Windows Admin Center known issues

Applies to: Windows Admin Center, Windows Admin Center Preview

If you encounter an issue not described on this page, let us know.

Installer

• When installing Windows Admin Center using your own certificate, be mindful that if you copy the thumbprint from the certificate manager MMC tool, it contains an invalid character at the beginning. As a workaround, type the first character of the thumbprint, and copy/paste the rest.

• Using port below 1024 isn't supported. In service mode, you may optionally configure port 80 to redirect to your specified port.

General

Note

Self-signed certificates accessed on https://localhost:[port] may cause Windows Admin Center to be blocked on both Microsoft Edge and Google Chrome browsers. When this happens, you may see an error explaining that your connection is not private. Update your Windows Admin Center installation to the latest version to fix this issue.

• Using certain versions of extensions with older versions of Windows Admin Center may result in icons not displaying properly. To fix this issue, upgrade to the latest build of Windows Admin Center.

• Manually modifying URLs to include the names of different machines while using Windows Admin Center, without going through the connection experience in the UI, can result in improper loading of extensions that are compatible with specific hardware. The manual modification of URLs for navigation in Windows Admin Center isn't recommended.

• If you have Windows Admin Center installed as a gateway on Windows Server 2016 under heavy use, the service may crash with an error in the event log that contains Faulting application name: sme.exe and Faulting module name: WsmSvc.dll. This issue is due to a bug that was fixed in Windows Server 2019. The patch for Windows Server 2016 was included the February 2019 cumulative update, KB4480977.

• If you have Windows Admin Center installed as a gateway and your connection list appears to be corrupted, perform the following steps:

  Warning

  This will delete the connection list and settings for all Windows Admin Center users on the gateway.

  1. Uninstall Windows Admin Center
  2. Delete the Server Management Experience folder under C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft
  3. Reinstall Windows Admin Center

• If you leave the tool open and idle for a long period of time, you may get several Error: The runspace state is not valid for this operation errors. If this error occurs, refresh your browser. If you encounter this issue, submit it via our WAC Feedback page.

• There may be minor variance between version numbers of OSS running in Windows Admin Center modules, and what is listed within the third party Software Notice.

• Windows Admin Center tool APIs may be accessed and used through other methods while a session of Windows Admin Center is active and a user has access to that session. The actions taken using these APIs affects only the gateway machine (the machine Windows Admin Center is installed on). This won't affect machines managed remotely without authentication through the Windows Admin Center gateway.

Extension Manager

• When you update Windows Admin Center, you must reinstall your extensions.
• If you add an extension feed that is inaccessible, there's no warning. [14412861]

Partner extension issues

• Dell's EMC OpenManage Integration extension utilizes APIs provided by Windows Admin Center to push files onto target nodes. This API (for example, NodeExtensionInstall) only works when the user is a gateway administrator and doesn't support non-admin use.

Browser Specific Issues

Microsoft Edge

• If you have Windows Admin Center deployed as a service and you're using Microsoft Edge as your browser, connecting your gateway to Azure may fail after spawning a new browser window. Try to work around this issue by adding https://login.microsoftonline.com, https://login.live.com, the URL of your gateway as trusted sites and allowed sites for pop-up blocker settings on your client-side browser. To resolve this issue, see Azure features don't work properly in Microsoft Edge. [17990376]

Google Chrome

• Prior to version 70 (released late October 2018) Chrome had a bug regarding the WebSockets protocol and NTLM authentication. This effects the following tools: Events, PowerShell, Remote Desktop.

• Chrome may pop up multiple credential prompts, especially during the add connection experience in a workgroup (non-domain) environment.

• If you have Windows Admin Center deployed as a service, popups from the gateway URL need to be enabled for any Azure integration functionality to work.

Mozilla Firefox

Windows Admin Center isn't tested with Mozilla Firefox, but most functionality should work.

• Windows 10 Installation: Mozilla Firefox has its own certificate store, so you must import the Windows Admin Center Client certificate into Firefox to use Windows Admin Center on Windows 10.

WebSocket compatibility when using a proxy service

Remote Desktop, PowerShell, Packet Monitoring, and Events modules in Windows Admin Center use the WebSocket protocol, which is often not supported when using a proxy service.

