System Center Virtual Manager Machine R2+SP1 (mscvmm2008r2sp1) Fail to install with Error 205
-
Sunday, April 15, 2012 8:20 AM
Hi All,
First of all thanks of reading my question. Next I need a help as I am facing a problem:
Background
I am working to install a private cloud on my desktop and while installing System Center Virtual Manager Mahchine R2+Sp1 facing a problem where during setup I am getting error i.e
"Product: Microsoft Systsem Center Virtual Machine Manager 2008 R2 Server (x64) -- Failed to configure the WS-Management Service. In the Local Group Policy Editor (gpedit.msc), navigate to computer configuration\Administrative Templates\Windows COmponents\Windows Remote Management (WinRM), and then ensure that there no policy settings configured for WinRM client or WinRM Service."
Also in the logs I have entry
CreateWsmanListenerOnPort::resourceUri: winrm/config/listener?address=*+transport=http; on port:80
CreateWsmanListenerOnPort:: failed to create: ; error: An unknown security error occured.
Machine Configuration
Windows 2008 R2 Enterprise Edition (x64)
Intel (R) Core (TM) i5-2400 CPU @ 3.10 GHZ 3.10 GHZ
RAM: 8 GB
SQL 2008 R2 (x62) Developer Edition -- Installed for VMM's backend server
AD, IIS, DNS server is configured on the same machine and running.
Domain: WIN2K8R2.sethi.com
MachineName: WIN2K8R2
Work Done
Gone thru this article http://blogs.technet.com/b/scvmm/archive/2009/05/12/solution-unable-to-add-a-managed-host-in-scvmm-2008-error-2927-0x8033809d.aspx"
As mentioned in this article I ran the spnquery\.vbs and not able to see any duplicate SPNs
command executed: cscript spnquery.vbs HOST/WIN2K8R2*>m:\output.txt
Below is the output.
Microsoft (R) Windows Script Host Version 5.8 Copyright (C) Microsoft Corporation. All rights reserved. CN=WIN2K8R2,OU=Domain Controllers,DC=sethi,DC=com Class: computer Computer DNS: WIN2K8R2.sethi.com -- MSSQLSvc/WIN2K8R2.sethi.com:SCVMM -- ldap/WIN2K8R2.sethi.com/ForestDnsZones.sethi.com -- ldap/WIN2K8R2.sethi.com/DomainDnsZones.sethi.com -- Microsoft Virtual System Migration Service/WIN2K8R2 -- Microsoft Virtual System Migration Service/WIN2K8R2.sethi.com -- Microsoft Virtual Console Service/WIN2K8R2 -- Microsoft Virtual Console Service/WIN2K8R2.sethi.com -- Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/WIN2K8R2.sethi.com -- DNS/WIN2K8R2.sethi.com -- GC/WIN2K8R2.sethi.com/sethi.com -- RestrictedKrbHost/WIN2K8R2.sethi.com -- RestrictedKrbHost/WIN2K8R2 -- HOST/WIN2K8R2/SETHI -- HOST/WIN2K8R2.sethi.com/SETHI -- HOST/WIN2K8R2 -- HOST/WIN2K8R2.sethi.com -- HOST/WIN2K8R2.sethi.com/sethi.com -- E3514235-4B06-11D1-AB04-00C04FC2DCD2/5a5d3957-6772-4a32-8ea3-765fe77359b0/sethi.com -- ldap/WIN2K8R2/SETHI -- ldap/5a5d3957-6772-4a32-8ea3-765fe77359b0._msdcs.sethi.com -- ldap/WIN2K8R2.sethi.com/SETHI -- ldap/WIN2K8R2 -- ldap/WIN2K8R2.sethi.com -- ldap/WIN2K8R2.sethi.com/sethi.com CN=WIN2K8R2CLUSDTC,CN=Computers,DC=sethi,DC=com Class: computer Computer DNS: WIN2K8R2ClusDtc.sethi.com -- MSServerClusterMgmtAPI/WIN2K8R2ClusDtc.sethi.com -- MSServerClusterMgmtAPI/WIN2K8R2CLUSDTC -- MSClusterVirtualServer/WIN2K8R2ClusDtc.sethi.com -- MSClusterVirtualServer/WIN2K8R2CLUSDTC -- HOST/WIN2K8R2ClusDtc.sethi.com -- HOST/WIN2K8R2CLUSDTC CN=WIN2K8R2CLUSTER,CN=Computers,DC=sethi,DC=com Class: computer Computer DNS: WIN2K8R2Cluster.sethi.com -- MSServerCluster/WIN2K8R2Cluster.sethi.com -- MSServerCluster/WIN2K8R2Cluster -- MSServerClusterMgmtAPI/WIN2K8R2Cluster.sethi.com -- MSServerClusterMgmtAPI/WIN2K8R2Cluster -- MSClusterVirtualServer/WIN2K8R2Cluster.sethi.com -- MSClusterVirtualServer/WIN2K8R2Cluster -- HOST/WIN2K8R2Cluster.sethi.com -- HOST/WIN2K8R2Cluster
I am also getting those Kerberose related errors as mentioned in the article.
