PowerShell protocols and troubleshooting

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of PowerShell protocols and troubleshooting

    PowerShell utilizes Windows Management Instrumentation (WMI) and Windows Remote Management (WinRM) protocols to execute orchestration commands on remote Windows hosts. These protocols enable management and data retrieval from local or remote systems, facilitating automation and remote administration within ServiceNow environments.

    Show full answer Show less

    Windows Management Instrumentation (WMI)

    WMI provides a standardized interface for accessing management data across systems. It comprises:

    • Managed objects and WMI providers: COM objects monitoring enterprise components such as disks, network adapters, processes, and services.
    • WMI infrastructure: Includes the WMI service (winmgmt), core components, and a repository organized into namespaces like root\cimv2. These namespaces contain class definitions used for management queries.
    • WMI consumers: Applications or scripts that query, enumerate, or subscribe to WMI data using COM or scripting APIs.

    Configuration: For the MID Server to connect successfully, TCP port 135 must be open. Windows Firewall typically manages this by enabling an inbound rule named Windows Management Instrumentation (DCOM-In).

    Windows Remote Management (WinRM)

    WinRM implements the WS-Management protocol, a SOAP-based standard for interoperable hardware and OS management. Its components include:

    • WinRM Scripting API: Enables orchestration scripts to perform WS-Management operations on remote machines.
    • WMI Service: Continues to run alongside WinRM to provide data via the WMI plug-in, allowing access to standard WMI classes like Win32Process.

    Configuration: WinRM is pre-installed on Windows Server 2008 R2 and later but requires configuration before use. Running winrm quickconfig from the command prompt:

    • Starts and sets the WinRM service to auto-start.
    • Creates listeners on HTTP/HTTPS ports for WS-Management communication.
    • Establishes appropriate firewall exceptions for the current user profile.

    MID Server PowerShell Files

    PowerShell functions used by the MID Server are stored in script files with .ps1 extensions and grouped into PowerShell Script modules with .psm1 extensions. This modular approach supports reusable and organized automation scripts.

    Troubleshooting

    Common issues preventing PowerShell activities from executing on target hosts include authentication failures and access denied errors. Ensuring proper permissions and firewall configurations is critical for successful remote command execution.

    PowerShell uses the Windows Management Instrumentation (WMI) and Windows Remote Management (WinRM) protocols to enable Orchestration activities to run commands on remote Windows hosts.

    Windows Management Instrumentation (WMI)

    WMI provides a uniform interface for any local or remote applications or scripts that obtain management data from a computer system, a network, or an enterprise. WMI contains these components:
    • Managed objects and WMI providers: A WMI provider is a COM object that monitors one or more managed objects for WMI. A managed object is a logical or physical enterprise component, such as a hard disk drive, network adapter, database system, operating system, process, or service.
    • WMI infrastructure: The WMI infrastructure is a Microsoft Windows operating system component know as the WMI service (winmgmt). The WMI infrastructure is composed of the WMI Core and the WMI repository. The WMI repository is organized by WMI namespaces. The WMI service creates namespaces, such as root\default, root\cimv2, and root\subscription, at system startup and preinstalls a default set of class definitions, including the Win32 Classes, the WMI System Classes, and others. The remaining namespaces found on your system are created by providers for other parts of the operating system or products.
    • WMI consumers: A WMI consumer is a management application or script that interacts with the WMI infrastructure. A management application can query, enumerate data, run provider methods, or subscribe to events by calling either the COM API or the Scripting API for WMI.

    WMI installation and configuration

    For the MID Server to successfully make a remote connection to the target host, TCP port 135 must be open. The Windows firewall automatically creates an inbound rule for WMI connectivity called Windows Management Instrumentation (DCOM-In).

    Windows Remote Management (WinRM)

    WinRM is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP) protocol that allows hardware and operating systems from different vendors to interoperate.

    WinRM contains these components:
    • WinRM Scripting API: This scripting API enables Orchestration to obtain data from remote computers, using scripts that perform WS-Management protocol operations.
    • WMI Service: The WMI service continues to run side-by-side with WinRM and provides requested data or control through the WMI plug-in. You can continue to obtain data from standard WMI classes, such as as Win32_Process.

    WinRM configuration

    WinRM is automatically installed on Windows 2008 R2 and above operating systems, but must be configured before use.
    1. In a command prompt, enter winrm quickconfig. This command is not case sensitive.
    2. When the console displays Make these changes [y/n]?, enter y.

      The winrm quickconfig command performs the following operations:

      • Starts the WinRM service, and sets the service startup type to auto start.
      • Configures a listener for the ports that send and receive WS-Management protocol, using either HTTP or HTTPS on any IP address.
      • Creates a firewall exception for the current user profile.