Support for Windows Server versions before 2016 (2012 R2, 2012, 2008 R2)

Note

Windows Admin Center requires PowerShell features that are not included in Windows Server 2012 R2, 2012, or 2008 R2. If you'll manage Windows Server these with Windows Admin Center, you'll need to install WMF version 5.1 or higher on those servers.

Type $PSVersiontable in PowerShell to verify that WMF is installed, and that the version is 5.1 or higher.

If it isn't installed, you can download and install WMF 5.1.

Role Based Access Control (RBAC)

• RBAC deployment fails on machines that are configured to use Windows Defender Application Control (WDAC, formerly known as Code Integrity). [16568455]

• To use RBAC in a cluster, you must deploy the configuration to each member node individually.

• When RBAC is deployed, you may get unauthorized errors that are incorrectly attributed to the RBAC configuration. [16369238]

Server Manager solution

Certificates

• can't import .PFX Encrypted Certificate in to current user store. [11818622]

Events

• Events are affected by websocket compatibility when using a proxy service.

• You may get an error that references “packet size” when exporting large log files.

  • To resolve this, use the following command in an elevated command prompt on the gateway machine: winrm set winrm/config @{MaxEnvelopeSizekb="8192"}

Files

• Uploading or downloading large files not yet supported (~100 mb limit). [12524234]

PowerShell

• PowerShell is affected by the websocket compatibility when using a proxy service.

• Pasting with a single right-click as in the desktop PowerShell console doesn't work. Instead you'll get the browser's context menu, where you can select paste. Ctrl-V works as well.

• Ctrl-C to copy doesn't work, it will always send the Ctrl-C break command to the console. Copy from the right-click context menu works.

• When you make the Windows Admin Center window smaller, the terminal content will reflow, but when you make it larger again, the content may not return to its previous state. If things get jumbled, you can try Clear-Host, or disconnect and reconnect using the button above the terminal.

Registry Editor

• Search functionality not implemented. [13820009]

Remote Desktop

• When Windows Admin Center is deployed as a service, the Remote Desktop tool may fail to load after updating the Windows Admin Center service to a new version. To work around this issue, clear your browser cache. [23824194]

• The Remote Desktop tool may fail to connect when managing Windows Server 2012. [20258278]

• When using the Remote Desktop to connect to a machine that isn't Domain joined, you must enter your account in the MACHINENAME\USERNAME format.

• Some configurations can block Windows Admin Center's remote desktop client with group policy. If you encounter this issue, enable Allow users to connect remotely by using Remote Desktop Services under Computer Configuration/Policies/Administrative Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections.

• Remote Desktop is affected by the websocket compatibility when using a proxy service.

• The Remote Desktop tool doesn't currently support any text, image, or file copy/paste between the local desktop and the remote session.

• To do any copy/paste within the remote session, you can copy as normal (right-click + copy or Ctrl+C), but paste requires right-click + paste (Ctrl+V doesn't work).

• You can't send the following key commands to the remote session

  • Alt+Tab
  • Function keys
  • Windows Key
  • PrtScn

• When using Remote Desktop to connect to a machine, keyboard language mapping may not work properly.

Roles and Features

• When selecting roles or features with unavailable sources for install, they're skipped. [12946914]

• If you choose not to automatically reboot after role installation, we won't ask again. [13098852]

• If you do choose to automatically reboot, the reboot occurs before the status gets updated to 100%. [13098852]

Storage

• Down-level: DVD/CD/Floppy drives don't appear as volumes on down-level.

• Down-level: Some properties in Volumes and Disks aren't available down-level so they appear unknown or blank in details panel.

• Down-level: When creating a new volume, ReFS only supports an allocation unit size of 64 K on Windows 2012 and 2012 R2 machines. If a ReFS volume is created with a smaller allocation unit size on down-level targets, file system formatting fails. The new volume won't be usable. The resolution is to delete the volume and use 64 K allocation unit size.

Updates

After installing updates, install status may be cached and require a browser refresh. You may encounter the error: "Keyset doesn't exist" when attempting to set up Azure Update management. In this case, try the following remediation steps on the managed node:

1. Stop 'Cryptographic Services' service.
2. Change folder options to show hidden files (if necessary).
3. Go to the %allusersprofile%\Microsoft\Crypto\RSA\S-1-5-18 folder and delete all its contents.
4. Restart 'Cryptographic Services' service.
5. Repeat setting up Update Management with Windows Admin Center

Virtual Machines

• When managing the virtual machines on a Windows Server 2012 host, the in-browser VMConnect tool fails to connect to the VM. Downloading the .rdp file to connect to the VM should still work. [20258278]

• Azure Site Recovery – If Azure Site Recovery is set up on the host outside of Windows Admin Center, you won't be able to protect a VM from within Windows Admin Center. [18972276]

• Advanced features available in Hyper-V Manager such as Virtual SAN Manager, Move VM, Export VM, VM Replication are currently not supported.