When I run winrm qc I am getting errors as below:
M:\>winrm qc WinRM already is set up to receive requests on this machine. WSManFault Message = WinRM cannot process the request. The following error occured whil e using Negotiate authentication: An unknown security error occurred. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified . -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does n ot exist. -The client and remote computers are in different domains and there is no trus t between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM T rustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: w inrm help config. Error number: -2144108387 0x8033809D An unknown security error occurred.Need help don't know what I am missing.
Below is the output of spnquery.vbs by passing HOST/WIN2K8R2.sethi.com
Microsoft (R) Windows Script Host Version 5.8 Copyright (C) Microsoft Corporation. All rights reserved. CN=WIN2K8R2,OU=Domain Controllers,DC=sethi,DC=com Class: computer Computer DNS: WIN2K8R2.sethi.com -- MSSQLSvc/WIN2K8R2.sethi.com:SCVMM -- ldap/WIN2K8R2.sethi.com/ForestDnsZones.sethi.com -- ldap/WIN2K8R2.sethi.com/DomainDnsZones.sethi.com -- Microsoft Virtual System Migration Service/WIN2K8R2 -- Microsoft Virtual System Migration Service/WIN2K8R2.sethi.com -- Microsoft Virtual Console Service/WIN2K8R2 -- Microsoft Virtual Console Service/WIN2K8R2.sethi.com -- Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/WIN2K8R2.sethi.com -- DNS/WIN2K8R2.sethi.com -- GC/WIN2K8R2.sethi.com/sethi.com -- RestrictedKrbHost/WIN2K8R2.sethi.com -- RestrictedKrbHost/WIN2K8R2 -- HOST/WIN2K8R2/SETHI -- HOST/WIN2K8R2.sethi.com/SETHI -- HOST/WIN2K8R2 -- HOST/WIN2K8R2.sethi.com -- HOST/WIN2K8R2.sethi.com/sethi.com -- E3514235-4B06-11D1-AB04-00C04FC2DCD2/5a5d3957-6772-4a32-8ea3-765fe77359b0/sethi.com -- ldap/WIN2K8R2/SETHI -- ldap/5a5d3957-6772-4a32-8ea3-765fe77359b0._msdcs.sethi.com -- ldap/WIN2K8R2.sethi.com/SETHI -- ldap/WIN2K8R2 -- ldap/WIN2K8R2.sethi.com -- ldap/WIN2K8R2.sethi.com/sethi.com
Please help me to understand what I am missing.
Regards Gursethi Blog: http://gursethi.blogspot.com/ ++++ Please mark "Propose As Answer" if my answer helped ++++
All Replies
-
Sunday, April 15, 2012 8:39 AM
Hello,
As you mentioned "AD, IIS, DNS server is configured on the same machine and running."
If you have IIS And Default APP Bindings are set to HTTP:80
WinRM also tries to use the same port. I think for that reason you are facing with problem.
