Windows Server 2012 - Server Manager Troubleshooting Guide, Part II: Troubleshoot Manageability Status Errors in Server Manager

Windows Server 2012 - Server Manager Troubleshooting Guide, Part II: Troubleshoot Manageability Status Errors in Server Manager



This topic is Part II of the Server Manager Troubleshooting Guide.

In Server Manager in Windows Server® 2012, manageability is defined as the readiness or ability of a remote computer to be managed by using Server Manager. The following factors are measured as part of evaluating the manageability of a remote computer.

  • Whether the computer can communicate with Server Manager, and transmit data about the computer’s operational state, and installed roles and features.
  • Whether the computer is running the right software, or software is configured in a way that allows Server Manager to query and update the computer.
  • Whether the user of Server Manager has adequate user rights to query the computer or make changes to its configuration.

Locate manageability status errors

Manageability status is displayed in the following locations in the Server Manager console.

  • On the Server Manager dashboard, the Manageability row in role and server group thumbnails displays alerts (red-highlighted numbers) if there are manageability problems with servers associated with those roles or groups, and a custom filter created in the Manageability Detail View dialog box is not suppressing those alerts.

  • The Manageability Detail View dialog box, opened from the Manageability row in thumbnails on the dashboard, displays the manageability status errors that are the source of alerts.

  • In the Servers tile on any role or server group home page (including the page for the All Servers group) the Manageability column displays manageability status.

Troubleshoot manageability status errors

The following table can help you interpret the brief manageability status messages, and resolve problems that are preventing you from managing remote servers by using Server Manager. Many manageability status errors have underlying error messages that are generated by Windows Remote Management (WinRM); these can be the result of security or authentication problems (such as attempting to manage a remote server in an untrusted domain, for example; or attempting to manage a server by using credentials that are not recognized as those of an administrator on the remote server), or configuration problems (missing Windows PowerShell, remote management not enabled on the target server, etc.).

Note: In Server Manager practical terms, Negotiate authentication means that Server Manager falls back to NTLM authentication (1) if you attempt to use Server Manager to manage a server that is in an untrusted domain, or that is in a workgroup, and (2) you provide explicit credentials to manage the target server. If you are using Server Manager to manage servers on which you must authenticate by using Negotiate authentication, you cannot disable NTLM in your server environment.

In this context, the client is defined as the computer from which you are managing by using Server Manager; this computer can be a server that is running Windows Server 2012, or a computer that is running Windows 8 with Remote Server Administration Tools installed.

To use the table, match the manageability status for a managed server with an underlying source WinRM or provider message displayed in the Task Details dialog box, opened from the Notifications area in Server Manager. Find the row in the table where the combination of manageability status message and underlying error message match what is displayed in your Server Manager console. Read the Possible Causes and Suggested Resolutions column in the matching row to find resolution steps that might help, or causes that are easy to eliminate (such as typographical errors in account credentials).

Manageability Status Message Issue Category Underlying Source Message from WinRM or Providers (shown in Task Details pane) Possible Causes and Suggested Resolutions Severity Level

Kerberos security error

Client-side authentication error: KerbUnknownSecurityError

Error <computer name> : Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error with errorcode 0x80090322 occurred while using Kerberos authentication: An unknown security error occurred. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains. After checking for the above issues, try the following: -Check Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config.

Client and target server are in the same domain; the target server is added to Server Manager, but later, the target server’s domain is changed to a trusted but different domain. Try removing the target server from the Server Manager server pool, and then adding the server again by using the Active Directory tab in the Add Servers dialog box. If you do not want to remove the server from Server Manager, try following instructions in Add Servers to Server Manager to add the target server to the client’s trusted hosts list.

Error

Kerberos target resolution error

Client-side authentication error: KerbResolutionError

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer <computer name>. Verify that the computer exists on the network and that the name provided is spelled correctly.

Client is in a domain, and the target server is in a workgroup (using the NetBIOS name of the server): A Kerberos error occurs if explicit credentials are not specified for managing the target server, because the Kerberos ticket granting service (TGS) cannot find the workgroup server, and the Default authentication mechanism does not attempt to use Negotiate authentication unless explicit credentials are specified for the target server. For information about how to add servers in workgroups to Server Manager, see Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer <computer name>. Verify that the computer exists on the network and that the name provided is spelled correctly.

