Search code examples
windowspowershellpowershell-4.0powershell-remoting

Enable-PSRemoting returns error Unable to check the status of the firewall

When I run the command Enable-PSRemoting I get the following error:

PS C:\Windows\system32> Enable-PSRemoting

WinRM Quick Configuration
Running command "Set-WSManQuickConfig" to enable remote management of this computer by using the Windows Remote
Management (WinRM) service.
 This includes:
    1. Starting or restarting (if already started) the WinRM service
    2. Setting the WinRM service startup type to Automatic
    3. Creating a listener to accept requests on any IP address
    4. Enabling Windows Firewall inbound rule exceptions for WS-Management traffic (for http only).

Do you want to continue?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): a
WinRM is already set up to receive requests on this computer.
Set-WSManQuickConfig : <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2"
Machine="localhost"><f:Message><f:ProviderFault provider="Config provider"
path="%systemroot%\system32\WsmSvc.dll"><f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"
Code="2" Machine="my_laptop.ad.mydomain.com"><f:Message>Unable to check the status of the firewall.
</f:Message></f:WSManFault></f:ProviderFault></f:Message></f:WSManFault>
At line:69 char:17
+                 Set-WSManQuickConfig -force
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Set-WSManQuickConfig], InvalidOperationException
    + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.SetWSManQuickConfigCommand

From what I've been able to find, this error is supposed to occur when the PC is on a public network. This PC is NOT on a public network but rather is joined to a domain. Running Get-NetConnectionProfile confirms the DomainAuthenticated network status. How do I resolve this and get Enable-PSRemoting to run correctly?

I have a Windows 8 PC running Powershell 4.0.

Solution

  • The best way to set up PSRemoting is through Group Policy. You'll want to configure the following settings.

    Set up the listener:

    /Computer Configuration
    /Administrative Templates
    /Windows Components
    /Windows Remote Management (WinRM)
    /WinRM Service
        /Allow remote server management through WinRM
            - Enabled
            - IPv4 filter: *

    Set up firewall rules:

    /Computer Configuration
    /WindowsSettings
    /Security Settings
    /Windows Firewall with Advanced Security
        /Inbound Rules
            - Type: Port
            - Protocol: TCP
            - Port: 5985
            - Allow the connection
            - Profile: Domain
        /Outbound Rules
            - Type: Port
            - Protocol: TCP
            - Port: 5985
            - Allow the connection
            - Profile: Domain

    Set up the service:

    /Computer Configuration
    /WindowsSettings
    /Security Settings
        /System Services
        /Windows Remote Management (WS-Management)
            - Startup mode: Automatic
            > Define this policy setting
                - Service name: WinRM
                - Service action: Start Service
                - Set all Recovery tab actions: Restart the Service

    After configuring your policy, WinRM should be in working order. You can validate that remoting is working using the following:

    # this tests against the FQDN
Test-WSMan -ComputerName [Net.Dns]::GetHostEntry($Env:COMPUTERNAME).HostName