WSMan operation Get Failed,error code 2150859046
WinRM cannot complete the operation. Verify that the specified computer name is valid,that the computer is accessible over the network,and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default,the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.
The WinRM protocol operation Failed due to the following error: The Metadata Failed to be retrieved from the server,due to the following error: WinRM cannot complete the operation. Verify that the specified computer name is valid,the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. .
而有时:
The client got a timeout from the network layer (ERROR_WINHTTP_TIMEOUT)
COMPUTERNAME是域中的2012 R2 Core服务器,与远程PowerShell,服务器管理器等工作正常的许多其他服务器具有相同的组策略.我可以RDP到这个系统,我可以从它获得WMI数据(例如Get-WmiObject -ComputerName COMPUTERNAME -Class Win32_OperatingSystem返回它应该的东西),并且在其他方面,它似乎运行得很好.
虽然它已经通过组策略设置,但我已经尝试过(无数次一种方式)启用WinRM和Remote PowerShell,例如Enable-PSRemoting,或者调用此命令单独执行的伴随步骤.
我已经改为不同的网络接口,我确保同一网段上的其他系统没有出现这些症状,我已经按照Get-Help about_Remote_Troubleshooting的建议,我已经将必要的山羊献给了Baal .什么都没有帮助.
这些症状可以从任何域客户端重复到此服务器,或者通过IP联系服务器(在将其放入TrustedHosts之后).没有其他服务器出现此问题.没有软件或配置(一直到FW规则已启用和安装的功能),这些软件或配置不在我环境中的至少2个其他服务器上.
有任何想法吗?
最近的调查结果:
netsh http show iplist在非工作系统上返回127.0.0.1,但在工作系统上不返回任何内容.
正如在评论中正确指出@ out-null一样,5985正在侦听127.0.0.1是一个问题.我已经从配置WinRM设置的GPO中排除了这个系统并手动创建了监听器:
winrm create winrm/config/Listener?Address=*+Transport=HTTP
但是,netstat的结果是一样的.请注意下面的winrm e的输出,其中IP被列为监听器.
仍然难倒在这一个……
原始证据/健全性检查
$> winrm e winrm/config/listener Listener [Source="GPO"] Address = * Transport = HTTP Port = 5985 Hostname Enabled = true URLPrefix = wsman CertificateThumbprint ListeningOn = 10.11.10.117,127.0.0.1,169.254.34.30,169.254.47.200,169.254.236.165,::1,fe80::5efe:10.115.63.10 7%16,fe80::5efe:169.254.34.30%45,fe80::28b8:be74:53c:2fc8%12,fe80::69a9:e@R_301_448@:12bd:63c0%15,fe80::7cf2:ec84:332f:221e%14,fe80::cdc6:5ca0:6ae2:eca5%13 $> netsh winhttp show proxy Current WinHTTP proxy settings: Direct access (no proxy server). $> Get-NetFirewallRule WINRM-HTTP-In-TCP | fl * Name : WINRM-HTTP-In-TCP ID : WINRM-HTTP-In-TCP Group : @FirewallAPI.dll,-30267 Platform : {} LSM : False DisplayName : Windows Remote Management (HTTP-In) Enabled : True Profile : Domain,Private Direction : Inbound Action : Allow EdgeTraversalPolicy : Block PrimaryStatus : OK Status : The rule was parsed successfully from the store. (65536) EnforcementStatus : NotApplicable PolicyStoreSourceType : Local Caption : Description : Inbound rule for Windows Remote Management via WS-Management. [TCP 5985] ElementName : @FirewallAPI.dll,-30253 InstanceID : WINRM-HTTP-In-TCP CommonName : PolicyKeywords : PolicyDecisionStrategy : 2 PolicyRoles : ConditionListType : 3 CreationClassName : MSFT|FW|FirewallRule|WINRM-HTTP-In-TCP ExecutionStrategy : 2 Mandatory : PolicyRuleName : Priority : RuleUsage : SequencedActions : 3 SystemCreationClassName : SystemName : DisplayGroup : Windows Remote Management LocalOnlyMapping : False LooseSourceMapping : False Owner : Platforms : {} PolicyStoreSource : PersistentStore Profiles : 3 RuleGroup : @FirewallAPI.dll,-30267 StatusCode : 65536 PSComputerName : CimClass : root/standardcimv2:MSFT_NetFirewallRule CimInstanceProperties : {Caption,Description,ElementName,InstanceID...