In some cases, you receive the error message “WinRM cannot complete the operation” when trying to establish a remote PowerShell connection using the following command:
Enter-PSSession [server name]
The error message may look like the following:
Connecting to remote server myserver.domain.com failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:1 Enter-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Micr ... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [Enter-PSSession], PSRemotingTransportException FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionOpenFailed
There are two typical root causes behind this error.
- WinRM traffic is blocked by either the target server or firewalls in front of the target server.
- WinRM is not properly configured on the target system.
WinRM Traffic is Blocked by Firewall – How to Test
You can check for network connectivity issues with the WinRM port (TCP 5985) using PowerShell.
A problem with connectivity will result in similar output:
PS C:\> Test-NetConnection 192.168.68.240 -Port 5985 WARNING: TCP connect to (192.168.68.240 : 5985) failed ComputerName : 192.168.68.240 RemoteAddress : 192.168.68.240 RemotePort : 5985 InterfaceAlias : Ethernet SourceAddress : 192.168.68.245 PingSucceeded : True PingReplyDetails (RTT) : 0 ms TcpTestSucceeded : False
If connectivity is working fine, output will look like this:
PS C:\> Test-NetConnection 192.168.68.240 -Port 5985 ComputerName : 192.168.68.240 RemoteAddress : 192.168.68.240 RemotePort : 5985 InterfaceAlias : Ethernet SourceAddress : 192.168.68.245 TcpTestSucceeded : True
WinRM is Not Configured – How to Configure It
The second typical root cause is the WinRM service not running or not being properly configured for remote sessions.
You can fix this by running the following command:
If the WinRM service was indeed faulty, you’ll see output similar to this:
PS C:\ WinRM QuickConfig WinRM service is already running on this machine. WinRM is not set up to allow remote access to this machine for management. The following changes must be made: Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine. Make these changes [y/n]? y WinRM has been updated for remote management. Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.
If the WinRM service was already configured properly, you’ll see output similar to this:
PS C:\> WinRM QuickConfig WinRM service is already running on this machine. WinRM is already set up for remote management on this computer.
How to Escape Hybrid Office 365 Management Hell
If you’re tired of constantly switching between numerous admin consoles and PowerShell to perform simple first-level user support, you’re not alone.
Companies are starting to realize that standard hybrid Office 365 management tools look a lot like this:
During the last decade, we performed loads of migrations to hybrid Office 365.
The consistent feedback we received from our clients led us to develop Easy365Manager.
A simpler, faster, and more responsive interface to manage your on-premises user, your Office 365 licenses, and your Exchange Online mailboxes:
Easy365Manager integrates all daily Exchange Online mailbox management and license management into the popular AD Users & Computers tool.
AD Users & Computers is a well-known and intuitive interface, so this saves your helpdesk the burden of learning yet another tool.
With Easy365Manager, your first-level supporters can immediately go to work!
Please look at our How-To section to compare standard operations using Easy365Manager with your current procedures.
You’ll find that Easy365Manager even lets you manage calendar permissions, which is only available via complex PowerShell scripts using the standard tools from Microsoft:
Easy365Manager is a simple snap-in to AD Users & Computers.
You don’t need to make any infrastructure changes to run it, and you can run Easy365Manager from any PC or server running AD Users & Computers.
It only takes a couple of minutes to install and configure Easy365Manager.
Read more and download our 30-day fully functional trial here.