Setup for Hyper-V, VMM, Exchange Targets - Enable WinRM Manually with Troubleshooting steps

Document created by bsong Expert on Jun 7, 2016Last modified by robert.coppersmith on Jan 8, 2019
Version 26Show Document
  • View in full screen mode

Enabling WinRM is required to connect to Hyper-V, VMM, or Exchange targets. To enable WinRM manually on a target, just run the following commands via PowerShell.


Set-Item WSMan:\localhost\Service\AllowUnencrypted -Value $True

Set-WSManQuickConfig -Force


Optional - the following command is only needed for local users:

Set-Item WSMan:\localhost\Service\Auth\Basic -Value $True


Enable multiple Hyper-V, VMM, Exchange targets GPO follow the below link :  WSMan service configuration using domain GPO


However, if you would like to use Secure connection via HTTPS follow this article : WSMan/WinRM over HTTPS service configuration


IMPORTANT:  Turbonomic requires open bidirectional access over ports 5985, 5986 to validate and discover Hyper-V hosts and VMM. Additionally, if you are adding a VMM target, you still need to enable WSMAN / WinRM on both the VMM and all the underlying Hyper-V hosts as well. Also, make sure that the user has administrator permissions on the Hyper-V and VMM as well. To add a Hyper-V / VMM target please make sure to put the target name using "Fully Qualified Domain name" and username should not contain domain name. 






1)  If targeting is still failing when not using Secure connection, it is good to confirm that "AllowUnencrypted" has been set to "true". Oftentimes, this setting is still set to "false" and will prevent targeting. You can run the following PowerShell command to confirm that in the Service category, AllowUnencrypted is set to "true":


winrm get winrm/config/service



IMPORTANT:  For Hyper-V/VMM we need to have a administrator user who is part of active directory domain because we use kerberos system to validate the credentials. To check the permissions of the user and confirm it is able to go through kerberos check, you can run the following command on a powershell of a different host than the host in question :


Get-WSManInstance wmi/root/cimv2/* -Enumerate -Filter "SELECT * FROM Win32_ComputerSystem" -ComputerName hp-    -Authentication Kerberos -Credential


      ( Here, replace with actual host having issue and with the real username)


To use IP Address for target, we need to have SPN for the host. To do this, we need to add SPN for the Hyper-v / VMM by doing the following step : 

Example: setspn –A WSMAN/ VMM-02

Note: PORT is optional

   Also, You can run the following powershell command to check the permissions of the user is set to administrator or not 

winrm configSDDL default