Windows PowerShell WinRm and WSMan

Windows PowerShell WinRm and WSMan

To get PowerShell’s remoting capability working fully, you need an extra ‘shell’, which is supplied by the WinRm.  Even after the WinRm service install completes successfully, you need to tweak its config settings before the remote sessions become operational.

Remoting With PowerShell WinRm and WSMan

 ♣

Preliminary Discussion of PowerShell WinRm

WinRm is the underlying engine or resource for PowerShell remoting; it is also the name of the additional executable that you need to download from the Microsoft Connect site.  Once installed, you can access WinRm directly from the ‘DOS’ command line, or better still, check and amend settings with PowerShell’s own WSMan: provider.

PowerShell WinRm Problem – WSMan Solution

PowerShell has handy commands to create remote sessions such as

# PowerShell v 2.0
Enter-PSSession -computerName otherMachine 

Problem the above command does not work because a WinRm settings called TrustedHosts needs configuring.  To achieve this goal we need to enter the PowerShell WSMan namespace.  (The other alternative is to use cmd and call for WinRm -?)

Use PowerShell Itself to Control TrustedHosts

Preamble: If you need a refresher on ‘cd’ (Change directory) try this at the PowerShell command line, for example:
cd c:
or
cd c:\windows

PowerShell WSMan Example – Connect to the ‘Client’ Sub-folder

Rather than a succession of short steps, we could use one longish path statement.  Dir displays the TrustedHosts settings stored in the client sub-folder.

# PowerShell WSMan Example
cd wsman::localhost\client
dir

However, if the above does not work then try this alternative line-by-line method:

cd wsman:
cd localhost\client
dir

Please note: cd wsman fails, we need that colon.

cd wsman:  (Succeeds now we can access the wsman ‘area’, ‘namespace’ or ‘drive’.)

TrustedHosts Goal:  To set, or change TrustedHosts so that any machine can connect remotely.

# PowerShell TrustedHosts Example
Set-Item TrustedHosts * 
Restart-Service WinRm

A more restrictive approach would be to set the value for TrustedHosts to a named machine.

Set-Item TrustedHosts BigServer

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM)Review of Orion NPM v11.5 v11.5

SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

Download a free trial of Solarwinds’ Network Performance Monitor

Setting Up Remoting

Enable-PSRemoting

What this does is start the WinRM service and sets the startup type to Automatic.  It is also supposed to enable a firewall exception for WS-Management communications.  However, Guy believes that sometimes it lies, and you need to configure the firewall manually.

Enable-PSRemoting also creates a listener to accept requests on any IP address.

Troubleshooting TrustedHosts Remote Connection Problems

  • One common problem is ERROR: Access is denied.
    Solution: Launch PowerShell with elevated rights, in simple language: Run as administrator.
  • Try setting TrustedHosts * on BOTH machines, that is the machine acting as the client as well as the server to which you are trying to establish a session.
  • Remember that for once this is a plural TrustedHostS.
  • Remember to restart the WinRm service, otherwise changes won’t take effect, try:
    Restart-Service WinRm
  • Keep your eye on the difference between the namespace WSMan and the Windows service winrm.
  • Bizarre and wacky.  Try connecting using Remote Desktop.  Bizarrely this may fail on the first attempt but succeed on the second attempt.  Now for the good news, re-try:

# PowerShell v 2.0
Enter-PSSession -computerName otherMachine 

Firewalls, PowerShell and "The rpc server is unavailable"

  • Security experts will hold up the hands in horror at this suggestion, but if you get the error message: "The rpc server is unavailable", then I suggest that you turn off the firewall on both machines.
  • Now if that works, then great, but follow-up by testing which ports are involved (135, 445), then try configuring the firewall with exceptions that allow PowerShell remoting, but retain firewall protection from other threats.
  • See how to disable a Windows 8 firewall with a Group Policy.
  • P.S. I have read that Enable-PSRemoting is supposed to take care of the firewall settings automatically, but in my experience this was not always the case.

Engineer's Toolset v10Guy Recommends: SolarWinds Engineer’s Toolset v10

This Engineer’s Toolset v10 provides a comprehensive console of 50 utilities for troubleshooting computer problems.  Guy says it helps me monitor what’s occurring on the network, and each tool teaches me more about how the underlying system operates.

There are so many good gadgets; it’s like having free rein of a sweetshop.  Thankfully the utilities are displayed logically: monitoring, network discovery, diagnostic, and Cisco tools.  Try the SolarWinds Engineer’s Toolset now!

Download your fully functional trial copy of the Engineer’s Toolset v10

Summary of Windows PowerShell WinRm and WSMan

To make sure that PowerShell’s remoting is not restricted we often need to check the client settings. For this we can use cmd and WinRm, or better, PowerShell and WSMan.  A common use of this technique is to change the TrustedHosts from nobody to everybody. 

If you like this page then please share it with your friends

 


See more Windows PowerShell tutorials

PShell Home   • Introduction   • Dreams   • 3 Key Commands   • PowerShell Help About   • Get-Help

PowerShell v 3.0   • Set-ExecutionPolicy   • Get-Command   • Cmdlet scripts   • Import-Module

PowerShell Version Check   • Backtick   • PowerShell examples   • PowerShell ISE   • Get-Member

Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.