WinRM Cannot Complete the Operation

WinRM cannot complete the operation

In some cases, you receive the error message “WinRM cannot complete the operation” when trying to establish a remote PowerShell connection using the following command:

Enter-PSSession [server name]

The error message may look like the following:

Connecting to remote server failed with the
following error message : WinRM cannot complete the operation.
Verify that the specified computer name is valid, that the computer
is accessible over the network, and that a firewall exception for
the WinRM service is enabled and allows access from this computer.
By default, the WinRM firewall exception for public profiles limits
access to remote computers within the same local subnet.
For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1

Enter-PSSession -ConnectionURI "$connectionUri" -ConfigurationName Micr ...
CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace)
[Enter-PSSession], PSRemotingTransportException
FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionOpenFailed

There are two typical root causes behind this error.

  • WinRM traffic is blocked by either the target server or firewalls in front of the target server.
  • WinRM is not properly configured on the target system.

WinRM Traffic is Blocked by Firewall – How to Test

You can check for network connectivity issues with the WinRM port (TCP 5985) using PowerShell.

A problem with connectivity will result in similar output:

PS C:\> Test-NetConnection -Port 5985
WARNING: TCP connect to ( : 5985) failed

ComputerName           :
RemoteAddress          :
RemotePort             : 5985
InterfaceAlias         : Ethernet
SourceAddress          :
PingSucceeded          : True
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded       : False

If connectivity is working fine, output will look like this:

PS C:\> Test-NetConnection -Port 5985

ComputerName     :
RemoteAddress    :
RemotePort       : 5985
InterfaceAlias   : Ethernet
SourceAddress    :
TcpTestSucceeded : True

WinRM is Not Configured – How to Configure It

The second typical root cause is the WinRM service not running or not being properly configured for remote sessions.

You can fix this by running the following command:

WinRM QuickConfig

If the WinRM service was indeed faulty, you’ll see output similar to this:

PS C:\ WinRM QuickConfig
WinRM service is already running on this machine.
 WinRM is not set up to allow remote access to this machine for management.
 The following changes must be made:

 Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this

 Make these changes [y/n]? y

 WinRM has been updated for remote management.

 Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this

If the WinRM service was already configured properly, you’ll see output similar to this:

PS C:\> WinRM QuickConfig
WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.

How to Escape Hybrid Office 365 Management Hell

If you’re tired of constantly switching between numerous admin consoles and PowerShell to perform simple first-level user support, you’re not alone.

Companies are starting to realize that standard hybrid Office 365 management tools look a lot like this:

Hybrid Office 365 management hell

During the last decade, we performed loads of migrations to hybrid Office 365.

The consistent feedback we received from our clients led us to develop Easy365Manager.

A simpler, faster, and more responsive interface to manage your on-premises user, your Office 365 licenses, and your Exchange Online mailboxes:

User Properties Tycho Brahe License Management
Click to enlarge
User Properties Tycho Brahe Mailbox Management
Click to enlarge

Easy365Manager integrates all daily Exchange Online mailbox management and license management into the popular AD Users & Computers tool.

AD Users & Computers is a well-known and intuitive interface, so this saves your helpdesk the burden of learning yet another tool.

With Easy365Manager, your first-level supporters can immediately go to work!

Please look at our How-To section to compare standard operations using Easy365Manager with your current procedures.

You’ll find that Easy365Manager even lets you manage calendar permissions, which is only available via complex PowerShell scripts using the standard tools from Microsoft:

Easy365Manager is a simple snap-in to AD Users & Computers.

You don’t need to make any infrastructure changes to run it, and you can run Easy365Manager from any PC or server running AD Users & Computers.

It only takes a couple of minutes to install and configure Easy365Manager.

Read more and download our 30-day fully functional trial here.