Online-Verify WinRM 3.0 service installed, running, and required firewall ports are open

Hello everyone

I've just updated my workstation to Windows 8 Pro, yea! - sigh, and now I'm going through trying to get all my management tools working properly and want to use the new Server Manager tools.  So I've dutifully installed the windows 8 RSAT tools and begun to add in my servers.   However most of my servers are 2003, 2008, 2008 R2 with only 1 solitary 2012 and I'm now suffering the above error on all my 2008 servers.  Having done some 2012 training I was expecting this and jumped in to install .net 4, WMF 3.0 as requested.  I've not installed the performance counter hot fix yet but I don't believe that has any bearing on this issue (correct me if I'm wrong).   

So having followed the advice in the links below and verified that all the relevant services are running I still get the WinRM error under Server Manager against these 2008 servers.  I get this whether I use the Server Manager on Windows 8 or Server 2012 and I'm at a loss to fix it.

To confirm what I've done  

1. Windows 2008 R2 SP 1 - Domain Controller

2. Installed .Net 4 using the full standalone package - dotNetFx40_Full_x86_x64  (49,268KB size - file version 4.0.30319.1)

3. Installed WMF 3.0 using - Windows6.1-KB2506143-x64.msu (16,171KB size)

4. Ran the Command WinRM QuickConfig - which set up WinRM and applied the appropriate firewall rule - confirmed as being there.   The result below is from running the command WinRM id which as you can see indicates that version 3 is in use. 

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>WinRM id
IdentifyResponse
    ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
    ProductVendor = Microsoft Corporation
    ProductVersion = OS: 6.1.7601 SP: 1.0 Stack: 3.0
    SecurityProfiles
        SecurityProfileName = http://schemas.dmtf.org/wbem/wsman/1/wsman/secprof
ile/http/spnego-kerberos


C:\Windows\system32>

5. Restarted the DC just to make sure (I've actually done this several times now - no change in the results)

6. Disabled the firewalls on the clients and servers

6. Refreshed and Restarted both the Windows 8 workstation and the 2012 Server.

I have this issue on multiple servers that I've done the above process through so it's not an isolated incident but I'm at a loss to know what I've got wrong. From all the searching I've done on the net it would be a number of people have experienced the issue but the above steps resolved it; I appear to be the exception.   Does anyone have any thoughts or advice as to how I can resolve the issue as I would like to benefit from the new Server Manager without having to update all my servers to 2012 :).

Blessings

Jez

http://blogs.technet.com/b/servermanager/archive/2012/09/10/managing-downlevel-windows-based-servers-from-server-manager-in-windows-server-2012.aspx

http://social.technet.microsoft.com/wiki/contents/articles/13444.windows-server-2012-server-manager-troubleshooting-guide-part-ii-troubleshoot-manageability-status-errors-in-server-manager.aspx

January 9th, 2013 5:21pm

Managing Downlevel Windows-based Servers from Server Manager in Windows Server 2012
http://blogs.technet.com/b/servermanager/archive/2012/09/10/managing-downlevel-windows-based-servers-from-server-manager-in-windows-server-2012.aspx


According to the above blog, youve ensured that


1. WMF 3.0 has been successfully installed.
2. .NET 4.0 has been successfully installed. Verify .NET version http://support.microsoft.com/kb/318785
3. Youve turned off firewall on both sides, so it should not be a WinRM or DCOM communication problem.


Seems all the prerequisites are met. I would suggest restart the Windows Remote Management Service on your Windows 2088 R2 server and re-run winrm quickconfig

Free Windows Admin Tool Kit Click here and download it now
January 10th, 2013 4:56am

Hi Zhang

Thanks for the response - I've attached a picture of the registry from one of the DC's with the problem which shows .Net v4.0.30319



I've restarted the service and run WinRM again as suggested but that just informs me that WinRM is already set up for remote management on this server. Sadly however the issue remains. 

Quite frustrating really - if anyone else has any thoughts I'd appreciate them.