Information is as below ;
winrm enumerate winrm/config/listener
Listener Address = *
Transport = HTTP Port = 80
Hostname Enabled = true
URLPrefix = wsman
CertificateThumbprint
Sincerely,
Murat Demirkiran
If the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. www.scvmm2012.com (TR Language)
-
Sunday, April 15, 2012 9:18 AM
Hi Murat,
Thanks for your reply. I did make the change in IIS and configured HTTP to listen on 8080 port. After that I restarted WINRM service and tried running
winrm enumerate winrm/config/listener
but again got the same error:
M:\>winrm enumerate win/config/listener WSManFault Message = WinRM cannot process the request. The following error occured whil e using Negotiate authentication: An unknown security error occurred. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified . -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does n ot exist. -The client and remote computers are in different domains and there is no trus t between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM T rustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: w inrm help config. Error number: -2144108387 0x8033809D An unknown security error occurred.At the end it says "An unknown security error occured" and at the same time a error got reported in Eventviewer (System)
The WinRM service failed to create the following SPNs: WSMAN:/WIN2K8R2.sethi.com;WSMAN/WIN2K8R2.
The error received was 8344: %%8344
I have already added them using SETSPN utility:
Microsoft (R) Windows Script Host Version 5.8 Copyright (C) Microsoft Corporation. All rights reserved. CN=NODE1,CN=Computers,DC=sethi,DC=com Class: computer Computer DNS: NODE1.sethi.com -- WSMAN/node1 -- WSMAN/node1.sethi.com -- MSServerClusterMgmtAPI/NODE1 -- MSServerClusterMgmtAPI/node1.sethi.com -- RestrictedKrbHost/NODE1 -- HOST/NODE1 -- RestrictedKrbHost/NODE1.sethi.com -- HOST/NODE1.sethi.com CN=NODE2,CN=Computers,DC=sethi,DC=com Class: computer Computer DNS: NODE2.sethi.com -- WSMAN/node2 -- WSMAN/node2.sethi.com -- MSServerClusterMgmtAPI/NODE2 -- MSServerClusterMgmtAPI/node2.sethi.com -- RestrictedKrbHost/NODE2 -- HOST/NODE2 -- RestrictedKrbHost/NODE2.sethi.com -- HOST/NODE2.sethi.com CN=Administrator,CN=Users,DC=sethi,DC=com Class: user User Logon: Administrator -- WSMAN/WIN2K8R2 -- WSMAN/WIN2K8R2.sethi.com -- http://win2k8r2 -- http/SQLCLUSTER -- http/MSDTC-WIN2K8CLUSTEDtc -- http/WIN2K8CLUSTER -- HTTP/win2k8r2.sethi.com
Any suggestions.
Regards Gursethi Blog: http://gursethi.blogspot.com/ ++++ Please mark "Propose As Answer" if my answer helped ++++
-
Sunday, April 15, 2012 9:44 AM
Hi,
Update: for errors with regard to Setspn for WSMAN I have resolved it by following article:
http://fix.lazyjeff.com/2011/02/how-to-fix-winrm-service-failed-to.html
Now I am not seeing any errors 1154 and when I run SETSPN I am able to see the WSMAN related Spn's.
Regards Gursethi Blog: http://gursethi.blogspot.com/ ++++ Please mark "Propose As Answer" if my answer helped ++++
-
Sunday, April 15, 2012 5:10 PM
Hi,
Then your problem solved or going on?
Thanks in advance.
Murat Demirkiran
If the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. www.scvmm2012.com (TR Language)
-
Monday, April 16, 2012 7:33 AM
Hi Murat,
Its still going on as the setup of SCVMM 2008 R2+SP1 is failing due to WINRM. When I execute this command (below) I am getting errors:
winrm enumerate winrm/config/listener
or
Winrm qc
M:\>winrm qc
WinRM already is set up to receive requests on this machine. WSManFault Message = WinRM cannot process the request. The following error occured whil
e using Negotiate authentication: An unknown security error occurred.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified
.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does n
ot exist.
-The client and remote computers are in different domains and there is no trus
t between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM T
rustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: w
inrm help config.
Error number: -2144108387 0x8033809D
An unknown security error occurred.Regards Gursethi Blog: http://gursethi.blogspot.com/ ++++ Please mark "Propose As Answer" if my answer helped ++++
-
Friday, October 12, 2012 5:48 PMModerator
Please check
http://support.microsoft.com/kb/970923
Mohamed Fawzi | http://fawzi.wordpress.com
.png)
