WinRM hosted in IIS fails to start with error 1300 in event log

WinRM is hosted within IIS by enabling the WinRM native module at a particular IIS site, app or a vdir. IIS sites and apps can be configured to run in a specific application pool. Each application pool runs under a specific user context. WinRM will fail to start when the user associated with the application pool does not have the required privileges.

When this happens, the following event shows up in the event log:

The WinRM service is unable to start because of a failure during initialization.

 Additional Data
The error code is 1300.

 To fix this, do the following:

  • Open secpol.msc
  • Navigate to Local Policies -- User Rights Assignment
  • Select the value "Generate Security Audits"
  • Add the user account to the list