trying to run a .ps1 file in but am getting the following error.
Any help would be much appreciated!
[IP ADDRESS] Connecting to remote server [IP ADDRESS] failed with the following error message : The WinRM
cannot process the request. Default authentication may be used with an IP address under the following conditio
transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use
winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated.
information on how to set TrustedHosts run the following command: winrm help config. For more information, see
about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: ([IP ADDRESS]:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : CannotUseIPAddress,PSSessionStateBroken
PS C:\windows\system32> winrm help config
Your code looks like it requires you to update line 8 with actual computer names. The win rm error is likely coming from the net use or Copy-Item cmdlets.
I would highly recommend being careful when running arbitrary powershell scripts from the internet. You should break down what each line is doing and understand before executing.
I am enabling windows node for ansible. For this I am enabling http and https remote session in windows 7 using below command.
#powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((new-object net.webclient).DownloadString('https://github.com/ansible/ansible/raw/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))"
I am getting the below error in office.
Could you please help me on this?
At home in another laptop it is working fine.
+ Throw "Unable to establish an HTTP or HTTPS remoting session."
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (Unable to estab...moting session.:String) [], RuntimeException
+ FullyQualifiedErrorId : Unable to establish an HTTP or HTTPS remoting session.
I tried with below options:
set http_proxy=http://lsl5kor:N%40llapat12#jk-proxy-apac.india.com:8080/
set https_proxy=http://lsl5kor:N%40llapat12#jk-proxy-apac.india.com:8080/
set http_proxy=http://lsl5kor:N#llapat12#jk-proxy-apac.india.com:8080/
set https_proxy=http://lsl5kor:N#llapat12#jk-proxy-apac.india.com:8080/
set HTTP_PROXY=http://lsl5kor:N#llapat12#jk-proxy-apac.india.com:8080/
set HTTPS_PROXY=http://lsl5kor:N#llapat12#jk-proxy-apac.india.com:8080/
set HTTP_PROXY=http://lsl5kor:N%40llapat12#jk-proxy-apac.india.com:8080/
set HTTPS_PROXY=http://lsl5kor:N%40llapat12#jk-proxy-apac.india.com:8080/
i tried with all above details ...stil not working
Update:
Seems, connection created(Logged in). I observed below event log in windows machine
The WinRM service has received an unsecure HTTP connection from hostname.
This is not a secure configuration.
User Action
Set AllowUnencrypted to False in WinRM configuration to ensure packets are encrypted on the wire.
Thanks in advance.
You could be behind a proxy. If so try setting your proxy first:
set http_proxy=IP:Port
set https_proxy=IP:Port
Or you can goto your Control Panel->Internet Options->Connections->LAN Settings->Proxy servers.
All together:
set http_proxy=IP:Port
set https_proxy=IP:Port
#powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((new-object net.webclient).DownloadString('https://github.com/ansible/ansible/raw/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))"
I have been provided a new Server 2012 box to setup.
I'm trying to use powershell to install chocolatey
iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
and getting the error
Exception calling "DownloadString" with "1" argument(s): "The underlying connection was closed: An unexpected error
occurred on a receive."
At line:1 char:1
+ iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/in ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WebException
I can visit that URL in the browser.
At first I thought this was something to do with Chocolatey but then I realised that
(New-Object System.Net.WebClient).DownloadString('http://google.com'))
can download the html content
but
((New-Object System.Net.WebClient).DownloadString('https://google.com'))
fails with the same error
The underlying connection was closed: An unexpected error occurred on a receive.
The box:
is windows server 2012 build 9600
doesn't use a proxy
has the firewall turned off
I feel sure I'm doing something silly but can't see what...
--- Update ---
Based on this answer
I followed these steps:
```
1.In Control Panel, click Administrative Tools, and then double-click Local Security Policy.
2.In Local Security Settings, expand Local Policies, and then click Security Options.
3.Under Policy in the right pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing, and then click Enabled.
Ran gpupdate /force
```
After that the chocolatey install script can be downloaded but then fails with:
STDOUT: FIPS Mode detected - run 'choco feature enable -n useFipsCompliantChecksums'
to use Chocolatey.
When FIPS Mode is enabled, Chocolatey requires useFipsCompliantChecksums feature also be enabled.
STDERR:
---- End output of C:\ProgramData\chocolatey/bin/choco.exe list -l -r ----
Ran C:\ProgramData\chocolatey/bin/choco.exe list -l -r returned 1
Still feels like the GPO change shouldn't be necessary
It turns out this was as a result of TLS 1.0 being disabled in our server images in order to comply with PCI DSS 3.1.
Rolling back that change to the image resolved the powershell issue.
In the short term we can run
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 before using System.Net.WebClient but I'd like to find a way to enforce that at a machine level too...
I logged this with Chocolatey and they resolved the issue \o/
try this :
$WBC = New-Object System.Net.WebClient
$WBC.DownloadString("https://google.com")