Error <computer name>: Refresh failed with the following error: Call was canceled by the message filter.

Client is in Domain1 and the target server is in an untrusted Domain2. A Kerberos error occurs because the Kerberos TGS cannot find the target server. Explicit credentials must be used to manage the target server. Right-click the target server in the Servers tile of the All Servers page, and then click Manage As to provide explicit credentials.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer <computer name>. Verify that the computer exists on the network and that the name provided is spelled correctly.

Error <computer name>: Refresh failed with the following error: Call was canceled by the message filter.

Client is in a domain and the target server is in the same domain, but the domain name provided for the target server is incorrect or misspelled.

Error

Kerberos authentication error

Client-side authentication error: Kerb0x80090311Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config.

Client is in a domain, but the domain controller for the client computer is not accessible. Try adding the target server to the client computer’s trusted host list. For information about how to add a managed server to the trusted host list, see Add Servers to Server Manager.

Error

Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains.After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config.

Client is in a domain, and the target server is in the same domain (using the NetBIOS name or FQDN, and explicit but local-only administrator credentials for the target, or other non-domain credentials): A Kerberos error occurs because the credentials are unknown on the domain. The user must add the target server to the trusted host list on the client computer to allow the Default authentication mechanism to use Negotiate authentication instead of Kerberos. For information about how to add a managed server to the trusted host list, see Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config.

Client is in a domain and the target server is in a workgroup (using the NetBIOS name of the server): User has specified explicit credentials. An error occurs if the user has not added the server to the trusted host list of the client, because the Default authentication mechanism will not attempt Negotiate authentication unless explicit credentials are specified. For information about how to add a workgroup server to Server Manager, see Add Servers to Server Manager.

Error

Client-side authentication error: Kerb0x8009030eError

Error : Refresh failed with the following error (WSMAN): The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error with errorcode 0x8009030e occurred while using Kerberos authentication: A specified logon session does not exist. It may already have been terminated. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains.After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config.

Client is in a domain: Attempting to connect to a remote server by using implicit credentials that are the local administrator's credentials on the client. Instead, use domain credentials that are recognized by the domain of the target server, or right-click the server entry in the Servers tile, click Manage As, and then specify credentials of an administrator on the target server.

Error

WinRM Default authentication error

Client-side authentication error: DefaultAuthReqsError

Error <computer IP address>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.

Client and target server are both in the same domain. The target server was added to Server Manager by using the IP address of the server, such as by using the Import tab of the Add Servers dialog box. An authentication error occurs because if a client is in a domain, and attempting to connect to a target server by referencing an IP address, the user must provide explicit server to the client computer’s trusted host list. This is required for the Default authentication mechanism to use Negotiate instead of Kerberos authentication. To avoid this problem, if target servers that you want to manage are in the same domain as the client computer, add them by using the Active Directory tab of the Add Servers dialog box.

Error

Client is in a domain and the target server is in a workgroup. The target server was added to Server Manager by using its IP address. An authentication error occurs because if a client is in a domain, and attempting to connect to a target server by referencing an IP address, the user must provide explicit credentials and add the target server to the client computer’s trusted host list. This is required for the Default authentication mechanism to use Negotiate instead of Kerberos authentication. For information about how to add a workgroup server to Server Manager, see Add Servers to Server Manager.

Error

WinRM Negotiate authentication error

Client-side authentication error: NegoAuthReqsError

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config.

Client is in a workgroup, and the target server is in a workgroup (using the NetBIOS name of the server): The network can resolve the name of the server. An authentication error occurs because the target server has not been added to the trusted host list of the client computer, which permits Negotiate authentication. For information about how to add a workgroup server to Server Manager, see Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config.

Client computer is in a workgroup, and the target server is also in a workgroup (using the IP address of the server): An authentication error occurs because the target server has not been added to the trusted host list of the client, which permits Negotiate authentication. For information about how to add a workgroup server to Server Manager, see Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config.

Client computer is in a workgroup, and the target server is in a domain (using the NetBIOS name of the server): User’s network can resolve the name of the server. An authentication error occurs because the target server has not been added to the trusted host list of the client computer to allow Negotiate authentication. For information about how to add a domain server to Server Manager when the client is in a workgroup, see Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config.

