question

LorenzoFongaro-0341 avatar image
0 Votes"
LorenzoFongaro-0341 asked LorenzoFongaro-0341 answered

Operazione CreateShell di WS-Management non riuscita. Codice errore: 2150858770

Good evening. For a few days now I have been gaining experience in using Windows Admin Center. I use a PC with Windows 10 21h1 to control our Windows 2019 Datacenter servers. I proceeded to enable the remote connection of powershell on all servers through Enable-psRemoting. I then proceeded to configure the winrm service with winrm qc. I also bothered to put the Windows 10 pc in the list of trusted servers. All via http and not https. Yesterday everything worked almost perfectly, today some servers to which I accessed with Windows Admin Center do not respond. I checked the logs of each server and on the server side there are no errors, indeed it seems that they accept connections. I checked the Operational log under Windows Remote Management and I could see the error below.

I also uninstalled the Symantec antivirus client but nothing has changed

WS-Management CreateShell operation failed. Error code: 2150858770

  • System

    • Provider

      [ Name] Microsoft-Windows-WinRM
      [ Guid] {a7975c8f-ac13-49f1-87da-5a984a4ab417}


      EventID 142


      Version 0


      Level 2


      Task 10


      Opcode 2


      Keywords 0x4000000000000002


    • TimeCreated

      [ SystemTime] 2021-10-12T16:06:04.0067163Z


      EventRecordID 99233


    • Correlation

      [ ActivityID] {ce4dd6d9-34a0-49a5-a597-1b5093fdb9bd}


    • Execution

      [ ProcessID] 9784
      [ ThreadID] 9552


      Channel Microsoft-Windows-WinRM/Operational


      Computer pconvertibile.timat-service.local


    • Security

      [ UserID] S-1-5-21-3649925477-1211821369-1109786231-2715



  • EventData

    operationName CreateShell
    errorCode 2150858770

windows-serverwindows-10-network
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LorenzoFongaro-0341 avatar image
0 Votes"
LorenzoFongaro-0341 answered

Forgetfulness: I have also created a rule on the firewall of the Symantec antivirus so that it does not block traffic from the Windows 10 PC to the servers that I intend to check if the destination port is the 5985. The antivirus log shows that this traffic is not blocked.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello LorenzoFongano,

We may be talking about some policy that is applying over your settings for WinRM, thus resetting to default and blocking you.

I would try:
Open firewall for "Windows Management Instrumentation"
dcomcnfg to enable remote launch and remote activation
In Computer Management, Services and Applications\WMI Control; right-click Properties> turn on 'remote enable' for namespace and
sub-namespaces for the current container (Note: the Win 10 UI has changed couple of times - just click advanced and hunt for the right settings)

Also run in the remote server:
Enter-PSSession -computername localhost -SessionOption(New-PSSessionOption -NoMachineProfile)

and

Create the following Dwords under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters

MaxFieldLength
Dword
Value 65534 (Decimal)
MaxRequestBytes
Dword
Value 40000 (Decimal)
Reboot the server for the changes to take effect.

If after that it works but it reverts to not working, I would suggest to check the result of GroupPolicies with the command: GPRESULT /H C:\temp\policies.html



--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LorenzoFongaro-0341 avatar image
0 Votes"
LorenzoFongaro-0341 answered

Thank you very much for your kind reply and sorry for my delay.

Please be patient considering I don't have too much experience with WinRM so I have some questions for you.

First of all, you wrote

Open firewall for "Windows Management Instrumentation"

I think I understood correctly and I proceeded as follows:

1) I logged in to the primary domain controller of our domain and I opened the policy that concerns the Windows 10 PC that I want to use for Windows Admin Center.

I opened Administrative Templates Network/Network Connections/Windows Defender Firewall/Domain profile to enable the following policies

  • Windows Defender Firewall: Allow inbound file and printer sharing;

For the moment I allowed the connection from any IP as I put a * in the IP field

  • Windows Defender Firewall: Allow inbound file and printer sharing Excpetion;

For the moment I allowed the connection from any IP as I put a * in the IP field

  • Windows Defender Firewall: Define inbound port exceptions e Windows Defender Firewall: Allow inbound remote administration expection;

Here I set the ports 135,445,1024-1034 as per the following link

https://knowledge.broadcom.com/external/article/164611/need-to-allow-windows-management-instrum.html

Do you think this procedure is correct regarding the Open firewall for "Windows Management Instrumentation" step?

And what do you mean with

dcomcnfg to enable remote launch and remote activation

Regarding this step I don't understand what to do.

Thank you...





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.