Blessings

Jez

January 10th, 2013 10:07am

I've taken a closer look at the error listed and it doesn't make sense.  The error states, 

Configuration refresh failed with the following error:  The metadata failed to be retrieved from the server, due to the following error: The client cannot connect to the destination specified in the request.  Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS--Management service running on the destination, most commonly IIS or WinRM.  If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".

According to the troubleshooting guide linked above this would suggest the target computer, my DC, is not available or is not a Windows based machine.  Well clearly the DC is, Server 2008 R2 SP1, and it is reachable you can RDP to it, ping it by name etc.   So I'm even more puzzled.

Does anyone have any thoughts on this more detailed error?

Blessings

Jez

Free Windows Admin Tool Kit Click here and download it now
January 11th, 2013 1:31pm

Did you find a solution to this?

I'm in the same situation as you...

March 13th, 2013 3:56pm

Did you find a solution to this?

I'm in the same situation as you...

http://buenoflex.com/archives/60 might help
Free Windows Admin Tool Kit Click here and download it now
April 2nd, 2013 11:22am

Hi Guys

try to run winrm qc

for me, this command fixed the problem

  • Proposed as answer by sulce Tuesday, April 09, 2013 9:10 AM
April 9th, 2013 8:54am

Here's what I did to fix the error.

Ran

winrm quickconfig in Powershell

I downloaded the following updates

http://www.microsoft.com/en-au/download/details.aspx?id=17851

and

http://www.microsoft.com/en-us/download/details.aspx?id=34595

Once I ran both updates and restarted the VM I was able to see the status change to Online.

  • Proposed as answer by APA IT Support Wednesday, June 26, 2013 5:22 PM
  • Edited by APA IT Support Wednesday, June 26, 2013 5:24 PM Updated the Powershell command
Free Windows Admin Tool Kit Click here and download it now
June 26th, 2013 5:21pm

Thanks for the tip.  Ran winrm quickconfig in power shell and now server is online.  :)
July 10th, 2013 2:12pm

I know this is late to the game, but I just came through this same situation---sort of. In my case, the root cause was that another admin had setup a Group Policy for Remote Management (to turn on WinRM's HTTP/HTTPS listeners) and had forgotten to set it to listen on any IP address.

The symptoms of my problem were:

  1. The Server Manager app reported "Online - Verify WinRM 3.0 service installed, running, and required firewall ports are open" for the remote servers listed.
  2. The local machine had a Microsoft-Windows-WinRM error in the System EventLog with the following text "The WinRM service failed to create the following SPNs: WSMAN/servername.domain.com; WSMAN/servername". Unfortunately, that led me to this post about SPNs, which was the wrong solution for me, as it turned out (though the final post in that thread is the correct way to go about things, if you really need to alter the permissions on the NETWORK SERVICE account).
  3. Running winrm id reported WinRM was all installed correctly on each server. (Stack = 3.0, and OS = 6.3.9600 because these servers are all 2012 r2)
  4. Running winrm qc (winrm quickconfig is the same thing) reported that everything was setup correctly and running.
  5. I used netsh advfirewall firewall show rule name="Windows Remote Management (HTTP-In)" to verify that the firewall rules had port 5985 open on my current NLA profile (domain, in my case).
  6. I used netstat -a -b to confirm that a local process was actually bound to (and using) port 5985. And I discovered that nothing was, so that was my first real clue.
  7. Finally, I used winrm enumerate winrm/config/listener to confirm that WinRM wasn't actually listening on the port. The fact that it reported "ListeningOn=null" led me to this post on StackOverflow, which finally led back to the GPO being the problem.

If that doesn't solve your problem, perhaps those later steps will help you (or someone else) further troubleshoot a WinRM problem.


  • Proposed as answer by Jwfii Sunday, September 07, 2014 1:03 AM
Free Windows Admin Tool Kit Click here and download it now
February 19th, 2014 5:06pm

This right here :)

Thanks a lot.

May 15th, 2014 2:44pm

Yep, winrm qc worked for me as well. Thank You!!!
Free Windows Admin Tool Kit Click here and download it now
September 6th, 2014 3:57pm

Thank you, it worked for me.
April 29th, 2015 11:48pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics