Windows Server 2012 – WinRM Corrupt or Missing – in case you want to be too secure

0 Flares 0 Flares ×

Recently when I tried to add some features in Windows 2012 R2 using server manager I received this error : Failed to open the runspace pool. The Server Manager WinRM plug-in might be corrupted or missing.

I started to search for help and one of the posts I found was – so maybe solution presented there is working – I don’t know for me it’s not.

Moreover it can break more things than you can imagine. Solution sets http listener to listen only on local host address. And if you have a web server for example, public IP address won’t be available to use on the web server for http protocol – so be carefully

So then I started digging myself. First “winrm qc” and additional error appeared.

“Negotiate” is disabled for WinRM – not a big deal we tried to build quite safe WinRM so we disabled all authentication methods for WinRM except Kerberos via GPO.

Can it be related ?? Why “Server Manager” on Windows Server would need negotiate authentication when it can use Kerberos. Well it seems it needs. With following Technet link I discovered that both authentication mechanism are used by “Server Manager”

So when I re-enabled “Negotiate” authentication method for WinRM – client and server, thenServer Manager is working perfectly.

So be careful when you want to be secure!!! – Thank you Microsoft.

0 Flares LinkedIn 0 Google+ 0 Facebook 0 Twitter 0 0 Flares ×

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.