Avatar of Dmitry_Bond
Dmitry_BondFlag for Ukraine asked on

WinRM QuickConfig fail with Error number -2147024894 0x80070002 The system cannot find the file specified

Hi.

Trying to configure PS-Remoting for PowerShell on my Windows 7 x64 computer. But it always fails with following message:
D:\>winRm quickConfig
WinRM service is already running on this machine.
WSManFault
    Message
        ProviderFault
            WSManFault
                Message = Unable to check the status of the firewall.

Error number:  -2147024894 0x80070002
The system cannot find the file specified.

Open in new window


I had tried lot of options but it is still reporting the same error.

Any ideas how to fix that?

Thank you in advance,
Dmitry.
Windows 7

Avatar of undefined
Last Comment
Dmitry_Bond

8/22/2022 - Mon
becraig

Try the below:


sc config WinRM start= delayed-auto
net start WinRM
winrm create winrm/config/listener?Address=*+Transport=HTTP
netsh firewall add portopening TCP 80 "Windows Remote Management"

The final line opens the fw for winrm

Ensure you run this as administrator
ASKER
Dmitry_Bond

Tried. Not helped.
Log is enclosed.
winrm.log
becraig

This will resolve it for you

http://www.minasi.com/newsletters/nws1304.htm
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER
Dmitry_Bond

Sorry. But for sure you mistaken!
You had read only couple of lines in the log and started to think that you know what is the problem is but that is not true.

Please see carefully - I had run there a "powershell .\fixNetwork.ps1" command which changed the "Public" network to "Work network".

And then I had run the "winrm qc" again, this time it was reported the error I stuck with - "Message = Unable to check the status of the firewall. Error number:  -2147024894 0x80070002. The system cannot find the file specified."

Only this error is the problem. The other message about Public network is not a problem at all. I'm able to solve that using the .\fixNetwork.ps1 script.

Do you have any idea how to solve the problem with the last error message in a log?
becraig

I am not sure what your fix network ps1 does it would help posting that so I could have a better idea of the actions.

I posted the solutions for changing the network type since the exception is firewall related due to network state. If your script changes the network state, please enable then disable your firewall and try again.  It is also worth it to run the firewall rule addition after you have changed your network setting.  

Run your fix network script verify your firewall is enabled then disabled run winrm qc   If you experience any errors restart the firewall then add the rule and run quick config again.
ASKER
Dmitry_Bond

Ok.
Restarted a firewall service (run "restart-service MpsSvc" in PS).
Tried "winrm qc" again - got exactly the same error again.

Changed FW to ON, restarted FW again.
Tried "winrm qc" again - got exactly the same error again.

Please note: I can only control FW for "Home" and "Public" networks. I cannot control FW for "Domain" network because it is controlled by domain policy. FW for "Domain" network is always OFF. So, FW for "Domain" network is disabled in Windows GUI and there is a message "For your security some settings are managed by your system administrator".

Any more ideas?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
becraig

What was the output from the command to add the firewall rule after updating network profile ? I did not see that in your comments ?
becraig

Also here is some helpful information to help you understand what is being done and why. There are manual options to enable if you have group policy overrides which seem to be the case here.  
Note  The winrm quickconfig command creates a firewall exception only for the current user profile. If the firewall profile is changed for any reason, winrm quickconfig should be run to enable the firewall exception for the new profile; otherwise, the exception might not be enabled.


Give the link below a careful read before proceeding, most if not all your questions should be answered.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa384372(v=vs.85).aspx
ASKER
Dmitry_Bond

>> What was the output from the command to add the firewall rule
>> after updating network profile ? I did not see that in your comments ?

Please see the original log file I had posted - the command which is adding FW rule is always generates exactly the same output despite of any type of network profile.

But specially for you I just redone the same, please see the new log enclosed.
winrm2.log
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
becraig

Ok so you need to run the following


For Windows Server 2008 with Winrm 1.1
netsh advfirewall firewall add portopening TCP 80 "Windows Remote Management"

For Windows Server 2008 R2 with Winrm 2.0
netsh advfirewall firewall add portopening TCP 5985 "Windows Remote Management"
ASKER
Dmitry_Bond

What about Windows 7 ?
As you can see - I mentioned that I need that on Windows 7.

Note: I just tried to run commands:
PS C:\> netsh firewall add portopening TCP 5985 "Windows Remote Management"

IMPORTANT: "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .


PS C:\> Restart-Service MpsSvc
PS C:\> winrm qc
WinRM service is already running on this machine.
WSManFault
    Message
        ProviderFault
            WSManFault
                Message = Unable to check the status of the firewall.

