KBI 311178 Enabling PowerShell Remoting

Version

Argent Advanced Technology all versions

Date

Thursday, 12 March 2015

Summary

Occasionally Performance Rules, System Rules and WMI Script Rules cannot give the required data from a remote machine, because the required Performance Counter has not been defined by Microsoft

For example, a remote machine is not accepting TCP connections and it is found by using the NETSTAT command that the TCP active connections value for Close Wait is in the thousands

Clearly, knowing the value of Close Wait is important

While it is possible to monitor TCP Active Connections via Performance Counters, the Close Wait value is not available because no Windows Performance Counter for Close Wait is defined by Microsoft

However, this can be done using NETSTAT itself via a remote connection

A remote connection can execute NETSTAT on a remote machine by Telnet, Windows Sysinternals PsExec or Windows Remote Management (WinRM)

WinRM is standard on Windows platforms and has the added benefit of being able to be secured, in contrast to Telnet and PsExec

Technical Background

Check PowerShell Remote Management Status

The following assumes both the Argent server and the remote machine are joined to the same domain

On the remote machine do the following:

Open PowerShell and check the WinRM Service status:

PS C:\ &gt Get-Service winrm

Status Name Display Name
Running winrm Windows Remote Management (WS-Manag…

If stopped, start service

On the Argent Server do the following:

Open Command Prompt (cmd) and check status of remote machine:

C:\ &gt winrm id -remote:SERVER01

Pass

IdentifyResponse

ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd

ProductVendor = Microsoft Corporation

ProductVersion = OS: 6.1.7601 SP: 1.0 Stack: 2.0

Fail

WSManFault

Message = The WinRM client cannot complete the operation within the time specified

Check if the machine name is valid and is reachable over the network and firewall exception for Windows Remote Management service is enabled

Enable PowerShell Remoting

If winrm remote test fails, run the following on the remote machine:

Open PowerShell and enable PowerShell Remoting:

PS C:\ > Enable-PSRemoting -force

Note:

The Enable-PSRemoting cmdlet performs the following operations:

  1. Runs the Set-WSManQuickConfig cmdlet, which performs the following tasks:
    • Starts the WinRM service
    • Sets the startup type on the WinRM service to Automatic
    • Creates a listener to accept requests on any IP address
    • Enables a firewall exception for WS-Management communications
  2. Enables all registered Windows PowerShell session configurations to receive instructions from a remote computer
    • Registers the “Microsoft.PowerShell” session configuration, if it is not already registered
    • Registers the “Microsoft.PowerShell32” session configuration on 64-bit computers, if it is not already registered
    • Removes the “Deny Everyone” setting from the security descriptor for all the registered session configurations
    • Restarts the WinRM service to make the preceding changes effective

To run this cmdlet on Windows Vista, Windows Server 2008, and later versions of Windows, Windows PowerShell must be started with the “Run as administrator” option

Resolution

N/A