PowerShell protocols and troubleshooting

Release version: Zurich

Updated July 31, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of PowerShell protocols and troubleshooting

PowerShell leverages Windows Management Instrumentation (WMI) and Windows Remote Management (WinRM) protocols to execute orchestration commands on remote Windows hosts. These protocols enable secure and manageable remote interactions essential for ServiceNow orchestration activities.

Show full answer Show less

Windows Management Instrumentation (WMI)

WMI provides a standardized interface for accessing management data across local or remote systems. It consists of:

Managed objects and WMI providers: Components representing system elements like drives, network adapters, processes, and services monitored through COM objects.
WMI infrastructure: The WMI service (winmgmt) includes the core engine and a repository organized into namespaces (e.g., root\cimv2), preloaded with class definitions for system management.
WMI consumers: Applications or scripts that query, enumerate, invoke methods, or subscribe to events via the COM or Scripting API.

Configuration note: For MID Server connections using WMI, TCP port 135 must be open. Windows Firewall typically auto-creates an inbound rule named "Windows Management Instrumentation (DCOM-In)" to permit this traffic.

Windows Remote Management (WinRM)

WinRM is Microsoft’s implementation of the WS-Management Protocol, enabling interoperability across diverse hardware and operating systems via SOAP. Key components include:

WinRM Scripting API: Allows orchestration scripts to perform WS-Management operations on remote machines.
WMI Service: Runs alongside WinRM to support data retrieval and control through the WMI plug-in, maintaining access to standard WMI classes like Win32Process.

Configuration steps: WinRM is installed by default on Windows 2008 R2 and later but requires configuration using the winrm quickconfig command. This command:

Starts the WinRM service and sets it to auto-start.
Configures listeners for WS-Management protocol over HTTP/HTTPS on all IP addresses.
Creates necessary firewall exceptions based on the current user profile.

MID Server PowerShell Files

PowerShell functions utilized by the MID Server are stored as script files with the .ps1 extension and organized within PowerShell Script modules identified by the .psm1 extension, enabling modular and maintainable automation scripts.

Troubleshooting

Common issues with PowerShell orchestration activities often arise from authentication failures or access denied errors when connecting to target hosts. Ensuring proper credentials and firewall configurations (e.g., open TCP port 135 for WMI and configured WinRM listeners) is critical for successful remote command execution.

PowerShell uses the Windows Management Instrumentation (WMI) and Windows Remote Management (WinRM) protocols to enable Orchestration activities to run commands on remote Windows hosts.

Windows Management Instrumentation (WMI)

WMI provides a uniform interface for any local or remote applications or scripts that obtain management data from a computer system, a network, or an enterprise. WMI contains these components:

Managed objects and WMI providers: A WMI provider is a COM object that monitors one or more managed objects for WMI. A managed object is a logical or physical enterprise component, such as a hard disk drive, network adapter, database system, operating system, process, or service.
WMI infrastructure: The WMI infrastructure is a Microsoft Windows operating system component know as the WMI service (winmgmt). The WMI infrastructure is composed of the WMI Core and the WMI repository. The WMI repository is organized by WMI namespaces. The WMI service creates namespaces, such as root\default, root\cimv2, and root\subscription, at system startup and preinstalls a default set of class definitions, including the Win32 Classes, the WMI System Classes, and others. The remaining namespaces found on your system are created by providers for other parts of the operating system or products.
WMI consumers: A WMI consumer is a management application or script that interacts with the WMI infrastructure. A management application can query, enumerate data, run provider methods, or subscribe to events by calling either the COM API or the Scripting API for WMI.

WMI installation and configuration

For the MID Server to successfully make a remote connection to the target host, TCP port 135 must be open. The Windows firewall automatically creates an inbound rule for WMI connectivity called Windows Management Instrumentation (DCOM-In).

Windows Remote Management (WinRM)

WinRM is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP) protocol that allows hardware and operating systems from different vendors to interoperate.

WinRM contains these components:

WinRM Scripting API: This scripting API enables Orchestration to obtain data from remote computers, using scripts that perform WS-Management protocol operations.
WMI Service: The WMI service continues to run side-by-side with WinRM and provides requested data or control through the WMI plug-in. You can continue to obtain data from standard WMI classes, such as as Win32_Process.

WinRM configuration

WinRM is automatically installed on Windows 2008 R2 and above operating systems, but must be configured before use.

In a command prompt, enter winrm quickconfig. This command is not case sensitive.
When the console displays Make these changes [y/n]?, enter y.
The winrm quickconfig command performs the following operations:
- Starts the WinRM service, and sets the service startup type to auto start.
- Configures a listener for the ports that send and receive WS-Management protocol, using either HTTP or HTTPS on any IP address.
- Creates a firewall exception for the current user profile.