question

eJW-0633 avatar image
0 Votes"
eJW-0633 asked RichMatheisen-8856 answered

WinRM - Connectivity Issue

I'm trying to setup WinRM in a domain environment and i'm running into issue where the clients aren't listening on the WinRM port.

 PS C:\Users\administrator> netstat -a
    
 Active Connections
    
   Proto  Local Address          Foreign Address        State
   TCP    0.0.0.0:135            pcname:0      LISTENING
   TCP    0.0.0.0:445            pcname:0      LISTENING
   TCP    0.0.0.0:3389           pcname:0      LISTENING
   TCP    0.0.0.0:5040           pcname:0      LISTENING
   TCP    0.0.0.0:5666           pcname:0      LISTENING
   TCP    0.0.0.0:5666           pcname:0      LISTENING
   TCP    0.0.0.0:47001          pcname:0      LISTENING
   TCP    0.0.0.0:49664          pcname:0      LISTENING
   TCP    0.0.0.0:49665          pcname:0      LISTENING
   TCP    0.0.0.0:49666          pcname:0      LISTENING
   TCP    0.0.0.0:49667          pcname:0      LISTENING
   TCP    0.0.0.0:49668          pcname:0      LISTENING
   TCP    0.0.0.0:49671          pcname:0      LISTENING
   TCP    0.0.0.0:49716          pcname:0      LISTENING
   TCP    172.23.89.23:139       pcname:0      LISTENING
   TCP    172.23.89.23:52705     pcname:epmap  TIME_WAIT
   TCP    172.23.89.23:52706     pcname:49668  ESTABLISHED
   TCP    [::]:135                 pcname:0      LISTENING
   TCP    [::]:445                 pcname:0      LISTENING
   TCP    [::]:3389               pcname:0      LISTENING
   TCP    [::]:5666               pcname:0      LISTENING
   TCP    [::]:47001             pcname:0      LISTENING
   TCP    [::]:49664             pcname:0      LISTENING
   TCP    [::]:49665             pcname:0      LISTENING
   TCP    [::]:49666             pcname:0      LISTENING
   TCP    [::]:49667             pcname:0      LISTENING
   TCP    [::]:49668             pcname:0      LISTENING
   TCP    [::]:49671             pcname:0      LISTENING
   TCP    [::]:49716             pcname:0      LISTENING


Clients are set to listen on the right port.

 PS C:\Users\administrator> winrm enumerate winrm/config/listener
 Listener [Source="GPO"]
     Address = *
     Transport = HTTP
     Port = 5985
     Hostname
     Enabled = true
     URLPrefix = wsman
     CertificateThumbprint
     ListeningOn = null

Full client WinRM config is here:


   PS C:\Users\administrator> winrm get winrm/config
     Config
         MaxEnvelopeSizekb = 500
         MaxTimeoutms = 60000
         MaxBatchItems = 32000
         MaxProviderRequests = 4294967295
         Client
             NetworkDelayms = 5000
             URLPrefix = wsman
             AllowUnencrypted = false
             Auth
                 Basic = true
                 Digest = true
                 Kerberos = true
                 Negotiate = true
                 Certificate = true
                 CredSSP = false
             DefaultPorts
                 HTTP = 5985
                 HTTPS = 5986
             TrustedHosts
         Service
             RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
             MaxConcurrentOperations = 4294967295
             MaxConcurrentOperationsPerUser = 1500
             EnumerationTimeoutms = 240000
             MaxConnections = 300
             MaxPacketRetrievalTimeSeconds = 120
             AllowUnencrypted = false
             Auth
                 Basic = false
                 Kerberos = true
                 Negotiate = true
                 Certificate = false
                 CredSSP = false
                 CbtHardeningLevel = Relaxed
             DefaultPorts
                 HTTP = 5985
                 HTTPS = 5986
             IPv4Filter = 172.23.89.16 [Source="GPO"]
             IPv6Filter [Source="GPO"]
             EnableCompatibilityHttpListener = false
             EnableCompatibilityHttpsListener = false
             CertificateThumbprint
             AllowRemoteAccess = true [Source="GPO"]
         Winrs
             AllowRemoteShellAccess = true
             IdleTimeout = 7200000
             MaxConcurrentUsers = 2147483647
             MaxShellRunTime = 2147483647
             MaxProcessesPerShell = 2147483647
             MaxMemoryPerShellMB = 2147483647
             MaxShellsPerUser = 2147483647


GPO Sets the following

  • Firewall: Inbound WinRM, Allow ICMP Exceptions

  • Windows Defender Firewall: Allow inbound remote administration exception

  • Windows Components/Windows Remote Management (WinRM)/WinRM Service

  • Service: WinRM start automatically


Any tips on what to look for next, i'm not currently able to establish a remote connection to the client from the server.

windows-serverwindows-server-powershell
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

RichMatheisen-8856 avatar image
0 Votes"
RichMatheisen-8856 answered eJW-0633 commented

Is the Windows Remote Management (WS-Management) service running?

· 3
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

eJW-0633 avatar image eJW-0633 ·

The service was running on both client and server yes.

0 Votes 0 ·
RichMatheisen-8856 avatar image RichMatheisen-8856 eJW-0633 ·

Does netsh http show iplisten return any results?

If it only returns "::" try netsh http delete iplisten ipaddress=::

After that, try restarting the service.

FYI, the WS-Management is an O/S service. PowerShell just uses it. Your adding the windows-server-powershell tag to your original post is distracting attention from the SMEs that should be helping you!



0 Votes 0 ·
eJW-0633 avatar image eJW-0633 RichMatheisen-8856 ·

I've bounced the service on both end for good measure but still doesn't seem to have made any changes.

 PS C:\Users\administrator> Get-Service | where{$_.Name -eq "WinRM"}
    
 Status   Name               DisplayName
 ------   ----               -----------
 Running  WinRM              Windows Remote Management (WS-Manag...
    
    
 PS C:\Users\administrator> Restart-Service WinRM
 PS C:\Users\administrator> Get-Service | where{$_.Name -eq "WinRM"}
    
 Status   Name               DisplayName
 ------   ----               -----------
 Running  WinRM              Windows Remote Management (WS-Manag...
    
    
 PS C:\Users\administrator> netsh http show iplisten
    
 IP addresses present in the IP listen list:
 -------------------------------------------

Dropped the firewalls on both machines also as a quick test to see if that was getting in the way but i'm still getting similar errors.

0 Votes 0 ·
RichMatheisen-8856 avatar image
0 Votes"
RichMatheisen-8856 answered

Do you have a NIC on that machine that uses the IP address 172.23.89.16?

In the output from netstat it looks like the NIC is using 172.23.89.23.

I think your GPO is setting the wrong address in the IPv4Filter.

Try this:

 winrm enumerate winrm/config/listener

. . . and see if the "ListeningON" value contains your NICs IP address (I'm guessing it won't).

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.