Start a conversation

WinRM (Windows Remote Management) Troubleshooting Tips

Here are troubleshooting steps for WinRM

You need to verify your winrm is set up correctly.  We provide scripts to setup the WinRM Configuration portion, these must be run in an elevated command prompt in order to work properly.  Command Prompt and PowerShell will interpret the commands differently because of the markup.  These should have been run and verified on Target Server and EPS BE Server.


Must be enabled on Target Server and EPS Backend Server

In winrm configuration ‘winrm get winrm/config’

CredSSP must be enabled for client and service

The Correct ports must be set 5985 5986(Default Ports, we use HTTP(5985))


Make sure the listeners were properly created.  ‘winrm enumerate winrm/config/listener'

If you get an error try running ‘winrm quickconfig’ again then check again.  Otherwise, reboot the server and verify/fix again.


In Group Policy two records should be set:(Make sure to use the correct /)



You can use  generic as shown above, or Target Server will contain records for EPS BE Server. And EPS BE will contain records for Target Server.


Each computer must be listening.  Firewall changes should be automatic.  You can check with:

Netstat –oan at the command line.  Look for 5985 to be listening


Use these commands in powershell to test the connection. (provideragentadmin will need to be either a domain admin, or a local administrator on each machine).


Change lines 3 and 4 to be your provideragentadmin account information(password, domain\provideragentadmin)

Change line 5 to point to your App Server.


1.            Log in to the EPS server

2.            Open Windows Powershell

3.            $pwd = ConvertTo-SecureString –String “password” –AsPlainText –Force

4.            $crd = New-Object -TypeName System.Management.Automation.PSCredential –ArgumentList “domain\provideragentadmin”, $pwd

5.            Enter-PSSession -Authentication Credssp -ConnectionUri "http://appserver:5985/wsman" -Credential $crd


If these commands allow you to make a remote powershell session to the Target Computer, WinRM is working correctly.



Make sure there are no overriding WinRM Settings in your DOMAIN GPO from your AD Servers.


Check SPN’s on each computer(Usually not an issue, but on rare occasion).

Setspn –L domain\computer

     Each computer should have two WSMAN\computer records for itself.


If any are missing you can set them manually using:
Setspn -A WSMAN\Server Domain\Server
Setspn -A WSMAN\Server.domain.ext Domain\Server


Setting Credentials in GPEdit on each machine from Above

Open Group Policy on the local machine. gpedit from the command prompt.

Local Computer Policy, Computer Configuration, Administrative Templates, System, Credential Delegation.
     Allow Delegating Fresh Credentials
                Add Two Records for Each Computer
                     Target server will contain either Generic or Server records for the EPSBE Server
                     EPSBE Server will contain either Generic or Server records for the Target Server
                Records to be added
                     Or Server
                            Target Server
                            EPSBE Server
     Make sure you use the correct '/' when creating these records.
Choose files or drag and drop files
Was this article helpful?
  1. Eric Hanig

  2. Posted
  3. Updated