Windows Remote Management service error
Hello,
After my last Microsoft update all my Servers hae an error that's related to the WinRM service.
Application:
The WinRM (Windows Remote Management) service is unable to start because of a failure during initialization. Additional Data The error code is 1300.
Event ID: 10119
OS: Windows 2003 STD R2 with SP2
The WinRM service failed to create the following SPNs: WSMAN/server.wsgnl.com; WSMAN/server.
Additional Data
The error received was 10065: A socket operation was attempted to an unreachable host. .
User Action
The SPNs can be created by an administrator using setspn.exe utility.
Event ID: 10154
OS: Windows 2003 STD R2 with SP2
The WinRM service is not listening for WS-Management requests.
User Action
If you did not intentionally stop the service, use the following command to see the WinRM configuration:
winrm enumerate winrm/config/listener
Event ID: 10149
OS: Windows 2003 STD R2 with SP2
Hope you guys can help me?
Kind regards.
February 2nd, 2011 3:54am
Hi,
Please do the following things.
Start Run ADSIEDIT.msc, choose Default naming context and scroll down to the Domain Controllers OU, right-click the Domain Controller object that is showing the warnings and select properties, select security tab and click in the advanced button, in the advanced
security settings menu, click add, type Network Service and hit ok.
http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/ff42d97f-8c52-4ddc-93a2-6ae79498e3d5
Good Day
http://www.virmansec.com/blogs/skhairuddin
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2011 4:08am
Hello,
please see:
http://www.eventid.net/display.asp?eventid=10119&eventno=8502&source=WinRM&phase=1
http://technet.microsoft.com/en-us/library/dd363634(WS.10).aspx
Unfortunal you didn't specify the used OS version with SP/patch level.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
February 2nd, 2011 4:08am
Sorry, now OS and SP level are in the main post.Kind regards.
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2011 5:01am
Services, Name: Windows Remote Management (WS-Management) the Log On As is Network Service when I change this to Local System the service is started. Would this be the solution?
Kind regards.
February 2nd, 2011 5:08am
did u applied the solution listed above ?http://www.virmansec.com/blogs/skhairuddin
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2011 5:13am
No, I only change the 'Log On As' option!!!Kind regards.
February 2nd, 2011 5:14am
Hi,
Thanks for posting here.
I’d suggest setting back service log on account to default network services and try applying the solutions that Meinolf posted and check if could help you solve
this issue .
To specify that the service uses the Network Service account, click This account, and then type
NT AUTHORITY\NetworkService ,please leave the password entry blank.
Meanwhile, could you post the hotfix numbers that you just patched for this server ?
Thanks.
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2011 10:30pm
What I understand is that Windows Remote Management is a component of the Windows Hardware Management features that manage server hardware locally and remotely. I only use RDP for management. I also understand that you must install the hardware
management under Management and Monitoring tools to work with this feature. Because I don't use this feature and also can disable this feature, i'm I right?
Kind regards.
February 3rd, 2011 2:39am
Hi,
Thanks for update.
To manage single server ,RDP is the way .If large number servers need be remotely managed, MMC snap-in is preferred.
In generally, we don’t suggest to disable this service.
Remote Administration Best practices
http://technet.microsoft.com/en-us/library/cc778582(WS.10).aspx
For the issue your posted , I think the method that Meinolf provided should help solve it, could you please try and post back the result?
Thanks.
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
February 3rd, 2011 10:18pm
Hi,
I would like to choose for the option to remove KB968390 because I don't use the Windows Management Framework Core package (Windows PowerShell 2.0 and WinRM 2.0). When I remove this package I get the message that the following programs on my computer
might not run properly:
KB2264107
KB2388210
KB2419635
KB925876
KB925876
KB956744
Silverlight
What to do?
Thank you!Kind regards.
February 4th, 2011 4:33am
Hi,
Thanks for update.
We’d recommend to have all these updates installed.
You mentioned that you had changed the Log On As account of Windows Remote Management service to Local System and the service could be started properly.
