Forgetfulness: I have also created a rule on the firewall of the Symantec antivirus so that it does not block traffic from the Windows 10 PC to the servers that I intend to check if the destination port is the 5985. The antivirus log shows that this traffic is not blocked.
Operazione CreateShell di WS-Management non riuscita. Codice errore: 2150858770
Good evening. For a few days now I have been gaining experience in using Windows Admin Center. I use a PC with Windows 10 21h1 to control our Windows 2019 Datacenter servers. I proceeded to enable the remote connection of powershell on all servers through Enable-psRemoting. I then proceeded to configure the winrm service with winrm qc. I also bothered to put the Windows 10 pc in the list of trusted servers. All via http and not https. Yesterday everything worked almost perfectly, today some servers to which I accessed with Windows Admin Center do not respond. I checked the logs of each server and on the server side there are no errors, indeed it seems that they accept connections. I checked the Operational log under Windows Remote Management and I could see the error below.
I also uninstalled the Symantec antivirus client but nothing has changed
WS-Management CreateShell operation failed. Error code: 2150858770
- System
- Provider
[ Guid] {a7975c8f-ac13-49f1-87da-5a984a4ab417} EventID 142 Version 0 Level 2 Task 10 Opcode 2 Keywords 0x4000000000000002- TimeCreated
- Correlation
- Execution
[ ThreadID] 9552 Channel Microsoft-Windows-WinRM/Operational Computer pconvertibile.timat-service.local- Security
- EventData operationName CreateShell
errorCode 2150858770
3 answers
Sort by: Most helpful
-
-
Limitless Technology 39,341 Reputation points
2021-10-13T08:45:26.037+00:00 Hello LorenzoFongano,
We may be talking about some policy that is applying over your settings for WinRM, thus resetting to default and blocking you.
I would try:
Open firewall for "Windows Management Instrumentation"
dcomcnfg to enable remote launch and remote activation
In Computer Management, Services and Applications\WMI Control; right-click Properties> turn on 'remote enable' for namespace and
sub-namespaces for the current container (Note: the Win 10 UI has changed couple of times - just click advanced and hunt for the right settings)Also run in the remote server:
Enter-PSSession -computername localhost -SessionOption(New-PSSessionOption -NoMachineProfile)and
Create the following Dwords under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
MaxFieldLength
Dword
Value 65534 (Decimal)
MaxRequestBytes
Dword
Value 40000 (Decimal)
Reboot the server for the changes to take effect.If after that it works but it reverts to not working, I would suggest to check the result of GroupPolicies with the command: GPRESULT /H C:\temp\policies.html
--If the reply is helpful, please Upvote and Accept as answer--
-
Lorenzo Fongaro 11 Reputation points
2021-10-20T09:18:55.407+00:00 Thank you very much for your kind reply and sorry for my delay.
Please be patient considering I don't have too much experience with WinRM so I have some questions for you.
First of all, you wrote
Open firewall for "Windows Management Instrumentation"
I think I understood correctly and I proceeded as follows:
1) I logged in to the primary domain controller of our domain and I opened the policy that concerns the Windows 10 PC that I want to use for Windows Admin Center.
I opened Administrative Templates Network/Network Connections/Windows Defender Firewall/Domain profile to enable the following policies
- Windows Defender Firewall: Allow inbound file and printer sharing;
For the moment I allowed the connection from any IP as I put a * in the IP field
- Windows Defender Firewall: Allow inbound file and printer sharing Excpetion;
For the moment I allowed the connection from any IP as I put a * in the IP field
- Windows Defender Firewall: Define inbound port exceptions e Windows Defender Firewall: Allow inbound remote administration expection;
Here I set the ports 135,445,1024-1034 as per the following link
https://knowledge.broadcom.com/external/article/164611/need-to-allow-windows-management-instrum.html
Do you think this procedure is correct regarding the Open firewall for "Windows Management Instrumentation" step?
And what do you mean with
dcomcnfg to enable remote launch and remote activation
Regarding this step I don't understand what to do.
Thank you...