windows-server-2012-r2 – 远程PowerShell,WinRM失败:WinRM无法完成操作

前端之家收集整理的这篇文章主要介绍了windows-server-2012-r2 – 远程PowerShell,WinRM失败:WinRM无法完成操作前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
使用Enable-PSWSManCombinedTrace运行Enter-PSSession COMPUTERNAME时,我在 Windows远程管理操作日志中看到以下相关消息:

WSMan operation Get Failed,error code 2150859046

WinRM cannot complete the operation. Verify that the specified computer name is valid,that the computer is accessible over the network,and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default,the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

The WinRM protocol operation Failed due to the following error: The Metadata Failed to be retrieved from the server,due to the following error: WinRM cannot complete the operation. Verify that the specified computer name is valid,the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. .

而有时:

The client got a timeout from the network layer (ERROR_WINHTTP_TIMEOUT)

COMPUTERNAME是域中的2012 R2 Core服务器,与远程PowerShell,服务器管理器等工作正常的许多其他服务器具有相同的组策略.我可以RDP到这个系统,我可以从它获得WMI数据(例如Get-WmiObject -ComputerName COMPUTERNAME -Class Win32_OperatingSystem返回它应该的东西),并且在其他方​​面,它似乎运行得很好.

虽然它已经通过组策略设置,但我已经尝试过(无数次一种方式)启用WinRM和Remote PowerShell,例如Enable-PSRemoting,或者调用此命令单独执行的伴随步骤.

我已经改为不同的网络接口,我确保同一网段上的其他系统没有出现这些症状,我已经按照Get-Help about_Remote_Troubleshooting的建议,我已经将必要的山羊献给了Baal .什么都没有帮助.

这些症状可以从任何域客户端重复到此服务器,或者通过IP联系服务器(在将其放入TrustedHosts之后).没有其他服务器出现此问题.没有软件或配置(一直到FW规则已启用和安装的功能),这些软件或配置不在我环境中的至少2个其他服务器上.

有任何想法吗?

最近的调查结果:

netsh http show iplist在非工作系统上返回127.0.0.1,但在工作系统上不返回任何内容.

正如在评论中正确指出@ out-null一样,5985正在侦听127.0.0.1是一个问题.我已经从配置WinRM设置的GPO中排除了这个系统并手动创建了监听器:

winrm create winrm/config/Listener?Address=*+Transport=HTTP

但是,netstat的结果是一样的.请注意下面的winrm e的输出,其中IP被列为监听器.

仍然难倒在这一个……

原始证据/健全性检查

$> winrm e winrm/config/listener
Listener [Source="GPO"]
    Address = *
    Transport = HTTP
    Port = 5985
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = 10.11.10.117,127.0.0.1,169.254.34.30,169.254.47.200,169.254.236.165,::1,fe80::5efe:10.115.63.10 7%16,fe80::5efe:169.254.34.30%45,fe80::28b8:be74:53c:2fc8%12,fe80::69a9:e@R_301_448@:12bd:63c0%15,fe80::7cf2:ec84:332f:221e%14,fe80::cdc6:5ca0:6ae2:eca5%13

$> netsh winhttp show proxy

Current WinHTTP proxy settings:
    Direct access (no proxy server).

$> Get-NetFirewallRule WINRM-HTTP-In-TCP | fl *


Name                    : WINRM-HTTP-In-TCP
ID                      : WINRM-HTTP-In-TCP
Group                   : @FirewallAPI.dll,-30267
Platform                : {}
LSM                     : False
DisplayName             : Windows Remote Management (HTTP-In)
Enabled                 : True
Profile                 : Domain,Private
Direction               : Inbound
Action                  : Allow
EdgeTraversalPolicy     : Block
PrimaryStatus           : OK
Status                  : The rule was parsed successfully from the store. (65536)
EnforcementStatus       : NotApplicable
PolicyStoreSourceType   : Local
Caption                 :
Description             : Inbound rule for Windows Remote Management via WS-Management. [TCP 5985]
ElementName             : @FirewallAPI.dll,-30253
InstanceID              : WINRM-HTTP-In-TCP
CommonName              :
PolicyKeywords          :
PolicyDecisionStrategy  : 2
PolicyRoles             :
ConditionListType       : 3
CreationClassName       : MSFT|FW|FirewallRule|WINRM-HTTP-In-TCP
ExecutionStrategy       : 2
Mandatory               :
PolicyRuleName          :
Priority                :
RuleUsage               :
SequencedActions        : 3
SystemCreationClassName :
SystemName              :
DisplayGroup            : Windows Remote Management
LocalOnlyMapping        : False
LooseSourceMapping      : False
Owner                   :
Platforms               : {}
PolicyStoreSource       : PersistentStore
Profiles                : 3
RuleGroup               : @FirewallAPI.dll,-30267
StatusCode              : 65536
PSComputerName          :
CimClass                : root/standardcimv2:MSFT_NetFirewallRule
CimInstanceProperties   : {Caption,Description,ElementName,InstanceID...}
CimSystemProperties     : Microsoft.Management.Infrastructure.CimSystemProperties

