WinRM client errors in Remote Access console

Good afternoon DirectAccess admins! Today’s posting is going to go over a recent error I’ve seen with a customer that took some time to work through.  I appreciate the customer from California for being so patient working through this error!

I was working to setup a new DirectAccess install for a customer.  We went through all the recommended actions to setup the server including grabbing all OS Windows Updates, configuring the network properly, and then finally adding the Remote Access role.  Everything was moving along great until we opened up the Remote Access console to actually configure DirectAccess as shown below :

SetupWizard

We highly recommend running the second wizard (Run the Remote Access Setup Wizard) for any real install of DirectAccess outside of a lab.  The Getting started wizard is great for a real simple install but makes many assumptions that are not appropriate for any enterprise level install of DirectAccess.  So at my customer we selected the Run the Remote Access Setup Wizard highlighted above.  Once we selected this option, you will get presented if you would like to install VPN, DirectAccess, or VPN & DirectAccess on the same server :

vpnDA

This gives you the nice option of running both VPN & DirectAccess on the same server is desired.  Don’t worry if you just select Deploy DirectAccess only, it’s possible to easily go back and add the VPN functionality if desired.  At my customer they just wanted to run DirectAccess so we selected the Deploy DirectAccess only option.  At this point, the DirectAccess setup wizard will do a check of the server to make sure you are logged in with a domain account that has permissions to update GPOs, check to make sure IPv6 hasn’t been disabled on the local machine, and other OS configuration settings.  It does most of this using WinRM on the local machine and will look something like this :

prereq

You can get more basic information about WinRM here from Microsoft :

http://msdn.microsoft.com/en-us/library/aa384291(v=vs.85).aspx

On Windows 2012 or Windows 2012 R2, we have WinRM running by default and it should already be properly configured.

So at my customer during the checking prerequisites screen, we saw this puzzling error that said “The WinRM client cannot process the request because the server name could not be resolved.”

winrmerror

So we checked some basic WinRM items including if the actual Windows Remote Management service is running :

winrmservice

We found the service was running so we moved onto the next step of troubleshooting.  We ran the winrm command which allows you to manage the WinRM service on a machine.  To make sure WinRM is properly configured and running, we ran the following winrm command :

winrmqc

This showed us that WinRM was properly configured and running so we moved on with our troubleshooting.  Next we tried to query WinRM and we actually discovered the same error as our setup wizard :

winrmID

So we finally were able to reproduce our error from the setup wizard!  The WinRM id failed and this is the command that’s being used to query information on the local machine.  Be sure to note the extra “-remote:” switch that’s also added.  This means the query must work over the network.  We found the remote name being used resolved properly to the local IP address of our DirectAccess server.  We continued our troubleshooting with a network capture and found our WinRM packets going out to a proxy server on our network!  This was being caused by a proxy server configured on our DirectAccess server.  We found the culprit proxy by running the following netsh command :

proxy

To fix our issue, we ran another netsh command to reset the proxy server information :

proxyreset

After we ran the netsh winhttp proxy reset command, we were able to get past the checking prerequisites screen and continue our DirectAccess setup.

It’s critical that WinRM is working properly on your DirectAccess servers otherwise it will block you from running setup as shown above.  Another error that you can run across with WinRM and the Remote Access console is this Configuration Load Error :

ConfigLoadError

The WinRM error you will see says :

“The WinRM client cannot process the request because the server name cannot be resolved”

Looks familiar from above!  It’s important to go through the WinRM troubleshooting process to ensure it’s running correctly on this DirectAccess server.  As a handy guide, you can refer to this great WinRM troubleshooting guide :

http://blogs.technet.com/b/jonjor/archive/2009/01/09/winrm-windows-remote-management-troubleshooting.aspx

Hopefully this will help anyone else out there solve the mysteries of WinRM errors encountered with DirectAccess!

Tags: , , , , , , , , , , , , , ,

Categories: Install Tips, Troubleshooting DirectAccess

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: