WinRM QuickConfig fail with Error number -2147024894 0x80070002 The system cannot find the file specified

Try the below:


sc config WinRM start= delayed-auto
net start WinRM
winrm create winrm/config/listener?Address=*+Transport=HTTP
netsh firewall add portopening TCP 80 "Windows Remote Management"

The final line opens the fw for winrm

Ensure you run this as administrator

Tried. Not helped.
Log is enclosed.
winrm.log

This will resolve it for you

http://www.minasi.com/newsletters/nws1304.htm

Sorry. But for sure you mistaken!
You had read only couple of lines in the log and started to think that you know what is the problem is but that is not true.

Please see carefully - I had run there a "powershell .\fixNetwork.ps1" command which changed the "Public" network to "Work network".

And then I had run the "winrm qc" again, this time it was reported the error I stuck with - "Message = Unable to check the status of the firewall. Error number:  -2147024894 0x80070002. The system cannot find the file specified."

Only this error is the problem. The other message about Public network is not a problem at all. I'm able to solve that using the .\fixNetwork.ps1 script.

Do you have any idea how to solve the problem with the last error message in a log?

I am not sure what your fix network ps1 does it would help posting that so I could have a better idea of the actions.

I posted the solutions for changing the network type since the exception is firewall related due to network state. If your script changes the network state, please enable then disable your firewall and try again.  It is also worth it to run the firewall rule addition after you have changed your network setting.  

Run your fix network script verify your firewall is enabled then disabled run winrm qc   If you experience any errors restart the firewall then add the rule and run quick config again.

Ok.
Restarted a firewall service (run "restart-service MpsSvc" in PS).
Tried "winrm qc" again - got exactly the same error again.

Changed FW to ON, restarted FW again.
Tried "winrm qc" again - got exactly the same error again.

Please note: I can only control FW for "Home" and "Public" networks. I cannot control FW for "Domain" network because it is controlled by domain policy. FW for "Domain" network is always OFF. So, FW for "Domain" network is disabled in Windows GUI and there is a message "For your security some settings are managed by your system administrator".

Any more ideas?

What was the output from the command to add the firewall rule after updating network profile ? I did not see that in your comments ?

Also here is some helpful information to help you understand what is being done and why. There are manual options to enable if you have group policy overrides which seem to be the case here.  
Note  The winrm quickconfig command creates a firewall exception only for the current user profile. If the firewall profile is changed for any reason, winrm quickconfig should be run to enable the firewall exception for the new profile; otherwise, the exception might not be enabled.


Give the link below a careful read before proceeding, most if not all your questions should be answered.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa384372(v=vs.85).aspx

>> What was the output from the command to add the firewall rule
>> after updating network profile ? I did not see that in your comments ?

Please see the original log file I had posted - the command which is adding FW rule is always generates exactly the same output despite of any type of network profile.

But specially for you I just redone the same, please see the new log enclosed.
winrm2.log

Ok so you need to run the following


For Windows Server 2008 with Winrm 1.1
netsh advfirewall firewall add portopening TCP 80 "Windows Remote Management"

For Windows Server 2008 R2 with Winrm 2.0
netsh advfirewall firewall add portopening TCP 5985 "Windows Remote Management"

What about Windows 7 ?
As you can see - I mentioned that I need that on Windows 7.

Note: I just tried to run commands:

PS C:\> netsh firewall add portopening TCP 5985 "Windows Remote Management"

IMPORTANT: "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .


PS C:\> Restart-Service MpsSvc
PS C:\> winrm qc
WinRM service is already running on this machine.
WSManFault
    Message
        ProviderFault
            WSManFault
                Message = Unable to check the status of the firewall.

Error number:  -2147024894 0x80070002
The system cannot find the file specified.
PS C:\Users\dbondare>

Select allOpen in new window

As you can see - it is still reporting the same error.

PS. Btw, FW rules for PS I added yesterday. So, I think "netsh firewall add portopening TCP 5985 "Windows Remote Management"" command is not required.
I think the problem could be that "WinRM QC" is not able to validate FW status. So, all the FW rules already exists.
That could be a bug in "WinRM QC". Only the question - if possible to workaround it somehow?

