Hello, After my last Microsoft update all my Servers hae an error that's related to the WinRM service. Application: The WinRM (Windows Remote Management) service is unable to start because of a failure during initialization. Additional Data The error code is 1300. Event ID: 10119 OS: Windows 2003 STD R2 with SP2 The WinRM service failed to create the following SPNs: WSMAN/server.wsgnl.com; WSMAN/server. Additional Data The error received was 10065: A socket operation was attempted to an unreachable host. . User Action The SPNs can be created by an administrator using setspn.exe utility. Event ID: 10154 OS: Windows 2003 STD R2 with SP2 The WinRM service is not listening for WS-Management requests. User Action If you did not intentionally stop the service, use the following command to see the WinRM configuration: winrm enumerate winrm/config/listener Event ID: 10149 OS: Windows 2003 STD R2 with SP2 Hope you guys can help me? Kind regards.

Hi, Please do the following things. Start Run ADSIEDIT.msc, choose Default naming context and scroll down to the Domain Controllers OU, right-click the Domain Controller object that is showing the warnings and select properties, select security tab and click in the advanced button, in the advanced security settings menu, click add, type Network Service and hit ok. http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/ff42d97f-8c52-4ddc-93a2-6ae79498e3d5 Good Day http://www.virmansec.com/blogs/skhairuddin

Hello, please see: http://www.eventid.net/display.asp?eventid=10119&eventno=8502&source=WinRM&phase=1 http://technet.microsoft.com/en-us/library/dd363634(WS.10).aspx Unfortunal you didn't specify the used OS version with SP/patch level.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Sorry, now OS and SP level are in the main post.Kind regards.

Services, Name: Windows Remote Management (WS-Management) the Log On As is Network Service when I change this to Local System the service is started. Would this be the solution? Kind regards.

did u applied the solution listed above ?http://www.virmansec.com/blogs/skhairuddin

No, I only change the 'Log On As' option!!!Kind regards.

Hi, Thanks for posting here. I’d suggest setting back service log on account to default network services and try applying the solutions that Meinolf posted and check if could help you solve this issue . To specify that the service uses the Network Service account, click This account, and then type NT AUTHORITY\NetworkService ,please leave the password entry blank. Meanwhile, could you post the hotfix numbers that you just patched for this server ? Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

What I understand is that Windows Remote Management is a component of the Windows Hardware Management features that manage server hardware locally and remotely. I only use RDP for management. I also understand that you must install the hardware management under Management and Monitoring tools to work with this feature. Because I don't use this feature and also can disable this feature, i'm I right? Kind regards.

Hi, Thanks for update. To manage single server ,RDP is the way .If large number servers need be remotely managed, MMC snap-in is preferred. In generally, we don’t suggest to disable this service. Remote Administration Best practices http://technet.microsoft.com/en-us/library/cc778582(WS.10).aspx For the issue your posted , I think the method that Meinolf provided should help solve it, could you please try and post back the result? Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, I would like to choose for the option to remove KB968390 because I don't use the Windows Management Framework Core package (Windows PowerShell 2.0 and WinRM 2.0). When I remove this package I get the message that the following programs on my computer might not run properly: KB2264107 KB2388210 KB2419635 KB925876 KB925876 KB956744 Silverlight What to do? Thank you!Kind regards.

Hi, Thanks for update. We’d recommend to have all these updates installed. You mentioned that you had changed the Log On As account of Windows Remote Management service to Local System and the service could be started properly. It indicates that the SPN for the service has been created properly now. you can change the Log On As account of Windows Remote Management service back to Network Service and then try to stop/restart this service again. The error should go away. If not, you may need to follow the steps provided by Syed to grant Network Service account the “Validated write to service principle name” permission. Here is the workaround: 1. On a domain controller and logon as the domain administrator. 2. Click Start -> Run, type “adsiedit.msc” in the text box, and click OK. 3. Choose “Default naming context” and locate the server object that is reporting the error. 4. Right-click the Domain Controller object that is showing the warnings and select properties, select security tab and click in the advanced button. 5. Click Add, type Network Service, check the “Validated write to service principle name” Allow item, and click OK. 6. Restart the Windows Remote Management service to test this issue again. Hope these help. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, I followed the steps in your workaround but the error still remains. 1. ADSI Edit on domaincontroller 2. Domain, OU=Domain Controllers, CN=Server with error 3. Right-clickm properties, security tab and advanced button 4. Click Add, type Network Service, check the “Validated write to service principle name” Allow item 5. Restarted the service with the Network Service but I get the samen error message: The WinRM service is unable to start because of a failure during initialization. Additional Data The error code is 1300. Because I don't use this function I can remove it --> problem solved. In my post from Friday, February 04, 2011 9:32 AM, my question is: how can I know if one of these updates might not run properly!!! Kind regards.

Hi, Thanks for update. I suspect that you are referring KB968930. When attempt to uninstall security patch ,you will receive the warning saying that “these programs might not run properly” if these updates was installed after the security update which you are trying to uninstall”. There is no real dependency checking based on file versions or anything like that. The warning is based only on date & time of installation. If you want to remove updates, you must remove them in the reverse order in which they were installed. So, you must remove the most recently installed update first. For example, assume that you installed UpdateA before you installed UpdateB. To return your computer to its state before the installation of UpdateA, you must remove UpdateB before you remove UpdateA. You should follow this reverse order when you uninstall updates because some updates share files. After uninstalling these updates, you can then reinstall those updates that you want to keep. Before uninstalling updates, it is always recommended to create a server backup. Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hello, Thank you for your information. This is a lot of work, I get this error message on 5 Servers so I think maybe we could solve this another way. Is there a way to solve this error message without removing this feature? Kind regards.

Hi, Thanks for update. Try Using NETWORK SERVICE account to launch WinRM service and granting SeAuditPrivilege permission to this account under which the service runs , restart service and see if it works. Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Can you tell me how to grant SeAuditPrivilege permission to the account NETWORK SERVICE? Kind regards.

Hi, Thanks for update. Are these servers domain member ? If yes , you should grant permission by modifying security settings in group policy. If not , you should grant permission in “local security settings” console. Here is the workaround: Navigate to “ Security settings \ local policies \ users rights assignment “ Double click “generate security audits” and add “NETWORK SERVICE” account into the list. Please try and post back the result , if you have any questions or concerns, please do not hesitate to let me know. Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, If there is any update on this issue, please feel free to let us know. We are looking forward to your reply. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, These servers are dc's and member servers! For those DC's, do you mean Domain Security Policy or Domain Controller Security Policy? Kind regards.

Hi, Thanks for posting here. It’s depend on you . The purpose is make sure that each affected server could be set to use this security setting. Thanks. Tiger LiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.