Client is in a workgroup and the target server is in a domain (using the IP address of the server): An authentication error occurs because the target server has not been added to the trusted host list of the client computer to allow Negotiate authentication. For information about how to add a domain server to Server Manager when the client is in a workgroup, see Add Servers to Server Manager.

Error

Target name resolution error

Name resolution error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WinRM client cannot process the request because the server name cannot be resolved.

Error <computer name>: Refresh failed with the following error: The RPC server is unavailable.

Client is in a workgroup, and the target server is in a workgroup (using the NetBIOS name of the server): A name resolution error occurs if the DNS server that is used by the client cannot resolve the target server name. This can occur when the client and target server are in two different workgroups, and each has a different DNS server. Add the target server to the client computer’s trusted host list. For information about how to add a workgroup server to Server Manager, see Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WinRM client cannot process the request because the server name cannot be resolved.

Error <computer name>: Refresh failed with the following error: The RPC server is unavailable.

Client is in a workgroup and the target server is in a domain (using the NetBIOS name of the server): A name resolution error occurs if the DNS server that is used by the client cannot resolve the target server name. Add the target server to the client computer’s trusted host list. For information about how to add remote servers to a workgroup client that is running Server Manager, see Add Servers to Server Manager.

Error

Name resolution error: SpecialCasedError

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WS-Management could not connect to the specified destination: (<computer name>:5985).

The target server name includes an unsupported character or string, such as \. This error can occur when a cluster logical node is offline. For more information about characters that cannot be used in server names, see Naming conventions in Active Directory for computers, domains, sites, and OUs.

Error

Error - Cannot manage the operating system of the target computer

Non-Windows target computer error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".

Error <computer name>: Refresh failed with the following error: The RPC server is unavailable.

The target computer is not running a Windows-based operating system. You cannot use Server Manager to manage this computer.

Error

Target computer not accessible

Network connection-related errors

Configuration Refresh failed with the following error: Windows Remote Management (WinRM) cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. [#1]Refresh failed with the following error: Windows Remote Management (WinRM) cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. [#1]

The network connecting the client and server is offline, or there is a problem with the target server’s connection to the network. Try verifying that Windows Firewall exceptions have been enabled on the target server for Windows Remote Management (WinRM) inbound rules.

The netsh trace command-line utility can help troubleshoot network connectivity problems, if you do not immediately find the cause of network connectivity failures.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Windows Remote Management (WinRM) cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

Error <computer name>: Refresh failed with the following error: Call was canceled by the message filter.

The target computer is offline; either it is turned off, or not responding because of other hardware or software failures.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Windows Remote Management (WinRM) cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

Error <computer name>: Refresh failed with the following error: The RPC server is unavailable.

Client computer is in a domain and the target server is in a workgroup (using the NetBIOS name of the server): User has specified explicit credentials for the target server, and added the target server to the trusted host list of the client. However, a subnet timeout error occurs if the user has not changed the default subnet restrictions for computers in workgroups. See step 2 of “To add remote workgroup servers to Server Manager” in Add Servers to Server Manager.

Error

Error <computer IP address>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Windows Remote Management (WinRM) cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

Error <computer IP address>: Refresh failed with the following error: The RPC server is unavailable.

Client is in a domain, and the target server is in a workgroup (using the IP address of the server): User has specified explicit credentials for the target server, and added the target server to the trusted host list of the client. However, a subnet timeout error occurs if the user has not changed the default subnet restrictions for computers in workgroups. See step 2 of “To add remote workgroup servers to Server Manager” in Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Windows Remote Management (WinRM) cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

Error <computer name>: Refresh failed with the following error: The RPC server is unavailable.

The client is in a workgroup, and the target server is in a workgroup (using the NetBIOS name of the server): The user’s network can resolve the name of the server, and the user has added the target server to the trusted host list of the client. However, a subnet timeout error occurs if the user has not changed the default subnet restrictions for computers in workgroups. See step 2 of “To add remote workgroup servers to Server Manager” in Add Servers to Server Manager.

Error

Error <computer IP address>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Windows Remote Management (WinRM) cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

Error <computer IP address>: Refresh failed with the following error: The RPC server is unavailable.

