20,212 questions
the command netsh http show iplisten gives back:
IP addresses present in the IP listen list:
-------------------------------------------
::
WinRM Listener not bound to IPv4
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 44%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
MaHuBe
96
Reputation points
Hi all
On one of our Servers, I face the problem to not being able to query WinRM from a remote Computer.
After investigating different things, I found, that the WinRM listener is not bound to the IPv4 address of the Server.
Unfortunately, I was not able to find out, why the listener not binds to that address.
I setup WinRM with the following command:
winrm create winrm/config/Listener?Address=*+Transport=HTTP
If I run the the command to get the running configuration I get:
PS C:\WINDOWS\system32> winrm enumerate winrm/config/Listener
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 127.0.0.1, 192.168.0.130, ::1, fe80::91f5:13f7:9b77:88cd%4
Test with wsman locally :
PS C:\WINDOWS\system32> test-wsman
wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor : Microsoft Corporation
ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0
But if I take a look with netstat, only the IPv6 address has a listener bound to it:
PS C:\WINDOWS\system32> netstat -ano | findstr 5985
TCP [::]:5985 [::]:0 LISTENING 4
On other Servers I can also see a listener bound do IPv4 with 0.0.0.0
In that case, for example, netstat shows the following:
PS C:\Windows\system32> netstat -ano | findstr 5985
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP [::]:5985 [::]:0 LISTENING 4
Any Idea, where to look at next?
Windows for business | Windows Server | User experience | Other
{count} votes
-
Andy YOU 3,076 Reputation points2021-07-29T10:30:03.757+00:00 HI
I am researching your issue, thanks for your waiting.
-
MaHuBe 96 Reputation points
2021-08-09T07:18:57.287+00:00 Hi JiaYou
Thank you for your time.
Did you find something? -
MotoX80 36,291 Reputation points2021-08-09T12:19:09.84+00:00 Maybe try a "winrm quickconfig -force"
-
MaHuBe 96 Reputation points
2021-08-11T07:52:18.51+00:00 If I execute this command, I get the following:
WinRM service is already running on this machine. WinRM is already set up for remote management on this computer.Then I run
winrm delete winrm/config/Listener?Address=*+Transport=HTTPand
winrm enumerate winrm/config/ListenerThis gives me an empty result.
After that again:
winrm quickconfig -forcewhich results in:
The following changes must be made: Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine. WinRM has been updated for remote management. Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.After that, I go ahead with the steps as described in the first post an still only IPv6 has a listener on it.
-
MotoX80 36,291 Reputation points
2021-08-11T21:27:23.697+00:00 What about specifying the machines IPV4 address?
winrm create winrm/config/Listener?Address=IP:192.168.1.5+Transport=HTTP
Sign in to comment
Accepted answer
-
MaHuBe 96 Reputation points
2021-08-13T11:08:07.32+00:00 -
Gary Nebbett 6,216 Reputation points2021-08-13T11:19:57.633+00:00 Hello Martin,
That explains everything. Unless you have a compelling reason to do otherwise, issue the command
netsh http delete iplisten ipaddress=::and then check the listen addresses of the WinRM ports.Gary
-
MaHuBe 96 Reputation points
2021-08-13T13:50:10.703+00:00 Gary, your my Hero!
I don't know how much time I spent to solve this issue and now it is resolved.
But where is this listener from?
Any suspicion?
Sign in to comment -
2 additional answers
Sort by: Most helpful
-
Gary Nebbett 6,216 Reputation points
2021-08-11T10:23:13.57+00:00 Hello @MaHuBe ,
You could try the following:
- Start a ETW trace on the system where the WinRM listener is running with the command
netsh trace start provider=Microsoft-Windows-WinRM provider=Microsoft-Windows-TCPIP keywords=ut:Global,ut:Endpoint,ut:TcpipEndpoint,ut:TcpipListener,ut:TcpipBind,ut:ConnectPath level=4 provider=Microsoft-Windows-HttpService provider=Microsoft-Windows-HttpEvent provider={20f61733-57f1-4127-9f48-4ab7a9308ae2} keywords=0xFFFFFFFF level=5 report=disabled tracefile=why.etl - Restart the WinRM service.
- Stop the ETW trace with the command
netsh trace stop - Either analyse the why.etl file yourself or make it available here.
Gary
-
MaHuBe 96 Reputation points
2021-08-11T14:09:29.26+00:00 Hello Gary
Thank you for your time.
The File is available under: https://nc.rms-foundation.ch/index.php/s/nRETB4CkEGS8d36
It will last until 2021-08-18.I wasn't able to see what is causing the problem.
Martin
Sign in to comment - Start a ETW trace on the system where the WinRM listener is running with the command
-
Gary Nebbett 6,216 Reputation points
2021-08-11T15:04:57.16+00:00 Hello Martin,
This is the key sequence of the trace and everything seems to proceed as expected:
One would not expect to see explicit mention of an IPv4 address in that trace; the addresses that are shown are all zeroes addresses and just displayed in IPv6 format as a limitation of the trace format.
I can't see the cause of the problem in the trace either, but that prompted me to think about what could be causing the issue and the HTTP "IP listen list" emerged as the most likely explanation. What does the output of
netsh http show iplistenlook like?Gary