First you did not run the command I posted in the last comment, your command output indicates that. Second I pasted a link on how to manually configure winrm if you are having issues with quick config.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa384372(v=vs.85).aspx

That is because the "netsh advfirewall firewall" command seems not exists on Win 7.

It reports:

D:\>netsh advfirewall f
irewall add portopening TCP 5985 "Windows Remote Management"
The following command was not found: advfirewall firewall add portopening TCP 59
85 "Windows Remote Management".

Select allOpen in new window

I am providing a link to a fw troubleshooting tool.  

http://www.pcwintech.com/shanes-toolbox

Let me know the results.  This points to your firewall as being the issue however with the service running you should be able to connect to other servers even if the fw is disabled once the service is running.

Ok. I did run a "Detect Firewals" tool, it shown me following:

Scanning...
Date: 31.08.2013 Time: 18:07:55
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Done, Scan Complete.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Select allOpen in new window

So, it shows nothing.

When I checkmark "Show Microsoft Services" it shows following:

Scanning...
Date: 31.08.2013 Time: 18:05:18
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Dhcp
--Description: @%SystemRoot%\system32\dhcpcore.dll,-101
--DisplayName: @%SystemRoot%\system32\dhcpcore.dll,-100
--ImagePath: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Dnscache
--Description: @%SystemRoot%\System32\dnsapi.dll,-102
--DisplayName: @%SystemRoot%\System32\dnsapi.dll,-101
--ImagePath: C:\Windows\system32\svchost.exe -k NetworkService
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dot3svc
--Description: @%systemroot%\system32\dot3svc.dll,-1103
--DisplayName: @%systemroot%\system32\dot3svc.dll,-1102
--ImagePath: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lmhosts
--Description: @%SystemRoot%\system32\lmhsvc.dll,-102
--DisplayName: @%SystemRoot%\system32\lmhsvc.dll,-101
--ImagePath: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RasAcd
--Description: Remote Access Auto Connection Driver
--DisplayName: Remote Access Auto Connection Driver
--ImagePath: System32\DRIVERS\rasacd.sys
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Wlansvc
--Description: @%SystemRoot%\System32\wlansvc.dll,-258
--DisplayName: @%SystemRoot%\System32\wlansvc.dll,-257
--ImagePath: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WwanSvc
--Description: @%SystemRoot%\System32\wwansvc.dll,-258
--DisplayName: @%SystemRoot%\System32\wwansvc.dll,-257
--ImagePath: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Done, Scan Complete.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''

Select allOpen in new window

And what then? Do you see anything interesting here?
I seems not.

Can you tell me the status of the following service:
MpsSvc  


I will look at what we have looked at so far to help to isolate the issue.

Status of MpsSvc service is "Running".

I knew what MpsSvc service - that is Firewall. That service was never disabled on my PC.
So, it was enabled and running from beginning of my attempts to enable PS on my PC.

Let's look at what we have looked at:
validated winrm is configured
validated http listener is configured
applied firewall rule to allow the listener
verified the state of the firewall service.

Do you know what GPO is applied on your computer ?

Can you take a look at the GPO for your computer / user object and verify if there is a defined GPO blocking you from completing winrm configuration ?

As I could see in the Local Group Policy Editor -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Remote Management (WinRM) -> all items inside "WinRM Client" and "WinRM Server" are marked as "Not configured".
So, GPO is not defining any restriction to WinRM.

Can you recommend - what also to check in GPO which could be related to this issue?

I take it from your response you do not inherit any GPO setting from AD and the only group policy settings expected are local policy ?

Not sure.
My computer is in domain and of course - it is controlled by domain GPO.
But I'm not sure how to see what is the current domain-defined GPO.

I did think Local Group Policy Editor is showing it. So, I thought that AD GPO is way to change local GPO and there is no separate entity called AD GPO locally. Am I mistaken with it?

I selected some of the most informative comments.