PowerShell: WinRM cannot complete the operation
Vamos a solucionar un problema de Powershell que me llevo algo de tiempo en descubrir que fallaba….
En Powershell podemos invocar un comando remotamente en otro pc como si estuviéramos en el.
Para ello solo hay que ejecutar:
Invoke-Command -ComputerName vicolinker-pc -ScriptBlock {Get-ChildItem “C:\Program Files”}
Esto debería darnos una lista completa de los archivos que tiene en Archivos de programas (por ejemplo), pero nos da el siguiente error:
[vicolinker-pc] Connecting to remote server vicolinker-pc failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network,
and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more
information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (vicolinker-pc:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken
Este error se debe a que en el PC remoto no tenemos instalado WinRM que abre el protocolo WSMan mediante Http/https , así que vamos a instalarlo con cualquiera de estos métodos:
Nota: Cada método depende de la versión de windows y siempre tienen que ejecutarse en un CMD o Powershell con permisos de administrador.
1. CMD:
winrm quickconfig
WinRM quickconfig
WinRM service is already running on this machine.
WinRM is not set up to allow remote access to this machine for management.
The following changes must be made:
Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this
machine.
Make these changes [y/n]? y
WinRM has been updated for remote management.
Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this
machine.
Es posible que te de este error por problemas del Firewall:
WinRM service type changed successfully.
WinRM service started.
WSManFault
Message
ProviderFault
WSManFault
Message = WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again.
Error number: -2144108183 0x80338169
WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again.
Entonces podemos forzar la instalación con:
winrm quickconfig -force
2. CMD / Powershell:
powershell Enable-PSRemoting
3. Funciona en algunos Windows Server (2002 me parece)
%windir%\system32\Configure-SMRemoting.exe -enable
Después de haber habilitado el WsMan debemos abrir los puertos en el firewall o desactivar el firewall por completo para probar, de no hacerlo no se podrá conectar.
TCP/5985 = HTTP
TCP/5986 = HTTPS
Ahora vamos a probar que todo funciona correctamente con cualquiera de estos comandos:
Test-WSMan vicolinker-pc
WinRM enumerate winrm/config/listener
Si PS responde con algo similar a esto, es que esta todo bien:
wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor : Microsoft Corporation
ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0
Si es que falla te dará un errores como estos, deberías revisar los puertos del firewall o desactivarlo para probar:
PS C:\WINDOWS\system32> Test-WSMan vicolinker-pc
Test-WSMan : WinRM cannot complete the operation. Verify that the specified computer name is
valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to
remote computers within the same local subnet.
At line:1 char:1
+ Test-WSMan vicolinker-pc
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (vicolinker-pc:String) [Test-WSMan], InvalidOperationException
+ FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.TestWSManCommand
PS C:\WINDOWS\system32> WinRM enumerate winrm/config/listener
WinRM : WSManFault
At line:1 char:1
+ WinRM enumerate winrm/config/listener
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (WSManFault:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Message = The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service
running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".
Error number: -2144108526 0x80338012
The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the
destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".
Set-Item WSMan:\localhost\Service\EnableCompatibilityHttpListener -Value true