Target IP is added to TrustedHosts. Still getting WinRM authentication failure???

Sanya2
Tera Contributor

‎08-16-2020 06:27 AM 

We are getting the following WinRM error despite adding this IP address in the TrustedHosts. What could be the reason?
WMI query on host 10.x.x.y authentication failure. query: Select * From Win32_Process WHERE (ProcessId = 324708) error: Winrs error:The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.. Access is Denied

Here's the detail from ecc logs;

08/16/20 08:54:12 (184) Worker-Interactive:ADMEPowershell-4e4d102f1b2a9010f45443b3cd4bcb59 WARNING *** WARNING *** Fatal Exception : 
New-PSSession : [10.x.x.y] Connecting to remote server 10.x.x.y failed with the following error message : 
The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: 
the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. 
Use winrm.cmd to configure TrustedHosts. 
Note that computers in the TrustedHosts list might not be authenticated. 
For more information on how to set TrustedHosts run the following command: winrm help config. 
For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ComputerName 10.x.x.y -Port 5985 -Credential $Creden ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
 + FullyQualifiedErrorId : CannotUseIPAddress,PSSessionOpenFailed
Invoke-Command : Cannot validate argument on parameter 'Session'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
At D:\MidServer-SBOX\agent\scripts\Powershell\ADMEnhanced\ADMELauncherWinRM.psm1:103 char:44
+ $firstTime = Invoke-Command -session $ps -scriptblock ${functio ...
+ ~~~
 + CategoryInfo : InvalidData: (:) [Invoke-Command], ParameterBindingValidationException
 + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommand
 
Invoke-Command : Cannot validate argument on parameter 'Session'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
At D:\MidServer-SBOX\agent\scripts\Powershell\ADMEnhanced\ADMELauncherWinRM.psm1:109 char:41
+ $result = Invoke-Command -session $ps -scriptblock ${function:l ...
+ ~~~
 + CategoryInfo : InvalidData: (:) [Invoke-Command], ParameterBindingValidationException
 + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommand
 
Error launching process
At D:\MidServer-SBOX\agent\scripts\Powershell\ADMEnhanced\ADMELauncherWinRM.psm1:113 char:9
+ throw "Error launching process"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 + CategoryInfo : OperationStopped: (Error launching process:String) [], RuntimeException
 + FullyQualifiedErrorId : Error launching process


Labels:
0 Helpfuls
  • 2,988 Views
8 REPLIES 8

Ashutosh Munot1
Kilo Patron
Kilo Patron
In response to Sanya2

‎08-17-2020 04:01 AM

Hi,

What about trying the telnet or ping or simple powershell from mid serve to target machine.

Thanks,
Ashutosh

0 Helpfuls

Sanya2
Tera Contributor
In response to Ashutosh Munot1

‎08-17-2020 06:26 AM

When I give the following command from the midserver host I get the result properly (as expected);

C:\Users\XXX>wmic /NODE:10.x.x.Y /user:aaa\XXX /password:***** cpu get

 

0 Helpfuls

AJugovic
Tera Expert
In response to Sanya2

‎09-21-2020 11:30 AM

Any updates around this issue? We're experiencing it as well after we went to NY Patch 10. 

0 Helpfuls

Daniel Carvalho
Kilo Guru
In response to Ashutosh Munot1

‎06-14-2021 05:15 AM

Hello @Ashutosh Munot 

Can you please confirm one other information?

Given this very scenario, I am bringing 2 information pieces bellow:

"under the following conditions: the transport is HTTPS "

and

"New-PSSession -ComputerName 10.x.x.y -Port 5985 -Credential $Credential"

Assuming all matters on MID Server configurations parameters on default for WMI/WinRM is OK and also that there are no problems on TrustdHosts, I am still in doubt regarding the use of SSL/HTTPS.

As per here:
https://stackoverflow.com/questions/6587426/powershell-remoting-with-ip-address-as-target

It is said that SSL/HTTPS is not configured by default.

Therefore, we would need to adjust the command to add "-UseSSL".

Is this adjustment to the default code of the WinRM pattern really needed?

Cordial

Daniel

 

 

0 Helpfuls