1

I have a weird problem with WinRM. The machine has got another IP address due to a server migration. I cannot get WinRM to function again. I have enabled the WinRM service and in fact it is listening on localhost (port 5985).

C:\Windows\system32>winrm e winrm/config/listener
Listener
    Address = *
    Transport = HTTP
    Port = 5985
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = 127.0.0.1, 192.168.80.54, ::1, fe80::100:7f:fffe%12, fe80::5efe:192.168.80.54%11, fe80::a140:a4a0:3b8f:e423%15

When I run test-wsman 127.0.0.1 the following output is shown:

wsmid           : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor   : Microsoft Corporation
ProductVersion  : OS: 0.0.0 SP: 0.0 Stack: 2.0

When I run test-wsman 192.168.80.54 the command doesn't succeed:

Test-WSMan : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".
At line:1 char:11
+ test-wsman <<<<  192.168.80.54
    + CategoryInfo          : InvalidOperation: (192.168.80.54:String) [Test-WSMan], InvalidOperationException
    + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.TestWSManCommand

I can properly access another machine at 192.168.80.58. I have checked with netstat -a -n. It seem that WinRM is listening on 127.0.0.1:5985, where other machines show 0.0.0.1:5985.

I have checked the URL reservations, but these look fine as well:

Reserved URL            : http://+:47001/wsman/
    User: NT SERVICE\WinRM
        Listen: Yes
        Delegate: No
    User: NT SERVICE\Wecsvc
        Listen: Yes
        Delegate: No
        SDDL: D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)

Reserved URL            : https://+:5986/wsman/
    User: NT SERVICE\WinRM
        Listen: Yes
        Delegate: No
    User: NT SERVICE\Wecsvc
        Listen: Yes
        Delegate: No
        SDDL: D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)

Reserved URL            : http://+:5985/wsman/
    User: NT SERVICE\WinRM
        Listen: Yes
        Delegate: No
    User: NT SERVICE\Wecsvc
        Listen: Yes
        Delegate: No
        SDDL: D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)
Ramon de Klein
  • 251
  • 4
  • 9
  • Can you communicate with that remote machine (.54) via any method, say Ping? Is the firewall up, and if so, have WinRM exceptions been added (ie: did you run `winrm quickconfig`)? – Ƭᴇcʜιᴇ007 Oct 12 '16 at 14:51

2 Answers2

1

This machine was previously assigned two IP addresses. To prevent that IIS would listen on both IP addresses, the HTTP configuration was changed so it would only listen on one. You can show which IP address are used by the HTTP driver, by running:

C:\WINDOWS\system32> netsh http show iplisten

IP addresses present in the IP listen list:
-------------------------------------------

    127.0.0.1
    192.168.70.10

If all IP addresses are removed from the list, then HTTP.SYS will use all IP addresses, so it's sufficient to remove all IP addresses.

Ramon de Klein
  • 251
  • 4
  • 9
0

Most likely recreating HTTP listeners could help.

In PowerShell:

Remove-WSManInstance winrm/config/Listener -SelectorSet @{Address="*";Transport="http"}
New-WSManInstance winrm/config/Listener -SelectorSet @{Address="*";Transport="http"}

In Command Prompt:

winrm delete winrm/config/Listener?Address=*+Transport=HTTP
winrm create winrm/config/Listener?Address=*+Transport=HTTP

To use the specific address, use Address="IP:YourIPAddress" syntax instead.

Note: In the above command, the YourIPAddress placeholder is the value that you need to change with your IP address.

Further reading:

Related question: Allow PowerShell remoting only from one address.

kenorb
  • 24,736
  • 27
  • 129
  • 199