locked
Can't connect to server via Power Shell -- WinRM status code 301 RRS feed

  • Question

  • New-PSSession : [___________] Connecting to remote server ___________ failed with the following error 
    message : The WinRM client received an HTTP status code of 301 from the remote WS-Management service. For more information, 
    see the about_Remote_Troubleshooting Help topic.

    Got the same issue as discussed here ealrier (can't attach link due to my account restrictions, but the name of topic is "EMS can't connect to server - WinRM status code 301")

    but in my case HTTP redirect for Power Shell site is not enabled, and I have turned URL Rewrite off as well.

    Any other ideas?

    Wednesday, August 19, 2020 12:25 PM

All replies

  • Verify that your source server can connect to the target one
    Open PowerShell on your target server and execute the following cmdlet to view all trusted hosts that can connect to that server. By default, the list of trusted hosts is empty.
    Get-Item WSMan:\localhost\Client\TrustedHosts
    If your source machine is not listed as a trusted host, you can add it to the list by running this cmdlet:
    Set-Item WSMan:\localhost\Client\TrustedHosts -Value '<ComputerName>' -Concatenate
    where '<ComputerName>' is the FQDN of the host. Using the asterisk (*) wildcard character is permitted, e.g. *.domain.com. You can also allow all machines to connect by inserting the asterisk only:

    Set-Item WSMan:\localhost\Client\TrustedHosts -Value '*'
    Disable the SSL requirement 
    If the SSL connection cannot be established, you can consider disabling SSL requirement for PowerShell connections. To do so, follow these steps:

    Open Internet Information Services (IIS) Manager.
    Navigate to <Your Server> > Sites > Default Web Site > PowerShell.
    Double-click SSL Settings (Fig. 2).
    Accessing the SSL settings in IIS Manager
    Fig. 2. Accessing the SSL settings in IIS Manager.

    Clear the Require SSL checkbox and select to Ignore client certificates (Fig. 3). Apply the changes.
    Disabling the SSL requirement for PowerShell.
    Fig. 3. Disabling the SSL requirement for PowerShell.

    Warning

    Keep in mind that disabling the SSL requirement should only be done in an isolated environment where there is no threat of intercepting the migrated data over a wire.

    The network configuration prevents the connection
    If you have followed all the steps above and are still unable to configure the connection, double check your network configuration, including all physical/software firewalls. By default, PowerShell uses the following TCP ports communication:

    5985 (or 80) for HTTP
    5986 (or 443) for HTTPS.
    Simulating a remote PowerShell session
    You may attempt to manually simulate a remote PowerShell session in order to connect to your target server in the same way this is done by the software. This will help you verify whether the problem is related to the CodeTwo software or a specific configuration of your environment.

    To do so, follow these steps:

    when connecting via FQDN, refer to this article;
    when connecting via IP, use the following commands in Windows PowerShell:
    $LiveCred = Get-Credential
    $SessionOpt = New-PSSessionOption -SkipCACheck:$true -SkipCNCheck:$true 
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://<target-server-IP-address>/powershell/ -Credential $LiveCred -SessionOption $SessionOpt
    • Edited by Max-44 Wednesday, August 19, 2020 2:11 PM
    Wednesday, August 19, 2020 2:11 PM
  • First of all, thank you for your reply!

    But I pretty sure, that the problem is in target Exchange Sever, not the source. 

    Sorry that I haven't specified it from the start, but the problem occured after upgrade Exchange Server from CU5 to CU17. Moreover, the above-specified error occured on two different servers, that apparently use PowerShell to connect to Exchange -- Adaxes Server (AD+Exchange Administration tool) and Acronis Server (Backups). That's why I suppose, that the problem is in IIS on Exchange, but don't know where exactly.

    Nevertheless, Get-Item WSMan:\localhost\Client\TrustedHost on one of source servers returns: 

    Get-Item : Cannot find path 'WSMan:\localhost\Client\TrustedHost' because it does not exist.
    At line:1 char:1
    + Get-Item WSMan:\localhost\Client\TrustedHost
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (WSMan:\localhost\Client\TrustedHost:String) [Get-Item], ItemNotFoundExc
       eption
        + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetItemCommand

    On Exchange IIS, "Require SSL" option for PowerShell web-site is disabled.

    Firewall is not a reason as well.

    Thursday, August 20, 2020 6:57 AM