} CimSystemProperties : Microsoft.Management.Infrastructure.CimSystemProperties COMPUTERNAME$> netstat -anp tcp Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING TCP 0.0.0.0:49174 0.0.0.0:0 LISTENING TCP 0.0.0.0:49178 0.0.0.0:0 LISTENING TCP 0.0.0.0:49191 0.0.0.0:0 LISTENING TCP 10.11.10.117:135 192.168.5.71:64570 ESTABLISHED TCP 10.11.10.117:135 192.168.5.71:64571 ESTABLISHED TCP 10.11.10.117:135 192.168.5.71:64572 ESTABLISHED TCP 10.11.10.117:139 0.0.0.0:0 LISTENING TCP 10.11.10.117:3389 10.1.1.2:57970 ESTABLISHED TCP 10.11.10.117:49153 10.1.1.2:58100 ESTABLISHED TCP 10.11.10.117:50601 192.168.5.111:8014 ESTABLISHED TCP 10.11.10.117:56508 192.168.5.177:445 ESTABLISHED TCP 127.0.0.1:5985 0.0.0.0:0 LISTENING TCP 127.0.0.1:47001 0.0.0.0:0 LISTENING TCP 169.254.34.30:139 0.0.0.0:0 LISTENING SOME-WORKING-COMPUTER$> netstat -anp tcp Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING TCP 0.0.0.0:49158 0.0.0.0:0 LISTENING TCP 0.0.0.0:49187 0.0.0.0:0 LISTENING TCP 0.0.0.0:49192 0.0.0.0:0 LISTENING TCP 0.0.0.0:49199 0.0.0.0:0 LISTENING TCP 0.0.0.0:49213 0.0.0.0:0 LISTENING TCP 192.168.5.11:139 0.0.0.0:0 LISTENING TCP 192.168.5.11:5985 10.1.1.2:58153 ESTABLISHED TCP 192.168.5.11:5985 10.1.1.2:58154 ESTABLISHED TCP 192.168.5.11:5985 10.1.1.2:58156 ESTABLISHED TCP 192.168.5.11:49203 192.168.5.177:49210 ESTABLISHED TCP 192.168.5.11:49213 192.168.5.177:52784 ESTABLISHED TCP 192.168.5.11:49213 192.168.5.177:54507 ESTABLISHED TCP 192.168.5.11:49213 192.168.5.177:59034 ESTABLISHED TCP 192.168.5.11:52905 192.168.5.177:49210 TIME_WAIT TCP 192.168.5.11:52906 192.168.5.177:49210 TIME_WAIT TCP 192.168.5.11:52907 192.168.5.111:8014 ESTABLISHED TCP 192.168.5.11:52910 192.168.5.177:49210 TIME_WAIT TCP 192.168.5.11:52915 192.168.5.177:49210 TIME_WAIT TCP 192.168.5.11:52918 192.168.5.177:49210 TIME_WAIT TCP 192.168.5.11:52920 192.168.5.177:49210 TIME_WAIT TCP 192.168.5.11:52922 192.168.5.177:49210 ESTABLISHED TCP 192.168.5.11:52923 192.168.5.177:49210 ESTABLISHED TCP 192.168.5.11:52924 192.168.5.177:49210 ESTABLISHED TCP 192.168.5.11:52925 192.168.5.177:49210 ESTABLISHED TCP 192.168.5.11:52926 192.168.5.177:49210 ESTABLISHED TCP 192.168.5.11:52927 192.168.5.177:49210 ESTABLISHED TCP 192.168.5.11:54938 192.168.6.8:49157 ESTABLISHED TCP 192.168.5.11:62632 192.168.5.177:49210 ESTABLISHED TCP 192.168.5.11:64307 192.168.6.8:389 ESTABLISHED
netsh http show iplist
IP addresses present in the IP listen list: ------------------------------------------- 127.0.0.1
在这个工作的系统上,该列表是空的.起初这对我来说似乎是违反直觉的.不过,我这样做了:
> netsh http delete iplisten ipaddress=127.0.0.1
紧接着,我注意到netstat的这个输出:
>netstat -anp tcp Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING TCP 0.0.0.0:49175 0.0.0.0:0 LISTENING TCP 0.0.0.0:49179 0.0.0.0:0 LISTENING TCP 0.0.0.0:49190 0.0.0.0:0 LISTENING TCP 10.115.63.107:139 0.0.0.0:0 LISTENING TCP 10.115.63.107:3389 10.115.13.25:64873 ESTABLISHED TCP 10.115.63.107:49235 192.168.40.146:445 ESTABLISHED TCP 10.115.63.107:49291 192.168.40.45:8014 ESTABLISHED TCP 169.254.34.30:139 0.0.0.0:0 LISTENING
事实上,WinRM的工作方式应该如此.
我通过测试推测,如果没有配置HTTP侦听器,那么所有HTTP侦听器都将绑定到默认实体:0.0.0.0.由于环回地址被配置为侦听器地址,因此侦听器将绑定到此地址.
在某些时候,我必须采取一些导致此配置的操作,但我不确定如何.无论如何,它现在工作正常.谢谢大家.