COMPUTERNAME$> netstat -anp tcp

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49174          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49178          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49191          0.0.0.0:0              LISTENING
  TCP    10.11.10.117:135      192.168.5.71:64570    ESTABLISHED
  TCP    10.11.10.117:135      192.168.5.71:64571    ESTABLISHED
  TCP    10.11.10.117:135      192.168.5.71:64572    ESTABLISHED
  TCP    10.11.10.117:139      0.0.0.0:0              LISTENING
  TCP    10.11.10.117:3389     10.1.1.2:57970     ESTABLISHED
  TCP    10.11.10.117:49153    10.1.1.2:58100     ESTABLISHED
  TCP    10.11.10.117:50601    192.168.5.111:8014     ESTABLISHED
  TCP    10.11.10.117:56508    192.168.5.177:445     ESTABLISHED
  TCP    127.0.0.1:5985         0.0.0.0:0              LISTENING
  TCP    127.0.0.1:47001        0.0.0.0:0              LISTENING
  TCP    169.254.34.30:139      0.0.0.0:0              LISTENING


SOME-WORKING-COMPUTER$> netstat -anp tcp

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5985           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:47001          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49158          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49187          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49192          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49199          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49213          0.0.0.0:0              LISTENING
  TCP    192.168.5.11:139     0.0.0.0:0              LISTENING
  TCP    192.168.5.11:5985    10.1.1.2:58153     ESTABLISHED
  TCP    192.168.5.11:5985    10.1.1.2:58154     ESTABLISHED
  TCP    192.168.5.11:5985    10.1.1.2:58156     ESTABLISHED
  TCP    192.168.5.11:49203   192.168.5.177:49210   ESTABLISHED
  TCP    192.168.5.11:49213   192.168.5.177:52784   ESTABLISHED
  TCP    192.168.5.11:49213   192.168.5.177:54507   ESTABLISHED
  TCP    192.168.5.11:49213   192.168.5.177:59034   ESTABLISHED
  TCP    192.168.5.11:52905   192.168.5.177:49210   TIME_WAIT
  TCP    192.168.5.11:52906   192.168.5.177:49210   TIME_WAIT
  TCP    192.168.5.11:52907   192.168.5.111:8014     ESTABLISHED
  TCP    192.168.5.11:52910   192.168.5.177:49210   TIME_WAIT
  TCP    192.168.5.11:52915   192.168.5.177:49210   TIME_WAIT
  TCP    192.168.5.11:52918   192.168.5.177:49210   TIME_WAIT
  TCP    192.168.5.11:52920   192.168.5.177:49210   TIME_WAIT
  TCP    192.168.5.11:52922   192.168.5.177:49210   ESTABLISHED
  TCP    192.168.5.11:52923   192.168.5.177:49210   ESTABLISHED
  TCP    192.168.5.11:52924   192.168.5.177:49210   ESTABLISHED
  TCP    192.168.5.11:52925   192.168.5.177:49210   ESTABLISHED
  TCP    192.168.5.11:52926   192.168.5.177:49210   ESTABLISHED
  TCP    192.168.5.11:52927   192.168.5.177:49210   ESTABLISHED
  TCP    192.168.5.11:54938   192.168.6.8:49157     ESTABLISHED
  TCP    192.168.5.11:62632   192.168.5.177:49210   ESTABLISHED
  TCP    192.168.5.11:64307   192.168.6.8:389       ESTABLISHED
最后通过我最近添加到问题中的证据帮助解决了这个问题:

netsh http show iplist

IP addresses present in the IP listen list:
-------------------------------------------

127.0.0.1

在这个工作的系统上,该列表是空的.起初这对我来说似乎是违反直觉的.不过,我这样做了:

> netsh http delete iplisten ipaddress=127.0.0.1

紧接着,我注意到netstat的这个输出

>netstat -anp tcp

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5985           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:47001          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49175          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49179          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49190          0.0.0.0:0              LISTENING
  TCP    10.115.63.107:139      0.0.0.0:0              LISTENING
  TCP    10.115.63.107:3389     10.115.13.25:64873     ESTABLISHED
  TCP    10.115.63.107:49235    192.168.40.146:445     ESTABLISHED
  TCP    10.115.63.107:49291    192.168.40.45:8014     ESTABLISHED
  TCP    169.254.34.30:139      0.0.0.0:0              LISTENING

事实上,WinRM的工作方式应该如此.

我通过测试推测,如果没有配置HTTP侦听器,那么所有HTTP侦听器都将绑定到默认实体:0.0.0.0.由于环回地址被配置为侦听器地址,因此侦听器将绑定到此地址.

在某些时候,我必须采取一些导致此配置的操作,但我不确定如何.无论如何,它现在工作正常.谢谢大家.

猜你在找的Windows相关文章