WinRM and Trusted Hosts for Non-Domain Computers

Error:

[TESTWINDOWS] Connecting to remote server TESTWINDOWS failed with the following error message : Access is denied. For
more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (TESTWINDOWS:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken

Resolution:

Enable-PSRemoting -Force
winrm quickconfig

Error:

PS C:\Windows\system32> enter-pssession 192.168.1.4
enter-pssession : Connecting to remote server 192.168.1.4 failed with the following error message : The WinRM client
cannot process the request. Default authentication may be used with an IP address under the following conditions: the
transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use
winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more
information on how to set TrustedHosts run the following command: winrm help config. For more information, see the
about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ enter-pssession 192.168.1.4
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (192.168.1.4:String) [Enter-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

Resolution

# Notice the 'concatenate' switch in this command - it's a good idea to append, rather than replace existing settings
set-item WSMan:\localhost\Client\TrustedHosts -Value "192.168.1.*" -Concatenate -force
# Error message
PS C:\Windows\system32> Enable-PSRemoting –force
“Set-WSManQuickConfig : <f:WSManFault xmlns:f=”http://schemas.microsoft.com/wbem/wsman/1/wsmanfault” Code=”2150859113″ Machine=”localhost”><f:Message><f:ProviderFault
provider=”Config provider” path=”%systemroot%\system32\WsmSvc.dll”><f:WSManFault xmlns:f=”http://schemas.microsoft.com/wbem/wsman/1/wsmanfault” Code=”2150859113″
Machine=”WinRM1″><f:Message>WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network
connection type to either Domain or Private and try again. </f:Message></f:WSManFault></f:ProviderFault></f:Message></f:WSManFault>
At line:116 char:17
+ Set-WSManQuickConfig -force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Set-WSManQuickConfig], InvalidOperationException
+ FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.SetWSManQuickConfigCommand”
No Firewall exceptions have been made because at least one network adapter has its Network category set to “Public”

# Resolution:
Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private
Enable-PSRemoting –force

# Sample output:
PS C:\Windows\system32> Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private
PS C:\Windows\system32> Enable-PSRemoting -force
WinRM is already set up to receive requests on this computer.
WinRM has been updated for remote management.
WinRM firewall exception enabled.
Configured LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.

# Check WinRM to see if it's listening
Get-NetTCPConnection | Where-Object -Property LocalPort -EQ 5985

Result:

WinRM for non-domain joined computers would require that credentials to be supplied in the connection string, such as:

PS C:\Windows\system32> enter-pssession 192.168.100.4 -Credential rambo
[192.168.1.4]: PS C:\Users\rambo\Documents>

# The notation above represents a successful connection

Leave a Reply

Your email address will not be published. Required fields are marked *