Virtual Switches

• Switch Embedded Teaming (SET): When adding NICs to a team, they must be on the same subnet.

Computer Management Solution

The Computer Management solution contains a subset of the tools from the Server Manager solution, so the same known issues apply, and the following Computer Management solution-specific issues:

• If you use a Microsoft Account (MSA) or if you use Microsoft Entra ID to sign in to your Windows 10 machine, you must use "manage-as" to provide credentials for a local administrator account. [16568455]

• When you try to manage the localhost, you're prompted to elevate the gateway process. If you select No in the User Account Control popup that follows, you must cancel the connection attempt and start over.

• Windows 10 doesn't have WinRM/PowerShell remoting on by default.

  • To enable management of the Windows 10 Client, you must issue the command Enable-PSRemoting from an elevated PowerShell prompt.

  • You may also need to update your firewall to allow connections from outside the local subnet with Set-NetFirewallRule -Name WINRM-HTTP-In-TCP -RemoteAddress Any. For more restrictive networks scenarios, see how to enable PSRemoting.

Cluster Deployment

Step 1.2

Mixed workgroup machines are currently not supported when adding servers. All machines used for clustering need to belong to same workgroup. If they don't, the next button will be disabled, and the following error will appear: "Can't create a cluster with servers in different Active Directory domains. Verify the server names are correct. Move all the servers into the same domain and try again".

Step 1.4

Hyper-V needs to be installed on virtual machines running the Azure Stack HCI OS. Trying to enable the Hyper-V feature for these virtual machines fails with the following error:

To install Hyper-V on virtual machines running the Azure Stack HCI OS, run the following command:

Enable-WindowsOptionalFeature -Online -FeatureName 'Microsoft-Hyper-V'

Step 1.7

Sometimes servers take longer than expected to restart after updates are installed. The Windows Admin Center cluster deployment wizard checks the server restart state periodically to know if the server was restarted successfully. However, if the user restarts the server outside of the wizard manually, then the wizard doesn't have a way to capture the server state in an appropriate way.

If you would like to restart the server manually, exit the current wizard session. After you have restarted the server, you may restart the wizard.

Stage 4 storage

In stage 4, an error can occur if a user has deleted a cluster and hasn't cleared the storage pools from the cluster. That means the storage pools that are on the system are locked by the old cluster object and only the user can manually clear them.

To clear the configuration, the user needs to run:

1. On all nodes: Clear-ClusterNode

2. Remove all previous storage pools:

   Get-StoragePool
   Get-StoragePool -IsPrimordial 0 | Remove-StoragePool
   

Note

If the storage pools are set as read-only, which can sometimes happen if the cluster is improperly destroyed, then the user needs to first make sure the storage pools are changed to editable before removing. If this is the case, run the following prior to the previous steps:

Get-StoragePool <PoolName>> | Set-StoragePool -IsReadOnly $false

To avoid this scenario in the first place, the user needs to run the following:

1. Remove virtual disk:

   Get-VirtualDisk | Remove-VirtualDisk
   

2. Remove storage pools:

   Get-StoragePool
   Get-StoragePool -IsPrimordial 0 | Remove-StoragePool
   

3. Remove cluster resources:

   Get-ClusterResource | ? ResourceType -eq "virtual machine" | Remove-ClusterResource
   Get-ClusterResource | ? ResourceType -like "*virtual machine*" | Remove-ClusterResource
   

4. Cleaning up:

   Remove-Cluster -CleanupAD
   

5. On all nodes, run:

   Clear-ClusterNode
   

Stretch cluster creation

It's recommended to use servers that are domain-joined when creating a stretch cluster. There's a network segmentation issue when trying to use workgroup machines for stretch cluster deployment due to WinRM limitations.