The client is in a workgroup, and the target server is in a workgroup (using the IP address of the target server): The user has added the server to the trusted host list of the client. However, a subnet timeout error occurs if the user has not changed the default subnet restrictions for computers in workgroups. See step 2 of “To add remote workgroup servers to Server Manager” in Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Windows Remote Management (WinRM) cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

Error <computer name>: Refresh failed with the following error: Call was canceled by the message filter.

WinRM 3.0, WinRM 2.0, and DCOM are unavailable or not enabled on the target. On a server that is running Windows Server 2012, the user might have disabled both WinRM 3.0 or DCOM. On a server that is running an older Windows Server operating system, WinRM 2.0 and DCOM are not enabled by default, while WinRM 3.0 is not available. Follow instructions in Managing Downlevel Windows-based Servers from Server Manager in Windows Server 2012 to resolve this error.

Error

The metadata failed to be retrieved from the server, due to the following error: WS-Management cannot process the request. The operation failed because of an HTTP error. The HTTP error (50) is: The request is not supported.

User is attempting to connect to the target server by using an IPv4 address, but on the client computer, only IPv6, not IPv4, is enabled. Either connect to the target server by using its IPv6 address, or change settings on the client computer network adapters to support IPv4 addresses. These settings are found in Control Panel\Network and Sharing Center\Change Adapter Settings. Right-click the network connection, click Properties, select Internet Protocol Version 4, and save your changes.

Error

Online - Verify WinRM 3.0 service is installed, running, and required firewall ports are open

Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Windows Remote Management (WinRM) cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

WinRM 2.0 and 3.0 are either not available or not enabled, but DCOM is enabled on the target server.


Note:
DCOM is enabled by default for domain-joined servers that are running Windows Server 2012 and Windows Server 2008 R2, but not for Windows Server 2008.

This error can occur on a server that is running an older Windows Server operating system (Windows Server 2008 R2 or Windows Server 2008) where the Windows Management Framework 3.0 download package has not been installed (so WinRM 3.0 is not available) and WinRM 2.0 is not enabled but DCOM is enabled. It can also occur on servers that are running Windows Server 2012 and older Windows Server operating systems where Windows Management Framework 3.0 is installed and DCOM is still enabled, but the user has disabled WinRM 3.0 (either stopped the service or closed required firewall ports). Follow instructions in Managing Downlevel Windows-based Servers from Server Manager in Windows Server 2012 to resolve this error.

Error

Network connection related errors: WinRM 2.0 and DCOM

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WS-Management service cannot process the request. The resource URI (<URI>) was not found in the WS-Management catalog. The catalog contains the metadata that describes resources, or logical endpoints.

WinRM 3.0 is not available or enabled, but WinRM 2.0 and DCOM are both enabled on the target server. This can occur on servers that are running older Windows Server operating systems (Windows Server 2008 R2 or Windows Server 2008 where the Windows Management Framework 3.0 download package has not been installed (so WinRM 3.0 is not available), but WinRM 2.0 and DCOM are both enabled. Follow instructions in Managing Downlevel Windows-based Servers from Server Manager in Windows Server 2012 to resolve this error.

Error

Network connection related errors: WinRM 2.0

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WS-Management service cannot process the request. The resource URI (http://schemas.dmtf.org/wbem/cim-xml/2/cim-schema/2/*) was not found in the WS-Management catalog. The catalog contains the metadata that describes resources, or logical endpoints.

Error <computer name>: Refresh failed with the following error: Call was canceled by the message filter.

WinRM 3.0 and DCOM are either not available or not enabled, but WinRM 2.0 is enabled on the target server.

Note:
DCOM is enabled by default for domain-joined servers that are running Windows Server 2012 and Windows Server 2008 R2, but not for Windows Server 2008.

A user might have enabled WinRM 2.0, but not DCOM, on a target server that is running an older Windows Server operating system, and not yet installed the Windows Management Framework 3.0 download package to get WinRM 3.0. Follow instructions in Managing Downlevel Windows-based Servers from Server Manager in Windows Server 2012 to resolve this error.

