27

I am trying to run powershell code from my computer to vm on my computer, but i keep getting this error:

Connecting to remote server failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.

my code: 

  string runasUsername = @"\aaa";
    string runasPassword = "aaa";
    SecureString ssRunasPassword = new SecureString();
    foreach (char x in runasPassword)
        ssRunasPassword.AppendChar(x);
    PSCredential credentials = new PSCredential(runasUsername, ssRunasPassword);

    var connInfo = new WSManConnectionInfo(new Uri("http://10.0.5.35/PowerShell"),
        "http://schemas.microsoft.com/powershell/Microsoft.Exchange",credentials);
    connInfo.AuthenticationMechanism = AuthenticationMechanism.Basic;

    var runspace = RunspaceFactory.CreateRunspace(connInfo);


    var domainName = "domainName.COM";
    var password = "ActiveDirectoryPassword1234";
    var ssPassword = new SecureString();
    foreach (char c in password)
        ssPassword.AppendChar(c);


    var command = new Command("New-Mailbox");

    command.Parameters.Add("FirstName", firstName);
    command.Parameters.Add("LastName", lastName);
    command.Parameters.Add("Password", ssPassword);
    command.Parameters.Add("ResetPasswordOnNextLogon", false);
    command.Parameters.Add("OrganizationalUnit", "NeumontStudents");

    runspace.Open(); <--//error here
    var pipeline = runspace.CreatePipeline();
    pipeline.Commands.Add(command);


    var results = pipeline.Invoke();

    runspace.Dispose();

What am I missing?

Enrico Campidoglio
  • 56,676
  • 12
  • 126
  • 154
woolford
  • 297
  • 1
  • 7
  • 12

3 Answers3

35

If the client and the remote machine aren't on the same domain, you have one of two options:

  • use HTTPS as a transport protocol
  • add the remote machine to the list of trusted hosts on the client

In order to configure WinRM to use HTTPS, open up a PowerShell console as administrator on both machines and run:

winrm quickconfig -transport:https

and open port 5986 on the firewall:

netsh firewall add portopening TCP 5986 "WinRM over HTTPS"

Alternatively, you can add the remote machine as trusted host on the client by running:

winrm set winrm/config/client @{TrustedHosts="10.0.5.35"}
Matthew Groves
  • 25,181
  • 9
  • 71
  • 121
Enrico Campidoglio
  • 56,676
  • 12
  • 126
  • 154
  • 2
    yup it is , i get this:"WinRM already is set up to receive requests on this machine. WinRM already is set up for remote management on this machine." – woolford Apr 15 '13 at 08:14
  • @woolford are the client and server on the same domain? – Enrico Campidoglio Apr 15 '13 at 08:31
  • There's a way to use HTTPS with a self-signed certificate: http://www.jayway.com/2011/11/21/winrm-w-self-signed-certificate-in-4-steps/ – skolima Nov 19 '13 at 17:22
  • 2
    OK, the winrm command only works if you remove the single quotes. (It still didn't solve the problem for me). – MGOwen Oct 15 '14 at 05:41
  • The first command will not run as easily as it seems. The following link will tell you how to make it run: https://www.visualstudiogeeks.com/devops/how-to-configure-winrm-for-https-manually – Luis Gouveia Apr 28 '20 at 13:48
  • 1
    I am getting `Error: Invalid use of command line` when running `winrm set winrm/config/client @{TrustedHosts=""}`. – tolache Jan 28 '22 at 08:32
  • 1
    Same ``'Invalid use'`` error for me, adding single quotes fixed it ``winrm set winrm/config/client '@{TrustedHosts="10.0.5.35"}'`` – Iomm1 Jun 16 '22 at 16:23
4

Setting this up on a new client, I had to:

  1. Run PowerShell as administrator

  2. Enable WinRM by running this command and answering yes to the prompt:

    winrm quickconfig

  3. Add the host to my trusted hosts (where 1.2.3.4 is the host's IP address):

    Set-Item wsman:localhost\client\trustedhosts -value 1.2.3.4
Eric Eskildsen
  • 4,269
  • 2
  • 38
  • 55
  • >"Enable WinRM by running this command and answering yes to the prompt: winrm quickconfig" Note you have to run this command on the client as well as server computers, else the next command will fail. – Msprg Jul 27 '23 at 15:31
2

have you enabled winrm on both machines? try running winrm quickconfig on each machine to ensure remote connectivity is enabled.

Musaab Al-Okaidi
  • 3,734
  • 22
  • 21
  • 1
    yup it is , i get this:"WinRM already is set up to receive requests on this machine. WinRM already is set up for remote management on this machine." – woolford Apr 15 '13 at 08:13
  • Try using CredSSP authentication. Look at the steps in my answer here: http://stackoverflow.com/questions/15336336/running-batch-file-on-remote-computers-using-powershell-2-0/15336790#15336790 – Musaab Al-Okaidi Apr 15 '13 at 08:49
  • CredSSP is used to allow the remote machine to pass on the client's credentials when connecting to other services (i.e. a [second-hop](http://blogs.technet.com/b/heyscriptingguy/archive/2012/11/14/enable-powershell-quot-second-hop-quot-functionality-with-credssp.aspx)). The problem in this case is that the client and the server aren't on the same domain. – Enrico Campidoglio Apr 15 '13 at 09:02
  • I understand that, but I thought this would resolve the cross domain authentication since the standard authentication is not working. – Musaab Al-Okaidi Apr 15 '13 at 09:04