Undo and start over

When using the same machines repeatedly for cluster deployment, cleanup of previous cluster entities is important to get a successful cluster deployment in the same set of machines. For instructions on how to clean up your cluster, see Deploy hyperconverged infrastructure with Windows Admin Center.

CredSSP in cluster creation

The Windows Admin Center cluster deployment wizard uses CredSSP in several places. You run into the error message "There was an error during the validation. Review error and try again" (this occurs most frequently in the Validate cluster step):

You can use the following steps to troubleshoot:

1. Disable CredSSP settings on all nodes and the Windows Admin Center gateway machine. Run the first command on your gateway machine and the second command on all of the nodes in your cluster:

   Disable-WsmanCredSSP -Role Client
   

   Disable-WsmanCredSSP -Role Server
   

2. Repair the trust on all nodes. Run the following command on all nodes:

   Test-ComputerSecureChannel -Verbose -Repair -Credential <account name>
   

3. Reset group policy propagated data by running the following command on all nodes:

   gpupdate /force
   

4. Reboot each node. After reboot, test the connectivity between your gateway machine and target nodes, and your connectivity between nodes, using the following command:

   Enter-PSSession -ComputerName <node fqdn>
   

CredSSP

• The Updates tool will sometimes throw the CredSSP error You can't use Cluster-Aware updating tool without enabling CredSSP and providing explicit credentials:

  

  This error was widely seen when new clusters are created and then you try to access the Updates tool for these clusters in Windows Admin Center. This issue is fixed in Windows Admin Center v2110. [36734941]

• The CredSSP session endpoint permission issue is a common CredSSP error that can be seen when Windows Admin Center runs on Windows client machines. This issue is widely seen when the user who is using Windows Admin Center isn't the same user who installed Windows Admin Center on the client machine.

  To mitigate this problem, we have introduced the Windows Admin Center CredSSP administrators' group. The user facing this problem should be added to this group and then sign in again to the desktop computer running Windows Admin Center. Below is an image of what the error notification was before (left) and after (right) the modification:

  

Nested Virtualization

When validating Azure Stack HCI OS cluster deployment on virtual machines, nested virtualization needs to be turned on before roles/features are enabled using the below PowerShell command:

Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true

Note

For virtual switch teaming to be successful in a virtual machine environment, the following command needs to be run in PowerShell on the host soon after the virtual machines are created: Get-VM | %{ set-VMNetworkAdapter -VMName $_.Name -MacAddressSpoofing On -AllowTeaming On }

If you're a deploying a cluster using the Azure Stack HCI OS, there's an extra requirement. The VM boot virtual hard drive must be preinstalled with Hyper-V features. To do this, run the following command before creating the virtual machines:

Install-WindowsFeature –VHD <Path to the VHD> -Name Hyper-V, RSAT-Hyper-V-Tools, Hyper-V-PowerShell

Support for RDMA

The cluster deployment wizard in Windows Admin Center version 2007 doesn't provide support for RDMA configuration.

Failover Cluster Manager solution

• When managing a cluster, either Hyper-Converged or traditional, you may encounter a shell was not found error. If this happens either reload your browser, or navigate away to another tool and back. [13882442]

• An issue can occur when managing a down-level (Windows Server 2012 or 2012 R2) cluster that hasn't been configured completely. The fix for this issue is to ensure that the Windows feature RSAT-Clustering-PowerShell has been installed and enabled on each member node of the cluster. To do this with PowerShell, enter the command Install-WindowsFeature -Name RSAT-Clustering-PowerShell on all the cluster nodes. [12524664]

• The Cluster may need to be added with the entire FQDN to be discovered correctly.

• When connecting to a cluster using Windows Admin Center installed as a gateway, and providing explicit username/password to authenticate, you must select Use these credentials for all connections so that the credentials are available to query the member nodes.

Hyper-Converged Cluster Manager solution

• Some commands such as Drives - Update firmware, Servers - Remove and Volumes - Open are disabled and currently not supported.

Azure services

Azure login and gateway registration

When attempting to register your Windows Admin Center gateway in the Azure China or Azure US Gov cloud domains in version 2211, you may be redirected to the Azure Global sign-in experience. To work around this issue, use an earlier version of Windows Admin Center.

In the 2009 release, you may run into issues logging into Azure or registering your Windows Admin Center gateway with Azure. The following should help you mitigate these issues:

• Before using any Azure capabilities within Windows Admin Center, including gateway registration, make sure you're signed into your Azure account in a different tab or window. We suggest signing in through the Azure portal.

