Thursday, February 10, 2011

HOW TO - Fix WinRM Service failed to create

Small Business Server 2003, Event ID: 10154, Source: WinRM, Type: Warning

The WinRM service failed to create the following SPNs: WSMAN/hostname.domainname.local; WSMAN/INK.

Additional Data:

The error received was 8344: Insufficient access rights to perform the operation. .

User Action

The SPNs can be created by an administrator using setspn.exe utility.

   1. run - setspn -L <hostname>
   2. You’ll see no entries for WSMAN/<hostname> or WSMAN/<FQDN>
   3. Run ADSIEDIT.MSC
   4. Browse to Domain
         1. DC=domainname
               1. OU=Domain Controllers
                     1. CN=<HOSTNAME>
   5. Right click on CN=<HOSTNAME>, where <HOSTNAME> is the name of the server throwing the error, in this case it is the SBS2003, click Properties.
   6. Click the Security Tab
         1. click Add / “Network Service”
         2. Then check (X) to allow access to “Validated write to service principal name”
         3. Click OK
   7. Run Services.msc
   8. Restart the “Windows Remote Management (WS-Management)” service
   9. Check event log for errors.
  10. Re-Run - setspn -L <hostname>
  11. Locate entries for WSMAN/<hostname> or WSMAN/<FQDN>

18 comments:

  1. Worked like a Charm, Thanks Jeff!!!

    ReplyDelete
  2. Might be worth mentioning that you need the windows server support tools installed to run any of the commands in this post.

    ReplyDelete
  3. Thanks mate that worked great :)

    ReplyDelete
  4. Excellent!, work on my Windows 2008 R2 Domain!

    Thanks

    ReplyDelete
  5. Nicely done! Warning is gone.

    Thank you bud!

    ReplyDelete
  6. Still getting same error even after running these commands and making sure the SPNs are present in ADSI Edit. Any other suggestions? Domain Controller is 2008 R2 and the member server is also 2008 R2. Logged in to both servers as domain admin. Thanks.

    ReplyDelete
  7. I am experiencing this issue on a Windows 2003R2 sp2 server that is NOT a DC but, with the following difference: Additional Data
    The error received was 8235: A referral was returned from the server.

    I went through the steps regarding adsiedit, however the settings specified already exist in the manner specified in your instructions @ 6-2. Any further ideas as to what I might be able to do?

    ReplyDelete
  8. Win Svr 2012 worked. Thanks for the great write up!

    ReplyDelete
  9. SBS2003 worked ... thanks so much

    ReplyDelete
  10. In our case it was also necessary to reboot the server (2008 R2).

    ReplyDelete
  11. Worked on my Win2003 server. Thx

    ReplyDelete
  12. Still working today with a windows 2012 r2 Domain Controller

    ReplyDelete