Error

Online - Access denied

Access denied error

Error <computer IP address>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

Client is in a domain and the target server is in a workgroup (using the IP address of the server): The user has provided explicit credentials and added the server to the trusted host list of the client. However, an “access denied” error occurs if the user specifies credentials for the target server other than the built-in Administrator account, and if the account token filter policy is not configured. See “To add remote workgroup servers to Server Manager” in Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

Client is in a workgroup and the target server is in a workgroup (using the NetBIOS name of the server): The user’s network can resolve the name of the server, the user has added the target server to the trusted hosts list on the client, and the user has already removed subnet restrictions on the server. However, an “access denied” error can occur if the user is managing the target server by using the same credentials that were provided to log on to the client computer, but that are not valid or recognized on the target server.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

Client is in a workgroup and the target server is in a workgroup (using the IP address of the server): The user has added the server to the trusted hosts list of the client, and removed subnet restrictions on the server. However, an “access denied” error can occur if the user is managing the target server by using the same credentials that were provided to log on to the client computer, but that are not valid or recognized on the target server.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

Client is in a workgroup and the target server is in a domain (using the NetBIOS name of the server): The user’s network can resolve the name of the server, and the user has added the server to the trusted hosts list of the client. However, an “access denied” error can occur if the user is managing the target server by using the same credentials that were provided to log on to the client computer, but that are not valid or recognized on the target server.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

The client is in a workgroup, and the target server is in a domain (using the IP address of the server): The user has added the server to the trusted hosts list on the client. However, an “access denied” error can occur if the user is managing the target server by using the same credentials that were provided to log on to the client computer, but that are not valid or recognized on the target server.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

The user is attempting to manage the remote server with a credential that has only standard user (not a member of the Administrators group) access rights on the target server, and the user has not enabled standard user remote management of the target server. By default, an account with standard user access rights is not a part of the WinRM remote WMI user's group, and can perform limited management tasks on a remote server in Server Manager. To allow standard users more management access rights on a target server, run the Enable-ServerManagerStandardUserRemoting cmdlet on the target server, in a Windows PowerShell session that has been opened with elevated user rights (Run as Administrator). For more information about how to use this cmdlet (and disable standard user management access when it is no longer needed), see the cmdlet Help topic for Enable-ServerManagerStandardUserRemoting.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

An incorrect or misspelled user name was provided to log on to the target server.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

The correct user name for the account used to manage the target server was provided, but the password was incorrect.

Error

MessageID: 1326. Message: The metadata failed to be retrieved from the server, due to the following error: The user name or password is incorrect.

The correct user name for the account used to manage the target server was provided, but the password was incorrect.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

Client is in a domain, and the server is in a workgroup (using the NetBIOS name of the server): The user has specified explicit credentials, added the target server to the trusted hosts list of the client, and removed the subnet restrictions on the target server. However, an access denied error occurs if the user specified an account to manage the target server other than the built-in Administrator account, and the local account token filter policy is not configured correctly. See “To add remote workgroup servers to Server Manager” in Add Servers to Server Manager to resolve this issue.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

Both the client and the target server are in workgroups (using the NetBIOS name of the server): The user’s network can resolve the name of the server, the user has added the server to the trusted hosts list of the client, the user has removed the subnet restrictions on the server, and specified explicit credentials that are valid on the target server, but is not using the built-in Administrator account for the target server. An access denied error occurs because the specified account is not the built-in Administrator account, and the local account token filter policy is not set. See “To add remote workgroup servers to Server Manager” in Add Servers to Server Manager to resolve this issue.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

Both the client and target server are in workgroups (using the IP address of the server): User has added the server to the trusted host list of the client, and removed the subnet restrictions on the server. The user attempts to manage the target server by using the credentials with which they logged on to the client computer. An access denied error occurs because the specified account is not the built-in Administrator account on the target server, and the local account token filter policy is not set. See “To add remote workgroup servers to Server Manager” in Add Servers to Server Manager to resolve this issue.

Error

Online – Cannot manage a client-based operating system

Server Manager WMI providers are not available on the target computer

Message: The metadata failed to be retrieved from the server, due to the following error: The WS-Management service cannot process the request. The CIM namespace root/microsoft/windows/servermanager is not valid.

This is typical of Windows 8, on which Server Manager providers are not available and DCOM is not enabled by default. You cannot manage this computer by using Server Manager.

Error

Inventory discovery-based errors

None

Server Manager inventory collection finds that the target computer is running a Windows client-based operating system. You cannot manage this computer by using Server Manager.