• If you successfully sign into Azure during gateway registration but don't see visual confirmation on the Azure page of your Windows Admin Center settings, try navigating to a different page in settings before navigating back to the Azure page.

• The Azure sign-in pop-up may appear more frequently in this build and may require administrators to grant Windows Admin Center permissions more frequently.

• If you have given admin approval for Windows Admin Center in the Azure portal and you're still seeing an error message saying "Need admin approval", try signing into Azure using one of the banners around Windows Admin Center instead of in the Settings page.

• If your proxy is mis-configured, then you may get the error message "Error: Value can't be null. Parameter name: httpClientFactory". Ensure that your proxy is configured correctly by going to Settings page.

Azure File Sync permissions

Azure File Sync requires permissions in Azure that Windows Admin Center didn't provide prior to version 1910. If you registered your Windows Admin Center gateway with Azure using a version earlier than Windows Admin Center version 1910, you'll need to update your Microsoft Entra application to get the correct permissions to use Azure File Sync in the latest version of Windows Admin Center. The additional permission allows Azure File Sync to perform automatic configuration of storage account access as described in Ensure Azure File Sync has access to the storage account.

To update your Microsoft Entra app, you can perform one of these two options:

1. Go to Settings > Azure > Unregister, and then register Windows Admin Center with Azure again, making sure you choose to create a new Microsoft Entra application.

2. Go to your Microsoft Entra application and manually add the permission needed to your existing Microsoft Entra app registered with Windows Admin Center. To do this, go to:

   1. Settings > Azure > View in Azure.
   2. From the App Registration blade in Azure, go to API permissions, select Add a permission.
   3. Scroll down to select Azure Active Directory Graph, select Delegated permissions, expand Directory, and select Directory.AccessAsUser.All.
   4. Select Add permissions to save the updates to the app.

Options for setting up Azure management services

Azure management services including Azure Monitor, Azure Update Management, and Azure Security Center, use the same agent for an on-premises server: the Microsoft Monitoring Agent. Azure Update Management has a more limited set of supported regions and requires the Log Analytics workspace to be linked to an Azure Automation account. Because of this limitation, if you wish to set up multiple services in Windows Admin Center, you must set up Azure Update Management first, and then either Azure Security Center or Azure Monitor. If you've configured any Azure management services that use the Microsoft Monitoring Agent, and then try to set up Azure Update Management using Windows Admin Center, Windows Admin Center will only allow you to configure Azure Update Management if the existing resources linked to the Microsoft Monitoring Agent support Azure Update Management. If not, you have two options:

1. Go to the Control Panel > Microsoft Monitoring Agent to disconnect your server from the existing Azure management solutions (like Azure Monitor or Azure Security Center). Then set up Azure Update Management in Windows Admin Center. After that, you can go back to set up your other Azure management solutions through Windows Admin Center without issues.

2. You can manually set up the Azure resources needed for Azure Update Management and then manually add or remove a workspace, outside of Windows Admin Center, to add the new workspace corresponding to the Update Management solution you wish to use.

Windows Remote Management errors

General connection error

A sample error message is as follows:

Cluster wasn't created Connecting to remote server tk5-3wp13r1131.cfdev.nttest.microsoft.com failed
with the following error message:
WinRM cannot complete the operation. Verify that the specified computer name is valid, that the
computer is accessible over the network, and that a firewall exception for the WinRM service is
enabled and allows access from this computer. By default, the WinRM firewall exception for public
profiles limits access to remote computers within the same local subnet. For more information, see
the about_Remote_Troubleshooting Help topic.

This error is the most common when connecting via WinRM. Reasons for this includes:

• DNS couldn't be resolved. Ensure that you use the correct server name.
• The server name couldn't be reached at all (likely a connectivity issue), for example, a network disruption.
• Firewall rules aren't configured for the WinRM service. Firewall rules should be configured for domain and private profiles at the least.
• WinRM service isn't running or disabled. Enable the service and make sure it's always running.

