Can't configure Hyper-V remote management RRS feed

  • Question

  • Hi,

    I've been trying to configure Hyper-V remote management for 2 days now, going through Microsoft's overcomplicated configuration requirements to get it working, but without any success.


    Client (CLIENT01): Windows 10, WORKGROUP

    Server (SERVER01): Windows 10, WORKGROUP

    Microsoft's HVRemote script runs fine on both the client and the server, meaning configuration is supposedly correct (name resolution, ANONDCOM, authentication, etc.). The client is able to query the WMI store on the server. However, it does not seem to be enough to get things working.

    Hyper-V -> "Connect to server..." is still throwing an error when connecting to the remote server: "The WinRM client cannot process the request. The destination machine must be added to the TrustedHosts configuration settings."

    Alright, so after Googling a bit, adding the host to the TrustedHosts seems simple:

    Set-Item WSMan:\localhost\Client\TrustedHosts -Value SERVER01 -Concatenate

    But running this on the client gives:

    Set-Item : The client cannot connect to the destination specified in the request. Verify that the service on the
    destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service
    running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following
    command on the destination to analyze and configure the WinRM service: "winrm quickconfig".
    At line:1 char:1
    + Set-Item WSMan:\localhost\Client\TrustedHosts -Value SERVER01 -Conc ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Set-Item], InvalidOperationException
        + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.SetItemCommand

    So let's check WinRM on the server:

    winrm e winrm/config/listener


        Address = *
        Transport = HTTP
        Port = 5985
        Enabled = true
        URLPrefix = wsman
        ListeningOn =,,,,, ::1, 2001:0:9d38:6abd:10ac:1878:3f57:fd9a, fe80::5efe:, fe80::10ac:1878:3f57:fd9a%13, fe80::588e:b748:2bd:24f1%15, fe80::7120:37fa:11f9:3745%14, fe80::8409:52cd:a9fa:5469%3, fe80::a45e:493a:f66c:d28d%7

    So WinRM is listening. I am able to TelNet this port from the client computer. But still PowerShell complains it can't connect. Maybe WinRM in Windows 10 only supports HTTPS? Alright, so let's setup WinRM HTTPS on the server:

    winrm quickconfig -transport:https

    WinRM complains it needs a certificate. So let's create a certificate:

    Created a ROOT CA using:

    makecert -pe -n "CN=My Company Root Certification Authority" -ss my -sr LocalMachine -a sha1 -sky signature -r "My Company Root Certification Authority.cer"

    Installed the ROOT CA in the Trusted Root Certification Authorities on the SERVER and the CLIENT.

    Also created a certificate issued from the previously created CA using:

    makecert -pe -n "CN=SERVER01" -ss my -sr LocalMachine -a sha1 -sky exchange -eku -in "My Company Root Certification Authority" -is MY -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 SERVER01.cer

    Installed the certificate in the personnal store on the SERVER and the CLIENT.

    Still, WinRM complains it cannot find an appropriate certificate. So let's add the listener manually:

    winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="SERVER01";CertificateThumbprint="ac87de6d91ae8ff5e2fd66cd02738fc2b6a6ae53"}

    WinRM complains that the "Enhanced Key Usage (EKU) field of the certificate is not set to "Server Authentication"."

    When I check the certificate in MMC, IT IS SET TO SERVER AUTHENTICATION!!!

    Now I'm out of ideas and I just want to bang my head against a brick wall...

    Any help is greatly appreciated!

    Thursday, August 6, 2015 9:24 PM


  • I managed to get it working without using HTTPS. The WinRM service was not started on the client, and I could successfully add the server to the trusted hosts once the service was started.
    • Marked as answer by sixstorm1 Monday, August 10, 2015 3:52 PM
    Monday, August 10, 2015 3:52 PM

All replies