我发过一个问题,但还没有得到答复,而且最近也没有活动,所以我重新发了。如果这不是正确的做法,我很抱歉,但我整整一周都在努力完成这件事。
我正在尝试运行一个脚本,该脚本会为我域中的用户远程安装程序。我可以在自己的计算机上顺利运行该脚本,但当我在域中的另一台计算机上运行该脚本时,我收到以下错误
连接到远程服务器 (computername) 失败,并显示以下错误消息:WinRM 无法完成该操作。请验证指定的计算机名称是否有效、计算机是否可通过网络访问,以及 WinRM 服务的防火墙例外是否已启用并允许从此计算机进行访问。默认情况下,公共配置文件的 WinRM 防火墙例外会限制对同一本地子网内的远程计算机的访问。有关详细信息,请参阅 about_Remote_Troubleshooting 帮助主题
我已经配置了 winRM 和 winRM GPO,并关闭了防火墙,但我仍然收到相同的错误。我觉得我已经用尽了所有办法,所以希望得到一些帮助。
我尝试过的事情:
- 检查防火墙是否阻止端口
- 通过域上的 GPO 配置 winRM,ipv4 和 ipv6 正在监听 *
- 在两台计算机上运行 Enable-PSRemoting -Force 和 winrm /quickconfig
- 运行 winrm id -r:(mymachine),它在我的计算机上有效,但在我尝试远程访问的计算机上无效,因为我收到错误:
WSManFault
Message = WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.
Error number: -2144108250 0x80338126
WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.
- 运行 telnet (TargetMachine) 5985 失败并出现错误连接到(计算机名称)...无法在端口 5985 上打开与主机的连接:连接失败
- 当我运行“winrm get winrm/config”和“winrm get wmicimv2/Win32_Service?Name=WinRM”时,我得到的输出是:
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts = ()ComputerName)
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = * [Source="GPO"]
IPv6Filter = * [Source="GPO"]
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true [Source="GPO"]
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
Win32_Service
AcceptPause = false
AcceptStop = true
Caption = Windows Remote Management (WS-Management)
CheckPoint = 0
CreationClassName = Win32_Service
DelayedAutoStart = null
Description = Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
DesktopInteract = false
DisplayName = Windows Remote Management (WS-Management)
ErrorControl = Normal
ExitCode = 0
InstallDate = null
Name = WinRM
PathName = C:\WINDOWS\System32\svchost.exe -k NetworkService -p
ProcessId = 15760
ServiceSpecificExitCode = 0
ServiceType = Share Process
Started = true
StartMode = Auto
StartName = NT AUTHORITY\NetworkService
State = Running
Status = OK
SystemCreationClassName = Win32_ComputerSystem
SystemName = (ComputerName)
TagId = 0
WaitHint = 0
- 我还可以执行诸如在目标计算机上创建文件夹之类的操作。但在目标计算机上安装程序失败。
我现在记不清我尝试过的每件小事的具体内容,但如果你建议某件事,我可以证实我已经尝试过它。
我遵循了网上的许多建议,包括远程 PowerShell、WinRM 故障:WinRM 无法完成操作
但仍然..什么也没有。