It indicates that the SPN for the service has been created properly now. you can change the Log On As account of Windows Remote Management service back to Network Service and then try to stop/restart this service again. The error should go away. If not, you
may need to follow the steps provided by Syed to grant Network Service account the “Validated write to service principle name” permission.
Here is the workaround:
1.
On a domain controller and logon as the domain administrator.
2.
Click Start -> Run, type “adsiedit.msc” in the text box, and click OK.
3.
Choose “Default naming context” and locate the server object that is reporting the error.
4.
Right-click the Domain Controller object that is showing the warnings and select properties, select security tab and click in the advanced button.
5.
Click Add, type Network Service, check the “Validated write to service principle name” Allow item, and click OK.
6.
Restart the Windows Remote Management service to test this issue again.
Hope these help.
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
February 7th, 2011 2:56am
Hi,
I followed the steps in your workaround but the error still remains.
1. ADSI Edit on domaincontroller
2. Domain, OU=Domain Controllers, CN=Server with error
3. Right-clickm properties, security tab and advanced button
4. Click Add, type Network Service, check the “Validated write to service principle name” Allow item
5. Restarted the service with the Network Service but I get the samen error message:
The WinRM service is unable to start because of a failure during initialization.
Additional Data
The error code is 1300.
Because I don't use this function I can remove it --> problem solved.
In my post from Friday, February 04, 2011 9:32 AM, my question is: how can I know if one of these updates might not run properly!!!
Kind regards.
February 7th, 2011 5:03am
Hi,
Thanks for update.
I suspect that you are referring KB968930.
When attempt to uninstall security patch ,you will receive the warning saying that “these programs might not run properly” if these updates
was installed after the security update which you are trying to uninstall”. There is no real dependency checking based on file versions or anything like that. The warning is based only on date & time of installation.
If you want to remove updates, you must remove them in the reverse order in which they were installed. So, you must remove the most recently installed
update first. For example, assume that you installed UpdateA before you installed UpdateB. To return your computer to its state before the installation of UpdateA, you must remove UpdateB before you remove UpdateA. You should follow this reverse order when
you uninstall updates because some updates share files. After uninstalling these updates, you can then reinstall those updates that you want to keep.
Before uninstalling updates, it is always recommended to create a server backup.
Thanks.
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
February 8th, 2011 11:46pm
Hello,
Thank you for your information.
This is a lot of work, I get this error message on 5 Servers so I think maybe we could solve this another way.
Is there a way to solve this error message without removing this feature?
Kind regards.
February 9th, 2011 3:12am
Hi,
Thanks for update.
Try Using NETWORK SERVICE account to launch WinRM service and granting
SeAuditPrivilege permission to this account under which the service runs , restart service and see if it works.
Thanks.
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
February 10th, 2011 1:46am
Hi,
Can you tell me how to grant SeAuditPrivilege permission to the account NETWORK SERVICE?
Kind regards.
February 10th, 2011 5:13am
Hi,
Thanks for update.
Are these servers domain member ?
If yes , you should grant permission by modifying security settings in group policy. If not , you should grant permission in “local security
settings” console.
Here is the workaround:
Navigate to “ Security settings \ local policies \ users rights assignment “
Double click “generate security audits” and add “NETWORK SERVICE” account into the list.
Please try and post back the result , if you have any questions or concerns, please do not hesitate to let me know.
Thanks.
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
February 10th, 2011 9:07pm
Hi,
If there is any update on this issue, please feel free to let us know.
We are looking forward to your reply.
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
February 14th, 2011 5:37am
Hi,
These servers are dc's and member servers!
For those DC's, do you mean Domain Security Policy or Domain Controller Security Policy?
Kind regards.
Free Windows Admin Tool Kit Click here and download it now
February 14th, 2011 7:28am
Hi,
Thanks for posting here.
It’s depend on you .
The purpose is make sure that each affected server could be set to use this security setting.
Thanks.
Tiger LiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
February 14th, 2011 9:57pm