WinRM无法连接到远程机器

tag-icon tag-icon windows powershell remote-access winrm
WinRM无法连接到远程机器

我发过一个问题,但还没有得到答复,而且最近也没有活动,所以我重新发了。如果这不是正确的做法,我很抱歉,但我整整一周都在努力完成这件事。

我正在尝试运行一个脚本,该脚本会为我域中的用户远程安装程序。我可以在自己的计算机上顺利运行该脚本,但当我在域中的另一台计算机上运行该脚本时,我收到以下错误

连接到远程服务器 (computername) 失败,并显示以下错误消息:WinRM 无法完成该操作。请验证指定的计算机名称是否有效、计算机是否可通过网络访问,以及 WinRM 服务的防火墙例外是否已启用并允许从此计算机进行访问。默认情况下,公共配置文件的 WinRM 防火墙例外会限制对同一本地子网内的远程计算机的访问。有关详细信息,请参阅 about_Remote_Troubleshooting 帮助主题

我已经配置了 winRM 和 winRM GPO,并关闭了防火墙,但我仍然收到相同的错误。我觉得我已经用尽了所有办法,所以希望得到一些帮助。

我尝试过的事情:

  • 检查防火墙是否阻止端口
  • 通过域上的 GPO 配置 winRM,ipv4 和 ipv6 正在监听 *
  • 在两台计算机上运行 Enable-PSRemoting -Force 和 winrm /quickconfig
  • 运行 winrm id -r:(mymachine),它在我的计算机上有效,但在我尝试远程访问的计算机上无效,因为我收到错误:
WSManFault
    Message = WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

Error number:  -2144108250 0x80338126
WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.
  • 运行 telnet (TargetMachine) 5985 失败并出现错误连接到(计算机名称)...无法在端口 5985 上打开与主机的连接:连接失败
  • 当我运行“winrm get winrm/config”和“winrm get wmicimv2/Win32_Service?Name=WinRM”时,我得到的输出是:
Config
    MaxEnvelopeSizekb = 500
    MaxTimeoutms = 60000
    MaxBatchItems = 32000
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = false
        Auth
            Basic = true
            Digest = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = false
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts = ()ComputerName)
    Service
        RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
        MaxConcurrentOperations = 4294967295
        MaxConcurrentOperationsPerUser = 1500
        EnumerationTimeoutms = 240000
        MaxConnections = 300
        MaxPacketRetrievalTimeSeconds = 120
        AllowUnencrypted = false
        Auth
            Basic = false
            Kerberos = true
            Negotiate = true
            Certificate = false
            CredSSP = false
            CbtHardeningLevel = Relaxed
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        IPv4Filter = * [Source="GPO"]
        IPv6Filter = * [Source="GPO"]
        EnableCompatibilityHttpListener = false
        EnableCompatibilityHttpsListener = false
        CertificateThumbprint
        AllowRemoteAccess = true [Source="GPO"]
    Winrs
        AllowRemoteShellAccess = true
        IdleTimeout = 7200000
        MaxConcurrentUsers = 2147483647
        MaxShellRunTime = 2147483647
        MaxProcessesPerShell = 2147483647
        MaxMemoryPerShellMB = 2147483647
        MaxShellsPerUser = 2147483647

Win32_Service
    AcceptPause = false
    AcceptStop = true
    Caption = Windows Remote Management (WS-Management)
    CheckPoint = 0
    CreationClassName = Win32_Service
    DelayedAutoStart = null
    Description = Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine.  The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
    DesktopInteract = false
    DisplayName = Windows Remote Management (WS-Management)
    ErrorControl = Normal
    ExitCode = 0
    InstallDate = null
    Name = WinRM
    PathName = C:\WINDOWS\System32\svchost.exe -k NetworkService -p
    ProcessId = 15760
    ServiceSpecificExitCode = 0
    ServiceType = Share Process
    Started = true
    StartMode = Auto
    StartName = NT AUTHORITY\NetworkService
    State = Running
    Status = OK
    SystemCreationClassName = Win32_ComputerSystem
    SystemName = (ComputerName)
    TagId = 0
    WaitHint = 0
  • 我还可以执行诸如在目标计算机上创建文件夹之类的操作。但在目标计算机上安装程序失败。

我现在记不清我尝试过的每件小事的具体内容,但如果你建议某件事,我可以证实我已经尝试过它。

我遵循了网上的许多建议,包括远程 PowerShell、WinRM 故障:WinRM 无法完成操作

但仍然..什么也没有。

相关内容