Setup for Hyper-V, VMM, Exchange Targets - Enable WinRM Manually with Troubleshooting steps

Document created by bsong Expert on Jun 7, 2016Last modified by praveen.vaddepally on Jul 31, 2018
Version 20Show Document
  • View in full screen mode

Enabling WinRM is required to connect to Hyper-V, VMM, or Exchange targets. To enable WinRM manually on a target, just run the following commands via PowerShell.

 

Set-WSManQuickConfig -Force

Set-Item WSMan:\localhost\Service\AllowUnencrypted -Value $True

 

Optional - the following command is only needed for local users:

Set-Item WSMan:\localhost\Service\Auth\Basic -Value $True

 

 

Enable multiple Hyper-V, VMM, Exchange targets via GPO:

WSMan service configuration using domain GPO or for HTTPS WSMan/WinRM over HTTPS service configuration

 

IMPORTANT: If you are adding a VMM target, you still need to enable WSMAN / WinRM on the underlying Hyper-V hosts and clusters as well. Also, make sure that the user has administrator permissions on the Hyper-V and VMM as well. To add a Hyper-V / VMM target please make sure to put the target name using "Fully Qualified Domain name" and username should not contain domain name. 

 

 

TROUBLESHOOTING :

 

1)  If targeting is still failing, it is good to confirm that "AllowUnencrypted" has been set to "true". Oftentimes, this setting is still set to "false" and will prevent targeting. You can run the following PowerShell command to confirm that in the Service category, AllowUnencrypted is set to "true":

 

winrm get winrm/config

 

 

IMPORTANT:  For Hyper-V/VMM we need to have a administrator user who is part of active directory domain because we use kerberos system to validate the credentials. To check the permissions of the user and confirm it is able to go through kerberos check, you can run the following command on a powershell of a different host than the host in question :

 

Get-WSManInstance wmi/root/cimv2/* -Enumerate -Filter "SELECT * FROM Win32_ComputerSystem" -ComputerName hp-             dl591.corp.vmturbo.com -Authentication Kerberos -Credential john.doe@corp.vmturbo.com

 

      ( Here, you replace hp-dl591.corp.vmturbo.com with actual host having issue and john.doe@corp.vmturbo.com with the real username)

 

 

   You can run the following powershell command to check the permissions is set to administrator or not 

winrm configSDDL default
3 people found this helpful

Attachments

    Outcomes