Broken winRM wsman on a Windows 2008 R2 Domain controller


  • Hi,

    We have this setup of two domain controllers in the domain, and we are collecting the logs from using event forwarding to a third server, both were working just fine, but for some reason logs is not received no more from one of the two DCs; a Windows 2008 R2 Datacenter box, after checking I find that winRM on it is broken,

    nothing works winRM quickconfig, winrm invoke Restore winrm/Config,

    I tried the solution mentioned in with no luck,

    every switch for winRM results in the following error:

    C:\Windows\system32>winrm invoke Restore winrm/Config
        Message = WinRM cannot process the request. The following error occured whil
    e using Negotiate authentication: An unknown security error occurred.
     Possible causes are:
      -The user name or password specified are invalid.
      -Kerberos is used when no authentication method and no user name are specified
      -Kerberos accepts domain user names, but not local user names.
      -The Service Principal Name (SPN) for the remote computer name and port does n
    ot exist.
      -The client and remote computers are in different domains and there is no trus
    t between the two domains.
     After checking for the above issues, try the following:
      -Check the Event Viewer for events related to authentication.
      -Change the authentication method; add the destination computer to the WinRM T
    rustedHosts configuration setting or use HTTPS transport.
     Note that computers in the TrustedHosts list might not be authenticated.
       -For more information about WinRM configuration, run the following command: w
    inrm help config.

    Please advise,

    Thanks a lot,

    Friday, October 04, 2013 7:16 PM