WinRM (Windows Remote Management) – Service starts and immediately stops with Event error code 14.

WinRM (Windows Remote Management) – Service starts and immediately stops with Event error code 14.

Normally its an easy task to configure Windows Remote Mangement (WinRM) on a Windows 10 client. It can be done manually or with Group Policy settings, I’ll always prefer to use GPO if possible.

Working with a big enterprise customer I experience that a simpel task like starting the WinRM service on a Windows 10 client did´t work and would take several days to troubleshoot on….. But nevertheless that was the reality I was facing within a big infrastructure environment with thousands of Windows 10 clients in production.

In our pilot environment that was identical to the production environment regarding OU structure and Group Policy that was applied towards the Windows 10 client, I noticed that the WinRM service in the production environment could not start, but this was working in pilot
environment and was testet OK?!?. I began to double check both environments to compare them and although WinRM settings was configured exactly the same in both enviroments, the service still only started and worked in pilot.

All policy was applied, all settings regarding WinRM in registry was applied successfully including inbound firewall rules etc. I could not find any misconfiguration or others thing that indicates that this FUC…. service was prevented from starting, where was the deviation?!.

There was no deviation…. after 4-5 days of troubleshooting and lots of test hours I finally was able to get WinRM service started on a production client. WUHU!

How did I get this service started?

I took a dive into the registry setting on a non working client regarding WinRM settings: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM

I could see that the GPO “Allow remote server mangement through WinRM” was applied in registry with only IPv4 filter * applied and the IPv6 filter data value was empty, as expected. (Only IPv4 based commnucation is allowed and used in this environment). I now modified directly in the registry setting with a * in the IPv6 Filter also and then I was able to start the WinRM service instantly!. Mind-blowing, what!!!

But why is this service suddenly working when IPv6 filter being activated? Well my guess is that the GPO policy setting regarding “Allow remote server mangement through WinRM” Isn’t applied 100% successfully to clients in the production OU for some reason and therefore the service or configuration is “corrupted”.

Whats the next step then?

Well I tried to make a new GPO with only the setting “Allow remote server mangement through WinRM” enabled and still only the IPv4 filter * activated and was able to apply it to a couple of clients in the production environment (Group management security filter) and the service started. Again – the original GPO WinRM settings must have been corrupted in the apply phase, although all settings are presented 100%
successfully on the client. 🙂

To be 100% sure that the service will stay up after restarts etc. consider to make IPv6 filter * or a specified IP range activated. You can find the policy here:

Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Services.

So the conclusion is:

Disabled and re-enabled the original WinRM settings “Allow remote server mangement through WinRM” and see if that’s enough to start the service or try include IPv6 filter * or IP range in the policy, or make a new dedicated GPO to the WinRM settings.

In general you can find many blog post about configuring the WinRM Service and client with GPO settings.

Here is an official white paper on how to configure.

https://docs.microsoft.com/en-us/windows/desktop/winrm/installation-and-configuration-for-windows-remote-management


Leave a Reply

Your email address will not be published. Required fields are marked *