Answer the question
In order to leave comments, you need to log in
How to properly configure Windows Server management through WAC in a domain?
Faced non-trivial behavior of all remote control services within a domain. Once, for no apparent reason, Windows Admic Center lost access to all remote machines in the domain and started throwing an error:
Failed to connect to the remote server name.domainname. Error message: WinRM cannot complete the operation Make sure that the computer name is correct, that the computer is reachable over the network, and that the firewall has set an exception for the WinRM service that allows access to this computer. By default, the WinRM firewall exception for public profiles restricts access to remote computers on the same local subnet. See the "about_Remote_Troubleshooting" help topic for details.
At the same time, when trying to forward a remote Powershell to some machines, the forwarding passes, to others it throws errors, such as:
Enter-PSSession : Сбой подключения к удаленному серверу name.domainname. Сообщение об ошибке: Access is
denied. Подробности см. в разделе справки "about_Remote_Troubleshooting".
строка:1 знак:1
+ Enter-PSSession name.domainname
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (name.domainname:String) [Enter-PSSession], PSRemotingTr
ansportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
winrm e winrm/config/listener
Listener [Source="GPO"]
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 127.0.0.1, %все другие локальные айпишники%
Get-NetFirewallRule -DisplayName "Windows Remote Management*"
Name : WINRM-HTTP-In-TCP
DisplayName : Windows Remote Management (HTTP-In)
Description : Inbound rule for Windows Remote Management via WS-Management. [TCP 5985]
DisplayGroup : Windows Remote Management
Group : @FirewallAPI.dll,-30267
Enabled : True
Profile : Domain, Private
Platform : {}
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
RemoteDynamicKeywordAddresses : {}
Name : WINRM-HTTP-Compat-In-TCP
DisplayName : Windows Remote Management - Compatibility Mode (HTTP-In)
Description : Compatibility mode inbound rule for Windows Remote Management via WS-Management. [TCP 80]
DisplayGroup : Windows Remote Management (Compatibility)
Group : @FirewallAPI.dll,-30252
Enabled : False
Profile : Any
Platform : {}
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
RemoteDynamicKeywordAddresses : {}
Name : WINRM-HTTP-In-TCP-PUBLIC
DisplayName : Windows Remote Management (HTTP-In)
Description : Inbound rule for Windows Remote Management via WS-Management. [TCP 5985]
DisplayGroup : Windows Remote Management
Group : @FirewallAPI.dll,-30267
Enabled : True
Profile : Public
Platform : {}
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
RemoteDynamicKeywordAddresses : {}
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question