Getting Access Denied from WinRM on Windows 2008 R2
I have discovered that, on the affected server, access to winrm is limited to members of a single, custom Group (Local Users and Groups). Adding the administrator users to that Group enables access for those users.
Now I am trying to figure out how access was limited to members of the custom group. My consolation is that the IT specialists at our hosting company haven't figured it out yet either.
Related videos on Youtube
mobill
Developing, and managing the development of software for > 30 years. .NET, C#, VB, SQL, MS Access, SharePoint, Java, JavaScript, C.
Updated on September 18, 2022Comments
-
mobill over 1 year
How do I restore WinRM on a Windows 2008 R2 machine back to it's 'out-of-the-box' state? Or alternatively, how do I get WinRM to start talking to me again?
I'm logged in as administrator via RDP. Any attempt to access or configure winrm is met with Access is Denied.
I have 3 other servers where WinRM works fine.
At some point in the last 2 months WinRM has become inaccessible on the 4th server.
I have spent about 2 days reading, researching, and trying different things to get WinRM working again. Here are a few:
- help about_Remote_Troubleshooting
- Jonathan Jordan's WinRM Trouble Shooting post
- PowerShell remoting guide
- a bunch of these Google hits
- not a duplicate of none of these answers solved my problem, nor did they answer my question on how to reset WinRM to a default, install state.
LocalAccountTokenFilterPolicy is set to 1
Firewall rules are the same for all of the servers.
The Windows Remote Management service is up and running.Here are some examples of what I'm seeing with various commands:
PS C:\> winrm id IdentifyResponse ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd ProductVendor = Microsoft Corporation ProductVersion = OS: 6.1.7601 SP: 1.0 Stack: 2.0
winrm quickconfig
PS C:\> winrm quickconfig WinRM already is set up to receive requests on this machine. WSManFault Message = Access is denied. Error number: -2147024891 0x80070005
winrm enumerate winrm/config/listener
PS C:\> winrm enumerate winrm/config/listener WSManFault Message = Access is denied. Error number: -2147024891 0x80070005 Access is denied.
Set-PSSessionConfiguration Microsoft.Powershell -ShowSecurityDescriptorUI
Performing operation "Set-PSSessionConfiguration" on Target "Name: Microsoft.PowerShell". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y Access is denied. At line:15 char:26 + if ((!$pluginName) -or <<<< !(test-path "$pluginDir")) + CategoryInfo : InvalidOperation: (:) [], InvalidOperationException + FullyQualifiedErrorId : WsManError Join-Path : Access is denied. At line:22 char:35 + $pluginFileNamePath = Join-Path <<<< "$pluginDir" 'FileName' + CategoryInfo : NotSpecified: (:) [Join-Path], InvalidOperationException + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.JoinPathCommand Test-Path : Cannot bind argument to parameter 'Path' because it is an empty string. At line:23 char:19 + if (!(test-path <<<< "$pluginFileNamePath")) + CategoryInfo : InvalidData: (:) [Test-Path], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed,Microsoft.PowerShell.Commands.Test PathCommand Get-Item : Cannot bind argument to parameter 'LiteralPath' because it is an empty string. At line:29 char:43 + $pluginFileName = get-item -literalpath <<<< "$pluginFileNamePath" + CategoryInfo : InvalidData: (:) [Get-Item], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed,Microsoft.PowerShell.Commands.GetI temCommand Set-PSSessionConfiguration : Session Configuration "Microsoft.PowerShell" is not a PowerShell based shell. At line:89 char:27 + Set-PSSessionConfiguration <<<< $args[0] $args[1] $args[2] $args[3] $args[4] $args[5] $args[6] $args[7] $args[8] + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Set-PSSessionConfiguration
and Server Manager
-
raja almost 8 yearsPossible duplicate of Enabling Powershell Remoting, Access is denied?
-
raja almost 8 yearsDid you try serverfault.com/questions/337905/…
-
mobill almost 8 yearsI did. One of the first I ran across. Nothing there helped.