Home/Insights/Windows

Troubleshooting WinRM Connection Issues Between Specific Servers

Use this when WinRM works generally in the environment but fails between specific servers.

Quick Read

  • Symptom: Use this when WinRM works generally in the environment but fails between specific servers.
  • Check first: Ping the target server to ensure network connectivity.
  • Risk: Changes system state

Symptoms

WinRM cannot complete the operation from one server to another, while connections to other servers are successful.

Environment

Windows Server 2016/2019, WinRM configured and operational on all servers.

Most Likely Causes

Potential network issues, firewall settings, or WinRM configuration discrepancies on the affected server.

What to Check First

  1. Ping the target server to ensure network connectivity.
  2. Verify WinRM service status on both source and target servers.
  3. Check firewall rules on both servers for WinRM ports (default 5985 for HTTP, 5986 for HTTPS).

Fix Steps

  1. Ping the target server to check connectivity.

    Use the ping command to verify that the source server can reach the target server.

    Example pattern only. Adjust for your environment before running.

    ping <target-server-IP-or-hostname>
  2. Check the status of the WinRM service on both servers.

    Ensure that the WinRM service is running on both the source and target servers.

    Safe to run: read-only

    Get-Service WinRM
  3. Examine firewall settings on both servers.

    Check if the firewall is blocking WinRM traffic on the target server.

    Safe to run: read-only

    Get-NetFirewallRule -DisplayName 'Windows Remote Management (HTTP-In)'
Get-NetFirewallRule -DisplayName 'Windows Remote Management (HTTPS-In)'
  4. Test WinRM connectivity using the Test-WSMan command.

    Use the Test-WSMan command to check if WinRM is properly configured on the target server.

    Example pattern only. Adjust for your environment before running.

    Test-WSMan <target-server-IP-or-hostname>
  5. Review WinRM listener configuration.

    Ensure that the WinRM listener is configured correctly on the target server.

    Example pattern only. Adjust for your environment before running.

    winrm enumerate winrm/config/listener
  6. Check for any recent changes to the target server's configuration.

    Look for any updates or configuration changes that may have affected WinRM.

    Safe to run: read-only

    Get-EventLog -LogName System -Newest 50

Validation

  • After performing the checks and fixes, attempt to connect using WinRM again.
  • Use the command 'Enter-PSSession -ComputerName <target-server-IP-or-hostname>' to validate the connection.

Logs to Check

  • C:\Windows\System32\winevt\Logs\Microsoft-Windows-WinRM%4Operational.evtx for WinRM-specific logs.
  • C:\Windows\System32\winevt\Logs\System.evtx for general system logs.

Rollback and Escalation

    Escalate When

    • If the issue persists after all checks and fixes, escalate to the network team for potential routing issues.
    • Contact the security team if firewall rules cannot be modified.

    Edge Cases

    • Check if the target server is part of a different domain or workgroup.
    • Verify if there are any group policies affecting WinRM settings.

    Notes from the Field

    • Always ensure that the WinRM service is set to start automatically.
    • Document any changes made to firewall settings for future reference.