Authentication error

A sample error message is as follows:

Connecting to remote server ack failed with the following error message:
WinRM cannot process the request. The following error with error code 0x8009030e occurred while
using Negotiate authentication: A specified logon session does not exist. It may already have been
terminated. \r\n This can occur if the provided credentials are not valid on the target server, or
if the server identity could not be verified. If you trust the server identity add the server name
to the TrustedHosts list, and then retry the request. User winrm.cmd to view or edit the
TrustedHosts list. Note that computers in the TrustedHosts list might not be authenticated. For
more information about how to edit the TrustedHosts list, run the following command: winrm help
config. For more information, see the about_Remote_Troubleshooting Help topic.

This error mostly occurs on cluster connections. This indicates that WinRM couldn't connect because of the following reasons:

• An attempt is being made to do a remote connection to a domain connected machine when logged in as a local user administrator account.
• The user is in domain but can’t contact the domain, even though they can reach the server. WinRM assumes the user isn't in domain but connection is being made to a domain account.

Possible mitigation's include:

• Always check the domain can be contacted all times and after a network operation.
• All computers you're connecting to should be added in the trusted hosts (FQDNS) such as @{TrustedHosts="VS1.contoso.com,VS2.contoso.com,my2012cluster.contoso.com"}.
• All the validations in the General connection error should pass.

WinRM service

A sample error message is as follows:

We cannot display the changes right now:
Connecting to remote server localhost failed with the
following error message : The client cannot connect to the destination specified in the request.
Verify that the service on the destination is running and is accepting requests. Consult the logs
and documentation for the WS-Management services running on the destination, mostly commonly IIS or
WinRM. If the destination is the WinRM service, run the following command on the destination to
analyze and configure the WinRM service: "winrm quickconfig". For more information, see the
about_Remote_Troubleshooting Help topic.

Possible reasons could be:

• The WinRM service isn't running. The service could be temporarily disabled or not running completely. Ensure the WinRM service is always running.
• The WinRM listener isn't configured or corrupted. The quickest way to solve this problem is to run WinRM quickconfig, which will help you create a listener. In addition to that, WinRM has two listeners for https and http connections, both https connection server and client should have same valid certificates.

Security error

A sample error message is as follows:

Connecting to remote server dc1.root.contoso.com failed with the following error message:
WinRM cannot process the request. The following error with errorcode 0x80090322 occurred while
using Kerberos authentication. An unknown security error occurred. At line:1 char:1 +
Enter-PSSession dc1.root.contoso.com + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo
:InvalidArgument:(dc1.root.contoso.com:String)[Enter-PSSession], PSRemotingTransportException +
FullyQualifiedErrorId : CreateRemoteRunspaceFailed

This error is uncommon. The problem is usually the account trying to do a remote connection. In most cases, one or more default HTTP SPNs are registered to a service account, causing Kerberos authentication to fail. Usually, this happens because some software installed on the server needs one or more SPNs to function properly (e.g: SQL Server Reporting Services, Microsoft Dynamics, SharePoint, etc.).

One SPN (e.g: HTTP/fully.qualified.domain.name) might be registered to a service account and another one might not be (e.g: HTTP/servername). In that case, the WinRM connection succeeds when trying to start a session with the servername (e.g: Enter-PSSession servername) but it fails when trying to start a session with the FQDN (e.g: Enter-PSSession fully.qualified.domain.name).

Check if one or more default HTTP SPNs are registered to a service account:

setspn -q HTTP/servername.or.fqdn

If the SPN is found and the server name isn't in the highlighted field as seen in this error message, proceed to the resolution because that is likely why the WinRM connection fails.

The resolution is to set up dedicated SPNs for WinRM, by specifying the port number and the machine account:

setspn -s HTTP/servername.or.fqdn:5985 servername

Use the IncludePortInSPN parameter when connecting remotely via PowerShell:

Enter-PSSession -ComputerName servername.or.fqdn -SessionOption (New-PSSessionOption -IncludePortInSPN)

WinRM status 500

A sample error message is as follows:

Error: Connecting to remote server YAZSHCISIIH01.ad.yara.com failed with the following error message:
The WinRM client received an HTTP server error status (500), but the remote service did not include
any other information about the cause of the failure. For more information, see the
about_Remote_Troubleshooting Help topic.

This error occurs rarely. This usually means WinRM has failed to process the request. This could be caused by various reasons and it's based on context.

The solution for this would be to make sure remoting is enabled and that WinRM listener is configured to accept requests. Check the event logs for other errors, for example, some of the files in the file system might only have read permissions and WinRM is trying to access those for the connection to be fully actualized.