Recently when I tried to add some features in Windows 2012 R2 using server manager I received this error : Failed to open the runspace pool. The Server Manager WinRM plug-in might be corrupted or missing.
I started to search for help and one of the posts I found was http://www.lukebrowning.com/sysadmin/windows/windows-server-2012-winrm-corrupt-or-missing/ – so maybe solution presented there is working – I don’t know for me it’s not.
Moreover it can break more things than you can imagine. Solution sets http listener to listen only on local host address. And if you have a web server for example, public IP address won’t be available to use on the web server for http protocol – so be carefully
So then I started digging myself. First “winrm qc” and additional error appeared.
“Negotiate” is disabled for WinRM – not a big deal we tried to build quite safe WinRM so we disabled all authentication methods for WinRM except Kerberos via GPO.
Can it be related ?? Why “Server Manager” on Windows Server would need negotiate authentication when it can use Kerberos. Well it seems it needs. With following Technet link https://technet.microsoft.com/en-us/library/hh921475(v=ws.11).aspx#Anchor_1 I discovered that both authentication mechanism are used by “Server Manager”
So when I re-enabled “Negotiate” authentication method for WinRM – client and server, thenServer Manager is working perfectly.
So be careful when you want to be secure!!! – Thank you Microsoft.