Solved

Windows Server 2012 - Accessing server manager remotely.

Posted on 2014-04-10
12
4,367 Views
Last Modified: 2014-05-01
Good afternoon,

I seem to be having some issues with being able to access Windows Server 2012 'Server Manager' remotely on other instances across our network.

Looking at the settings, it seems to be in place on the OS ie the RPC service is running on all the servers. I have tweaked with the network and can now get the server manager from a remote server to connect to another instance, downloading the status, but still getting Sync issues.

Does anyone know the TCP/UDP ports which are required to be open for this to work?

Thanks in advance for any help provided.
0
Comment
Question by:ccfcfc
  • 6
  • 5
12 Comments
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 39991257
sync issues?  are you referring to server manager not updating? or Active Directory Sync issues?
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39992111
Forgive me if you've already gone through this, but have you read:  http://technet.microsoft.com/en-us/library/hh831456.aspx

?
0
 

Author Comment

by:ccfcfc
ID: 39993710
Yeah, well ive now think Ive got the servers talking OK as they have the status now in server manager:

'Online- Verify WinRM 3.0 service is installed, running and required firewall ports are open'.

I know for certain the that Win RM service is running on each server (as theyre running the same image) and are set to 'started', and have opened the default port (tcp - 5985).

Something is making me believe, there is either a port missing on the firewall to allow-in, or something is not configured correctly?

thanks
0
 

Author Comment

by:ccfcfc
ID: 39998647
Has anyone got any ideas at all on how I can get this resolved please?
0
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 500 total points
ID: 39999155
If you are managing a remote computer from a computer that is running Windows 7, start the Windows Remote Management (WinRM) service to allow for the addition of trusted hosts. Open a Command Prompt session with elevated user rights by clicking Start, clicking All Programs, clicking Accessories, right-clicking Command Prompt, and then clicking Run as administrator. Type the following, and then press Enter: net start winrm
For remote connections in a Workgroup to Workgroup/Domain scenario, the remote computer must be added to the trusted hosts list on the source computer. To do this, run the following command on the source computer in a Command Prompt window that is opened with elevated user rights.
winrm set winrm/config/client @{TrustedHosts="RemoteComputerName"}

Per this:  http://technet.microsoft.com/en-us/library/dd759202.aspx

Although that's for 2008, try it on 2012 and see.
0
 

Author Comment

by:ccfcfc
ID: 39999315
I there, thank you for your email.

I keyed the recommended command into CMD (as administrator), as recommended, and still having the same issue. instead of using the hostname, I used the IP address of the device I would like to allow.

When keying in the command, I received the following response:

C:\Windows\system32>winrm set winrm/config/client @{TrustedHosts="IP_address"}
Client
    NetworkDelayms = 5000
    URLPrefix = wsman
    AllowUnencrypted = false
    Auth
        Basic = true
        Digest = true
        Kerberos = true
        Negotiate = true
        Certificate = true
        CredSSP = false
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    TrustedHosts = 10.25.5.8
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39999380
   DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    TrustedHosts = 10.25.5.8

Based on this, can you see if Windows Firewall (if it's on) is allowing these through, and if it's off then make sure your firewall/router on your network isn't blocking anything internal.
0
 

Author Comment

by:ccfcfc
ID: 40001176
Hi Brad,

thank you for your response.

I can confirm that Windows Firewall is turned 'off' using GPO across the domain. I have allowed 10.25.5.8 to talk to all servers across the network on the following TCP ports:
49152 - 65535
135
2535
5986
5985

Is there any other port I am missing does anyone know of?

Kind regards
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 40001617
but still getting Sync issues.

Can you elaborate on these?
0
 

Author Comment

by:ccfcfc
ID: 40003536
Brad,

Apologies, I am now able to get server manager to see remote servers as 'Online' but unable to do anything such as see any event logs, install features etc remotely.

I get the feeling there is a few more ports I may need to open? Or maybe there something I need to turn on each servers OS?

Thanks
0
 
LVL 17

Assisted Solution

by:Brad Bouchard
Brad Bouchard earned 500 total points
ID: 40004296
No worries.  I was able to find (after extensive searching) this link, which I feel may be the missing piece for us.  Give it a look and make sure you've fulfilled all requirements.

http://technet.microsoft.com/en-us/library/hh921475.aspx
0
 

Author Closing Comment

by:ccfcfc
ID: 40034051
Hi there, I think the issue might lie with the set up of WinRM.

Thank you for the diagnostic pages. They're were much appreciated.

thanks
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now