WinRM connection problem

Jeff 156 Reputation points
2023-04-19T12:30:40.3966667+00:00

About a week ago I built four VMs with Server 2022. As far as I recall I built them identically (no images/scripts/templates though). On one of them I'm getting an issue with WinRM, specifically when our PRTG Monitoring tries to query Windows Updates status which complains about WinRM connection refused. WinRM config on the target host looks okay (to these inexpert eyes):

C:\Windows\system32>winrm enumerate winrm/config/listener & netsh http show iplisten
Listener
    Address = *
    Transport = HTTP
    Port = 5985
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = 10.100.1.29, 127.0.0.1, ::1, fe80::83c3:5f18:1a91:f0db%4


IP addresses present in the IP listen list:
-------------------------------------------



C:\Windows\system32>

All four servers are domain joined. This server has WIndows Firewall off for the domain and for Private networks. So, what next?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,258 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 43,996 Reputation points
    2023-04-20T14:28:17.3433333+00:00

    Hi, I'd be happy to help you out with your question. Sorry for the inconvenience caused. Based on the output of the WinRM configuration on the target host, it appears that the WinRM service is properly configured to listen on port 5985 and on all available network interfaces. However, the output of the "netsh http show iplisten" command suggests that there are no IP addresses present in the IP listen list, which could indicate that the WinRM service is not properly bound to the network interface. To address this, you can try adding the IP address of the network interface to the IP listen list using the "netsh http add iplisten" command. This should ensure that WinRM is properly bound to the network interface and can accept connections on port 5985. Here is an example command that you can use if the IP address of the network interface is 10.100.1.29: netsh http add iplisten ipaddress=10.100.1.29 After running the command, you can check the output of the "netsh http show iplisten" command to confirm that the IP address is listed. If the above solution does not work, you may want to check if the Windows Firewall is blocking incoming WinRM traffic on port 5985. To test this, you can temporarily disable the Windows Firewall on the target host and try the WinRM connection again. If the connection works with the firewall disabled, you will need to create a firewall rule to allow incoming WinRM traffic on port 5985. For more Information, please refer to "WinRM connection refused" - https://learn.microsoft.com/answers/questions/119731/winrm-connection-refused If you have any other questions or need assistance with anything, please don't hesitate to let me know. I'm here to help.

    If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

    0 comments No comments

  2. Jeff 156 Reputation points
    2023-05-09T12:37:52.7633333+00:00

    @MotoX80 @Limitless Technology

    Can confirm that according to the Test-NetConnection cmdlet port 5985 is open both on the server under discussion ("Server01") and one of the other servers built at the same time ("Server02"):

    PS C:\Windows\system32> Test-NetConnection -ComputerName Server01 -port 5985

    ComputerName : Server01

    RemotePort : 5985

    InterfaceAlias : Ethernet

    TcpTestSucceeded : True

    PS C:\Windows\system32> Test-NetConnection -ComputerName Server02 -port 5985

    ComputerName : Server02

    RemotePort : 5985

    InterfaceAlias : Ethernet

    TcpTestSucceeded : True

    Note also that the output from the winrm and netsh commands is also identical on both the 'faulty' server ("Server01") and the non-faulty server.

    I've not tried the Firewall trick yet though.