none
Unable to configure WinRM on domain user RRS feed

  • Question

  • Hi everyone,

    I'm unable to configure WinRM on a domain computer. I have a simple domain with

    1) Windows server 2012

    2) A client running Windows 7

    If I try to run WinRM on the local Administrator, everything works fine, but if I switch to a domain user, than problems occured.

    For example, if i run winrm quickconfig in powershell as the domain Administrator, then I get:

    WinRM already is set up to receive requests on this machine.
    WSManFault
        Message = WinRM cannot process the request. The following error occured while using Negotiate authentication: An unknown security error occurred.
     Possible causes are:
      -The user name or password specified are invalid.
      -Kerberos is used when no authentication method and no user name are specified.
      -Kerberos accepts domain user names, but not local user names.
      -The Service Principal Name (SPN) for the remote computer name and port does not exist.
      -The client and remote computers are in different domains and there is no trust between the two domains.
     After checking for the above issues, try the following:
      -Check the Event Viewer for events related to authentication.
      -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use
     HTTPS transport.
     Note that computers in the TrustedHosts list might not be authenticated.
       -For more information about WinRM configuration, run the following command: winrm help config.

    Error number:  -2144108387 0x8033809D
    An unknown security error occurred.

    When i run it as local admin, everything goes well.

    So, what am I missing?

    Saturday, December 28, 2019 10:00 AM

All replies

  • Hi,

    Please note that, the “winrm quickconfig” command creates a firewall exception only for the current user profile. If the firewall profile is changed for any reason, "winrm quickconfig" should be run to enable the firewall exception for the new profile; otherwise, the exception might not be enabled.

    So, if you switch from local account to domain credential, please re-enable the WinRM again to check the result:
    Open CMD with admin permission, type “winrm quickconfig” and end with enter. 

    In general, “winrm quickconfig” performs the following operations:

    1. Starts the WinRM service and sets the service startup type to auto-start.

    2. Configures a listener for the ports that send and receive WS-Management protocol messages using either HTTP or HTTPS on any IP address.

    3. Defines ICF exceptions for the WinRM service and opens the ports for HTTP and HTTPS.

    If the “winrm quickconfig” command fails again, please run below commands one by one to check the result:
    sc config "WinRM" start= auto
    net start WinRM
    winrm create winrm/config/listener?Address=*+Transport=HTTP
    netsh firewall add portopening TCP 80 "Windows Remote Management"

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, December 30, 2019 7:32 AM
  • Hi,

    How things are going there on this issue?

    Please let me know if you would like further assistance.

    Best Regards,
    Eve Wang      

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 3, 2020 1:41 AM
  • Hi,

    Is there any update?

    Please click “Mark as answer” if any of above reply is helpful. It would make this reply to the top and easier to be found for other people who has the similar problem.

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, January 6, 2020 9:26 AM