Share via

Sending HTTP error back to the client due to a transport failure. The HTTP status code is 400 The error code is 5

Mini Agarwal 0 Reputation points Microsoft Employee
2024-03-18T11:14:28.3866667+00:00

I am using pywinrm to execute some commands on a Windows Server 2022 Datacenter remote host.

https://github.com/diyan/pywinrm/tree/master

Pywinrm makes SOAP calls to execute commands on the server

It creates a shell using the following payload

b'<?xml version="1.0" encoding="utf-8"?>\n<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:b="http://schemas.dmtf.org/wbem/wsman/1/cimbinding.xsd" xmlns:n="http://schemas.xmlsoap.org/ws/2004/09/enumeration" xmlns:x="http://schemas.xmlsoap.org/ws/2004/09/transfer" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns:p="http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd" xmlns:rsp="http://schemas.microsoft.com/wbem/wsman/1/windows/shell" xmlns:cfg="http://schemas.microsoft.com/wbem/wsman/1/config"><env:Header><a:To>http://windows-host:5985/wsman</a:To><a:ReplyTo><a:Address mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address></a:ReplyTo><w:MaxEnvelopeSize mustUnderstand="true">153600</w:MaxEnvelopeSize><a:MessageID>uuid:e74acd55-f22e-40e9-8914-afd51a23b6fd</a:MessageID><w:Locale mustUnderstand="false" xml:lang="en-US"></w:Locale><p:DataLocale mustUnderstand="false" xml:lang="en-US"></p:DataLocale><w:OperationTimeout>PT20S</w:OperationTimeout><w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/cmd</w:ResourceURI><a:Action mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/09/transfer/Create</a:Action><w:OptionSet><w:Option Name="WINRS_NOPROFILE">FALSE</w:Option><w:Option Name="WINRS_CODEPAGE">437</w:Option></w:OptionSet></env:Header><env:Body><rsp:Shell><rsp:InputStreams>stdin</rsp:InputStreams><rsp:OutputStreams>stdout stderr</rsp:OutputStreams><rsp:IdleTimeOut>PT72000.000S</rsp:IdleTimeOut></rsp:Shell></env:Body></env:Envelope>'

and now if I execute the command after waiting for 3 minutes the following request ends with eventViewer Error "Sending HTTP error back to the client due to a transport failure. The HTTP status code is 400. The error code is 5"

b'<?xml version="1.0" encoding="utf-8"?>\n<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:b="http://schemas.dmtf.org/wbem/wsman/1/cimbinding.xsd" xmlns:n="http://schemas.xmlsoap.org/ws/2004/09/enumeration" xmlns:x="http://schemas.xmlsoap.org/ws/2004/09/transfer" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns:p="http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd" xmlns:rsp="http://schemas.microsoft.com/wbem/wsman/1/windows/shell" xmlns:cfg="http://schemas.microsoft.com/wbem/wsman/1/config"><env:Header><a:To>http://windows-host:5985/wsman</a:To><a:ReplyTo><a:Address mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address></a:ReplyTo><w:MaxEnvelopeSize mustUnderstand="true">153600</w:MaxEnvelopeSize><a:MessageID>uuid:0a043689-2a82-4529-a592-bbe63cb1c7dc</a:MessageID><w:Locale mustUnderstand="false" xml:lang="en-US"></w:Locale><p:DataLocale mustUnderstand="false" xml:lang="en-US"></p:DataLocale><w:OperationTimeout>PT20S</w:OperationTimeout><w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/cmd</w:ResourceURI><a:Action mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/Command</a:Action><w:SelectorSet><w:Selector Name="ShellId">A7FC3961-C84D-4E40-829D-210384B4C6B8</w:Selector></w:SelectorSet><w:OptionSet><w:Option Name="WINRS_CONSOLEMODE_STDIN">TRUE</w:Option><w:Option Name="WINRS_SKIP_CMD_SHELL">TRUE</w:Option></w:OptionSet></env:Header><env:Body><rsp:CommandLine><rsp:Command>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NonInteractive -command -</rsp:Command></rsp:CommandLine></env:Body></env:Envelope>'

IdleTimeout is set to PT72000.000s

Couldn't debug where the issue is coming from.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,635 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jing Zhou 5,210 Reputation points Microsoft Vendor
    2024-03-20T02:59:31.0633333+00:00

    Hello,

     

    Thank you for posting in Q&A forum.

    Normally HTTP status code 400 indicates a Bad Request error that the server cannot process the request due to client error. Please kindly check on your client:

     

    1.Clear the cache and run the command again.

     

    2.Check if account authentication is passed in the command execution

     

    2.Check if debugg log is enabled and see if there's any insight inside.

     

    3.Capture network trace by network monitor of the execution process, and check the trace captured by filtering port used. Check if there's any network error in the trace.

     

    Hope this answer can help you well.

     

    Best regards,

    Jill Zhou

     

    0 comments