Error

Online - Server Manager WMI providers not loading on the target server

Server Manager WMI provider cannot load error

Error <computer name>: Configuration refresh failed with the following error: HRESULT = 0x80041013

The Server Manager provider is available, but cannot load. This error can occur when WMI namespace access rights do not grant access to the user, and is most commonly seen when standard users (those who are not members of the Administrators group on the target server) are managing a server by using Server Manager. To grant WMI namespace access rights to standard users, administrators should run the Enable-ServerManagerStandardUserRemoting cmdlet on the target server. For more information about how to use this cmdlet (and disable standard user management access when it is no longer needed), see the cmdlet Help topic for Enable-ServerManagerStandardUserRemoting.

Error

Online – Cannot manage operating systems older than Windows Server 2003

Inventory discovery-based errors

None

Server Manager inventory collection finds that the target computer is running a release of Windows Server that is older than Windows Server 2003. You cannot manage this computer by using Server Manager.

Error

Online – Limited data – Windows Server 2003

Inventory discovery-based errors

None

Server Manager inventory collection finds that the target computer is running Windows Server 2003.

Informational

Online – Restart pending

Inventory discovery-based errors

None

Server Manager inventory collection finds that the target server requires a restart. Restart the target server.

Informational

Online – Windows PowerShell not installed

Inventory discovery-based errors

None

Server Manager inventory collection finds that Windows PowerShell is not installed on the target server. On a target server that is running Windows Server 2012, run the following cmdlet on the computer that is running Server Manager to install Windows PowerShell: Install-WindowsFeature -Name PowerShell –ComputerName <target server name>. On Windows Server 2008 R2 and Windows Server 2008, install the Windows Management Framework 3.0 download package to get Windows PowerShell 3.0. Install prerequisites for Windows Management Framework 3.0 by following instructions in Managing Downlevel Windows-based Servers from Server Manager in Windows Server 2012 to resolve this error.

Informational

Online – Performance counters not started

Inventory discovery-based errors

None

Server Manager inventory collection finds that performance counter data collection is turned off on the target server.

Informational

Online - Cannot get event data

Data retrieval errors

Any errors from the Server Manager provider that are related to event data retrieval.

This error can also occur if specific roles and features have been installed, but not yet configured. The following underlying error messages are examples of known cases where a role, role service, or feature requires post-installation configuration to clear the error.

  • Events from ‘Virtualization.Events.xml’ could not be enumerated. (This error is cleared after required post-installation configuration for Hyper-V is completed.)
  • Events from ‘PrintServices.Events.xml’ could not be enumerated. (This error is cleared after required post-installation configuration for Print and Document Services is completed.)
  • Events from ‘ADAM.Events.xml’ could not be enumerated. (This error might be cleared after required post-installation configuration for Active Directory Lightweight Directory Services is completed.)

The following underlying error message can occur for Active Directory Federation Services when the only role services that are installed are web agents. Configuring the installed role services does not resolve the error.

  • Events from ‘IdentityServer.Events.xml’ could not be enumerated.

Server Manager cannot get event data from the target server. The user might not have access rights to the target server event log, or event log files might not contain valid data.

For some roles and features (Hyper-V, Print and Document Services, AD LDS), this error can occur after installation, but before required post-installation configuration has been completed. The error is resolved after post-installation configuration is complete. For AD FS, this error can occur if web agents are the only role services installed, but there is currently no known resolution for this case of the error.

Error

Online - Cannot get service data

Any errors from the Server Manager provider that are related to service data retrieval

Server Manager cannot get services data from the target server. The user might not have access rights to service data on the target server, or service data files might not contain valid data. To grant service data access rights to standard (non-Administrator) users, administrators should run the Enable-ServerManagerStandardUserRemoting cmdlet on the target server. For more information about how to use this cmdlet (and disable standard user management access when it is no longer needed), see the cmdlet Help topic for Enable-ServerManagerStandardUserRemoting.

Error

Online - Cannot get BPA results

Any errors from the Server Manager provider related to BPA result retrieval (excluding Windows PowerShell not enabled errors which are covered by other manageability status messages)

Server Manager cannot get Best Practices Analyzer result data from the target server. The user might not have access rights to BPA data on the target server, or BPA result data might not be readable. Standard users cannot get access to BPA data, even after an administrator runs the Enable-ServerManagerStandardUserRemoting cmdlet.

