WS-Management protocol is not supported

Overview

When using WinRM for managing IT systems, especially when (but not only) combining it with „Just enough administration“ (JEA) feature it can sometimes happen that errors occur.

Problem

When using the following command to submit an identification request that determines whether the WinRM service is running on a local or remote computer, an error occurs.

Test-WSMan -ComputerName $env:COMPUTERNAME

In Application and Service Logs > Microsoft > Windows > Windows Remote Management > Operational the following Event with EventID 49 is generated:

The WinRM protocol operation failed due to the following error: The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support the WS-Management protocol.

Cause

As far as we have been able to evaluate, the problem occurs when a GPO configures the IPv6 Listeners in the WinRM configuration incorrectly. The respective Group Policy can be configured here:

Computer Configuration > Policies > Administrative Templates: Policy definitions > Windows Components > Windows Remote Management (WinRM) > WinRM Service

Solution

If IPv6 is used then the WinRM Listener for IPv6 has to be configured with at least a valid configuration, for example a „*“ when not configuring it better. An empty IPv6 configuration will lead to communication misbehaviour.

To sum up, there are 2 ways to go.

    1. IPv6 is disabled completed then the WinRM Listener for IPv6 can be empty.
    2. IPv6 stays enabled (as it is the default) and then the WinRM Listener for IPv6 has to be configured with *. (just configuring the filter with ::1 will not be enough)

References

 

 

Leave a Reply