Connecting to remote server failed using WinRM from PowerShell
If the client and the remote machine aren't on the same domain, you have one of two options:
- use HTTPS as a transport protocol
- add the remote machine to the list of trusted hosts on the client
In order to configure WinRM to use HTTPS, open up a PowerShell console as administrator on both machines and run:
winrm quickconfig -transport:https
and open port 5986 on the firewall:
netsh firewall add portopening TCP 5986 "WinRM over HTTPS"
Alternatively, you can add the remote machine as trusted host on the client by running:
winrm set winrm/config/client @{TrustedHosts="10.0.5.35"}
PowerShell remoting: Controlling what edition is being targeted (PowerShell Core or Windows PowerShell); the state of cross-platform remoting
Note: Changing what remote endpoint PowerShell [Core] targets by default - which as of 7.0 is still Window PowerShell - is being considered: see GitHub issue #11616.
It is the locally specified remoting session configuration that determines what PowerShell edition, and possibly version, will be used on the remote machine:
Ad hoc, you can use the
-ConfigurationName
parameter of remoting cmdlets such asInvoke-Command
,New-PSSession
, andEnter-PSSession
to specify a session configuration explicitly.Persistently, via configuration, you can set the default session configuration via the
$PSSessionConfigurationName
preference variable (the linked help topic also dicusses other remote-session-related preference variables, namely$PSSessionApplicationName
and$PSSessionOption
)- By default, clients connect to session configuration
microsoft.powershell
on the remote machine (see below). Therefore, you can alternatively change the definition of this configuration on the remote target machine, but note that this means that all clients that use the defaults will use the redefined configuration - see bottom for how to achieve this redefinition.
- By default, clients connect to session configuration
On the target machine of a remoting operation, Get-PSSessionConfiguration
cmdlet lists all registered session configurations that clients can use to connect to, and which you can manage with Register-PSSessionConfiguration
and Unregister-PSSessionConfiguration
:
Caveat:
Get-PSSessionConfiguration
must be run in an elevated session (as administrator), and, due to a bug in Windows PowerShell 5.1, you may have to run the following dummy command first:$null = Get-Command Test-WSMan
, so as to ensure that thewsman:
drive is defined).Session configurations whose names are prefixed with
'microsoft.powershell
' belong to Windows PowerShell.Prefix
'PowerShell.'
refers to PowerShell Core.
$PSSessionConfigurationName
defaults to 'http://schemas.microsoft.com/powershell/Microsoft.PowerShell'
in both editions, which means that Windows PowerShell is by default targeted on remote machines even if you're running from PowerShell Core:
The
Microsoft.PowerShell
part refers to the (64-bit) Windows PowerShell session configuration, as listed byGet-PSSessionConfiguration
(in lowercase).The
http://schemas.microsoft.com/powershell/
prefix is optional and can be omitted; note that usinghttps:
in the prefix does not work and will not automatically switch to an SSL-based transport; for the latter, explicit configuration is needed. Note that HTTPS/SSL-based remoting isn't necessary if all of your remoting happens within a Windows domain.
To target PowerShell Core (PowerShell v6+) on a remote machine:
Generally, PowerShell Core session configurations are version-specific, and you have two choices:
Target a major PowerShell Core version - e.g.,
PowerShell.7
- using whatever the latest v7.x version is installed on the target machine.- This is preferable, because your code then doesn't require updating every time you install a patch or minor version update on the target machine.
Target a specific version - e.g.,
PowerShell.7.1.2
- Do this only if you have multiple, side-by-side installations that share the same major version, and you explicitly need to target one of them.
Again, running
Get-PSSessionConfiguration
on the target machine, from an elevated session, tells you the names of all registered session configurations.
To target PowerShell Core ad hoc, use
-ConfigurationName PowerShell.7
, for instance:
# Connect to computer $comp and make it execute $PSVersionTable
# in PowerShell Core v7.x, which tells you what PowerShell edition
# and version is running.
Invoke-Command -ComputerName $comp -ConfigurationName PowerShell.7 { $PSVersionTable }
- To target PowerShell Core by default, persistently, from a given client machine, add something like the following to your
$PROFILE
file:
# When remoting, default to running PowerShell Core v7.x on the
# the target machines:
$PSSessionConfigurationName = 'PowerShell.7'
- To have all clients of a given remote server machine target PowerShell Core by default, persistently, you must redefine the server's
microsoft.powershell
session configuration, which requires administrative privileges; you can adapt the following snippet:
# Run WITH ELEVATION (as administrator) and
# ONLY IF YOU UNDERSTAND THE IMPLICATIONS.
$ErrorActionPreference = 'Stop'
# The configuration whose definition you want to make the new default.
$newDefaultConfigSource = 'PowerShell.7'
# Standard registry locations and names.
$defaultConfigName = 'Microsoft.PowerShell'
$configXmlValueName = 'ConfigXml'
$configRootKey = 'registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin'
# Rename the current default configuration XML to "ConfigXml.OLD" to keep a backup.
Rename-ItemProperty $configRootKey\$defaultConfigName $configXmlValueName -NewName "$configXmlValueName.OLD"
# Get the configuration XML from the configuration that should become the new default.
# Modify it to replace the source configuration name with the default configuration name.
$xmlText = (Get-ItemPropertyValue $configRootKey\$newDefaultConfigSource $configXmlValueName) -replace
('\b{0}\b' -f [regex]::Escape($newDefaultConfigSource)), $defaultConfigName
# Save the modified XML as the default configuration's config XML.
Set-ItemProperty $configRootKey\$defaultConfigName $configXmlValueName $xmlText
# Restart the WinRM service for changes to take effect.
Restart-Service WinRM
Related Topics
Why Are Both "True" and "False" Tests True
Make Bash Differentiate Between Ctrl-<Letter> and Ctrl-Shift-<Letter>
Git Post-Receive Checkout to Remote Machine
Ubuntu/Fedora: How to Add Applications in The Menus
Linux/Unix Socket Self-Connection
Ssh Service Running on Multiple Ports with Custom Rules in Linux
Nasm Assembly Linux Timer or Sleep
In Bash, How to Expand Variables Twice in Double Quotes
Change a String in a File with Sed
Linux: Find a List of Files in a Dictionary Recursively
Find Based Filename Autocomplete in Bash Script
Webdrivererror Error: Chrome Failed to Start: Exited Abnormally
Write and Read from Ttyusb0, Can't Get Response
Linux - Modify File Modify/Access/Change Time