Error

Online - Cannot get performance counter data

Any errors from the Server Manager provider related to performance data retrieval (excluding performance counters off errors, which are covered by other manageability status messages)

Server Manager cannot get performance counter data from the target server. The user might not have access rights to performance data on the target server, or the data might not be readable. To grant performance data access rights to standard (non-Administrator) users, administrators should run the Enable-ServerManagerStandardUserRemoting cmdlet on the target server. For more information about how to use this cmdlet (and disable standard user management access when it is no longer needed), see the cmdlet Help topic for Enable-ServerManagerStandardUserRemoting.

Error

Online - Cannot get role and feature data

Any errors from the Server Manager provider related to role and feature data retrieval

Server Manager cannot get role and feature inventory data from the target server. The user might not have access rights to role and feature data on the target server, or the data might not be readable. To grant role and feature inventory data access rights to standard (non-Administrator) users, administrators should run the Enable-ServerManagerStandardUserRemoting cmdlet on the target server. For more information about how to use this cmdlet (and disable standard user management access when it is no longer needed), see the cmdlet Help topic for Enable-ServerManagerStandardUserRemoting.

Error

Online - Data retrieval failures occurred

(If two or more types of data cannot be retrieved)

  • The WS-Management service cannot process the request. WS-Management cannot identify the enumeration context ID in the SOAP packet. The packet may not be valid, or the operation may have timed out.
  • The WinRM client cannot process the request because the metadata failed to be retrieved from the server.
  • Non terminating error during inventory method; for example, an access error to cluster resource data

This error can also occur if specific roles and features have been installed, but not yet configured. The following underlying error messages are examples of known cases where a role, role service, or feature requires post-installation configuration to clear the error.

  • Events from ‘Virtualization.Events.xml’ could not be enumerated. (This error is cleared after required post-installation configuration for Hyper-V is completed.)
  • Events from ‘PrintServices.Events.xml’ could not be enumerated. (This error is cleared after required post-installation configuration for Print and Document Services is completed.)
  • Events from ‘ADAM.Events.xml’ could not be enumerated. (This error might be cleared after required post-installation configuration for Active Directory Lightweight Directory Services is completed.)

The following underlying error message can occur for Active Directory Federation Services when the only role services that are installed are web agents. Configuring the installed role services does not resolve the error.

  • Events from ‘IdentityServer.Events.xml’ could not be enumerated.

Server Manager cannot get a combination of data types: events, BPA results, performance counters, or services. This can be caused by insufficient user access rights, data that is not valid, or WinRM time-outs.

To grant event, performance, role and feature inventory, and service data access rights to standard (non-Administrator) users, administrators should run the Enable-ServerManagerStandardUserRemoting cmdlet on the target server. For more information about how to use this cmdlet (and disable standard user management access when it is no longer needed), see the cmdlet Help topic for Enable-ServerManagerStandardUserRemoting. The Enable-ServerManagerStandardUserRemoting cmdlet does not provide standard users access to BPA result data.

For some roles and features (Hyper-V™, Print and Document Services, AD LDS), this error can occur after installation, but before required post-installation configuration has been completed. The error is resolved after post-installation configuration is complete. For AD FS, this error can occur if web agents are the only role services installed, but there is currently no known resolution for this case of the error.

Error

An unknown error occurred

Unknown errors

None

If the error persists, contact Microsoft Customer Support Services.

Error

Additional resources

Sort by: Published Date | Most Recent | Most Useful
Comments
  • please expand last column - possible causes and suggest resolution... it is not whole viewable in IE8 :( but it is in FF ;)

  • Second that!  Message makes no sense!  Online-Limited Data -Windows Server 2003

  • Another possible cause of "Online - Data retrieval failures occurred" is that the WMI ServerManagement provider may have been uninstalled. To resolve this, in an elevated command prompt, type:

    C:

    C:\Windows\System32\wbem

    mofcomp mgmtprovider.mof

    DO NOT run mofcomp on all .mof files in this directory; several .mof files will uninstall providers instead of installing them.

Page 1 of 1 (3 items)