Error number:  -2147024894 0x80070002
The system cannot find the file specified.
PS C:\Users\dbondare>

Open in new window


As you can see - it is still reporting the same error.

PS. Btw, FW rules for PS I added yesterday. So, I think "netsh firewall add portopening TCP 5985 "Windows Remote Management"" command is not required.
I think the problem could be that "WinRM QC" is not able to validate FW status. So, all the FW rules already exists.
That could be a bug in "WinRM QC". Only the question - if possible to workaround it somehow?
becraig

First you did not run the command I posted in the last comment, your command output indicates that. Second I pasted a link on how to manually configure winrm if you are having issues with quick config.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa384372(v=vs.85).aspx
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Dmitry_Bond

That is because the "netsh advfirewall firewall" command seems not exists on Win 7.

It reports:

D:\>netsh advfirewall f
irewall add portopening TCP 5985 "Windows Remote Management"
The following command was not found: advfirewall firewall add portopening TCP 59
85 "Windows Remote Management".

Open in new window

becraig

I am providing a link to a fw troubleshooting tool.  

http://www.pcwintech.com/shanes-toolbox

Let me know the results.  This points to your firewall as being the issue however with the service running you should be able to connect to other servers even if the fw is disabled once the service is running.
ASKER
Dmitry_Bond

Ok. I did run a "Detect Firewals" tool, it shown me following:
Scanning...
Date: 31.08.2013 Time: 18:07:55
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Done, Scan Complete.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Open in new window


So, it shows nothing.

When I checkmark "Show Microsoft Services" it shows following:
Scanning...
Date: 31.08.2013 Time: 18:05:18
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Dhcp
--Description: @%SystemRoot%\system32\dhcpcore.dll,-101
--DisplayName: @%SystemRoot%\system32\dhcpcore.dll,-100
--ImagePath: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Dnscache
--Description: @%SystemRoot%\System32\dnsapi.dll,-102
--DisplayName: @%SystemRoot%\System32\dnsapi.dll,-101
--ImagePath: C:\Windows\system32\svchost.exe -k NetworkService
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dot3svc
--Description: @%systemroot%\system32\dot3svc.dll,-1103
--DisplayName: @%systemroot%\system32\dot3svc.dll,-1102
--ImagePath: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lmhosts
--Description: @%SystemRoot%\system32\lmhsvc.dll,-102
--DisplayName: @%SystemRoot%\system32\lmhsvc.dll,-101
--ImagePath: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RasAcd
--Description: Remote Access Auto Connection Driver
--DisplayName: Remote Access Auto Connection Driver
--ImagePath: System32\DRIVERS\rasacd.sys
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Wlansvc
--Description: @%SystemRoot%\System32\wlansvc.dll,-258
--DisplayName: @%SystemRoot%\System32\wlansvc.dll,-257
--ImagePath: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WwanSvc
--Description: @%SystemRoot%\System32\wwansvc.dll,-258
--DisplayName: @%SystemRoot%\System32\wwansvc.dll,-257
--ImagePath: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Done, Scan Complete.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''

Open in new window


And what then? Do you see anything interesting here?
I seems not.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
becraig

Can you tell me the status of the following service:
MpsSvc  


I will look at what we have looked at so far to help to isolate the issue.
ASKER
Dmitry_Bond

Status of MpsSvc service is "Running".

I knew what MpsSvc service - that is Firewall. That service was never disabled on my PC.
So, it was enabled and running from beginning of my attempts to enable PS on my PC.
becraig

Let's look at what we have looked at:
validated winrm is configured
validated http listener is configured
applied firewall rule to allow the listener
verified the state of the firewall service.

Do you know what GPO is applied on your computer ?

Can you take a look at the GPO for your computer / user object and verify if there is a defined GPO blocking you from completing winrm configuration ?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Dmitry_Bond

As I could see in the Local Group Policy Editor -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Remote Management (WinRM) -> all items inside "WinRM Client" and "WinRM Server" are marked as "Not configured".
So, GPO is not defining any restriction to WinRM.

Can you recommend - what also to check in GPO which could be related to this issue?
becraig

I take it from your response you do not inherit any GPO setting from AD and the only group policy settings expected are local policy ?
ASKER
Dmitry_Bond

Not sure.
My computer is in domain and of course - it is controlled by domain GPO.
But I'm not sure how to see what is the current domain-defined GPO.

I did think Local Group Policy Editor is showing it. So, I thought that AD GPO is way to change local GPO and there is no separate entity called AD GPO locally. Am I mistaken with it?
Your help has saved me hundreds of hours of internet surfing.
fblack61
SOLUTION
Dmitry_Bond

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Dmitry_Bond

I selected some of the most informative comments.