PowerShell protocols and troubleshooting

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of PowerShell protocols and troubleshooting

    PowerShell utilizes Windows Management Instrumentation (WMI) and Windows Remote Management (WinRM) to execute commands on remote Windows hosts, facilitating orchestration activities. Understanding these protocols is crucial for effective integration and troubleshooting within ServiceNow environments.

    Show full answer Show less

    Key Features

    • Windows Management Instrumentation (WMI): Provides a standardized interface for managing data from local or remote systems, consisting of managed objects, WMI providers, and WMI consumers.
    • WMI Infrastructure: Comprises the WMI service, core components, and namespaces that organize system data.
    • Windows Remote Management (WinRM): Implements the WS-Management Protocol, allowing for interoperability across various hardware and operating systems.
    • WinRM Configuration: Requires setup on Windows 2008 R2 and newer systems using the command winrm quickconfig to enable remote management.
    • MID Server PowerShell Files: Functions are stored in script files (.ps1) and PowerShell Script modules (.psm1).

    Key Outcomes

    By properly configuring WMI and WinRM, ServiceNow customers can ensure successful remote command execution, enhancing automation capabilities. Awareness of common authentication issues and errors will facilitate faster troubleshooting and integration with external applications.

    PowerShell uses the Windows Management Instrumentation (WMI) and Windows Remote Management (WinRM) protocols to enable Orchestration activities to run commands on remote Windows hosts.

    Windows Management Instrumentation (WMI)

    WMI provides a uniform interface for any local or remote applications or scripts that obtain management data from a computer system, a network, or an enterprise. WMI contains these components:
    • Managed objects and WMI providers: A WMI provider is a COM object that monitors one or more managed objects for WMI. A managed object is a logical or physical enterprise component, such as a hard disk drive, network adapter, database system, operating system, process, or service.
    • WMI infrastructure: The WMI infrastructure is a Microsoft Windows operating system component know as the WMI service (winmgmt). The WMI infrastructure is composed of the WMI Core and the WMI repository. The WMI repository is organized by WMI namespaces. The WMI service creates namespaces, such as root\default, root\cimv2, and root\subscription, at system startup and preinstalls a default set of class definitions, including the Win32 Classes, the WMI System Classes, and others. The remaining namespaces found on your system are created by providers for other parts of the operating system or products.
    • WMI consumers: A WMI consumer is a management application or script that interacts with the WMI infrastructure. A management application can query, enumerate data, run provider methods, or subscribe to events by calling either the COM API or the Scripting API for WMI.

    WMI installation and configuration

    For the MID Server to successfully make a remote connection to the target host, TCP port 135 must be open. The Windows firewall automatically creates an inbound rule for WMI connectivity called Windows Management Instrumentation (DCOM-In).

    Windows Remote Management (WinRM)

    WinRM is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP) protocol that allows hardware and operating systems from different vendors to interoperate.

    WinRM contains these components:
    • WinRM Scripting API: This scripting API enables Orchestration to obtain data from remote computers, using scripts that perform WS-Management protocol operations.
    • WMI Service: The WMI service continues to run side-by-side with WinRM and provides requested data or control through the WMI plug-in. You can continue to obtain data from standard WMI classes, such as as Win32_Process.

    WinRM configuration

    WinRM is automatically installed on Windows 2008 R2 and above operating systems, but must be configured before use.
    1. In a command prompt, enter winrm quickconfig. This command is not case sensitive.
    2. When the console displays Make these changes [y/n]?, enter y.

      The winrm quickconfig command performs the following operations:

      • Starts the WinRM service, and sets the service startup type to auto start.
      • Configures a listener for the ports that send and receive WS-Management protocol, using either HTTP or HTTPS on any IP address.
      • Creates a firewall exception for the current user profile.