33

I'm writing a powershell v2 script that I'd like to run against a remote server. When I run it, I get the error :

Connecting to remote server failed with the following error message : The WinRM client cannot process the request. Unencrypted traffic is currently disabled in the client configuration. Change the client configurati on and try the request again. For more information, see the about_ Remote_Troubleshooting Help topic.

I looked at the online help for about _ Remote_Troubleshooting, but it didn't point me towards how to enable unecrypted traffic. Below is the script that I'm using that is causing me problems.

Note: I have already run Enable-PSRemoting on the remote machine to allow it to accept incoming requests.
I have tried to use a session option variable, but it doesn't seem to make any difference.

$key = "HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds"
Set-ItemProperty $key ConsolePrompting True

$tvar = "password"
$password = ConvertTo-SecureString -string $tvar -asPlainText –force
$username="domain\username"
$mySessionOption = New-PSSessionOption -NoEncryption 
$credential = New-Object System.Management.Automation.PSCredential($username,$password)

invoke-command -filepath C:\scripts\RemoteScript.ps1  -sessionoption $mySessionOption -authentication digest -credential $credential -computername RemoteServer

How do I enable unencrypted traffic?

Paul Rowland
  • 8,244
  • 12
  • 55
  • 76
Peter Walke
  • 2,497
  • 6
  • 33
  • 50

5 Answers5

51

AllowEncrypted is defined on the client end, via the WSMAN: drive. You must be running powershell.exe (or powershell_ise.exe) as an elevated process.

ps> cd WSMan:\localhost\Client
ps> dir
Name                      Value
----                      -----
NetworkDelayms            5000
URLPrefix                 wsman
AllowUnencrypted          false
Auth
DefaultPorts
TrustedHosts

You would change it like so (after changing to the directory above):

Set-Item .\allowunencrypted $true

Hope this helps,

  • Oisin
avi12
  • 2,000
  • 5
  • 24
  • 41
x0n
  • 51,312
  • 7
  • 89
  • 111
  • 1
    Same problem here, even after doing what you said, still throwing same error. any idea? – unruledboy Feb 24 '13 at 23:54
  • @unruledboy Look again - does it really say " Unencrypted traffic is currently disabled in the _client_ configuration" ? – x0n Mar 10 '13 at 19:21
12

You probably will need to set the AllowUnencrypted config setting in both the Client and the Service. The Service setting has to be changed in the remote server using the following:

set-item -force WSMan:\localhost\Service\AllowUnencrypted $true

And don't forget to also enable Digest Authorization:

set-item -force WSMan:\localhost\Service\Auth\Digest $true
Jason Plank
  • 2,336
  • 5
  • 31
  • 40
KenSV
  • 121
  • 2
3

You can allow unencrypted traffic on the client with the following command (execute it on the client):

winrm set winrm/config/client '@{AllowUnencrypted="true"}'

To verify, you can get the whole config (client and service) with this command:

winrm get winrm/config

Be aware that each machine has two configs (one for being a client, one for beeing a server). To allow unencrypted traffic on the server, execute the following command on the server:

winrm set winrm/config/service '@{AllowUnencrypted="true"}'
stackprotector
  • 10,498
  • 4
  • 35
  • 64
1

This worked for me:

enable-wsmancredssp –role server
c0D3l0g1c
  • 3,020
  • 5
  • 33
  • 71
0

If the parameter AllowUnencryptedTraffic is under GPO, you can set it through registrar:

$RegPath = 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client'
$RegUnencryptedTraffic = 'AllowUnencryptedTraffic'
$RegValue = '1'
Set-ItemProperty -Path $RegPath -Name $RegUnencryptedTraffic -Value $RegValue
Kzo
  • 1
  • 2