PowerShell: WinRM cannot complete the operation

Vamos a solucionar un problema de Powershell que me llevo algo de tiempo en descubrir que fallaba….

En Powershell podemos invocar un comando remotamente en otro pc como si estuviéramos en el.


Para ello solo hay que ejecutar:

Invoke-Command -ComputerName vicolinker-pc -ScriptBlock {Get-ChildItem “C:\Program Files”}


Esto debería darnos una lista completa de los archivos que tiene en Archivos de programas (por ejemplo), pero nos da el siguiente error:

[vicolinker-pc] Connecting to remote server vicolinker-pc failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, 
and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more 
information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (vicolinker-pc:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken


Este error se debe a que en el PC remoto no tenemos instalado WinRM que abre el protocolo WSMan mediante Http/https , así que vamos a instalarlo con cualquiera de estos métodos:


Nota: Cada método depende de la versión de windows y siempre tienen que ejecutarse en un CMD o Powershell con permisos de administrador.

1. CMD:

winrm quickconfig

WinRM quickconfig
 WinRM service is already running on this machine.
 WinRM is not set up to allow remote access to this machine for management.
 The following changes must be made:

 Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this
 machine.

 Make these changes [y/n]? y

 WinRM has been updated for remote management.

 Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this
 machine.


Es posible que te de este error por problemas del Firewall:

WinRM service type changed successfully.
WinRM service started.
WSManFault
    Message
        ProviderFault
            WSManFault
                Message = WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again.

Error number:  -2144108183 0x80338169
WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again.

Entonces podemos forzar la instalación con:

winrm quickconfig -force


2. CMD / Powershell:

powershell Enable-PSRemoting


3. Funciona en algunos Windows Server (2002 me parece)

%windir%\system32\Configure-SMRemoting.exe -enable


Después de haber habilitado el WsMan debemos abrir los puertos en el firewall o desactivar el firewall por completo para probar, de no hacerlo no se podrá conectar.

TCP/5985 = HTTP
TCP/5986 = HTTPS



Ahora vamos a probar que todo funciona correctamente con cualquiera de estos comandos:

Test-WSMan vicolinker-pc
WinRM enumerate winrm/config/listener

Si PS responde con algo similar a esto, es que esta todo bien:

wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd 
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd 
ProductVendor : Microsoft Corporation 
ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0


Si es que falla te dará un errores como estos, deberías revisar los puertos del firewall o desactivarlo para probar:

PS C:\WINDOWS\system32> Test-WSMan vicolinker-pc
Test-WSMan : WinRM cannot complete the operation. Verify that the specified computer name is 
valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to 
remote computers within the same local subnet. 
At line:1 char:1
+ Test-WSMan vicolinker-pc
+ ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (vicolinker-pc:String) [Test-WSMan], InvalidOperationException
    + FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.TestWSManCommand
 

PS C:\WINDOWS\system32> WinRM enumerate winrm/config/listener
WinRM : WSManFault
At line:1 char:1
+ WinRM enumerate winrm/config/listener
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (WSManFault:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
 
    Message = The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service 
running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". 
Error number:  -2144108526 0x80338012
The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the 
destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". 

Set-Item WSMan:\localhost\Service\EnableCompatibilityHttpListener -Value true