Home / user-286207

Anton Krouglov's questions

Martin Hope
Anton Krouglov
Asked: 2020-04-29 09:51:52 +0800 CST
  • 0

I have a weird situation. My Win 2016 servers were ruined by AD group polices.

IIS 10 have started to throw 403 error after automatic AD group policy update at the moment X. Beforehand remote party called us with no problems via https with client certificates.

I have a backup before the moment X and after the moment X, but I cannot pinpoint the setting that was changed by AD GP.

I have a setup paper with all settings needed to setup our web service from scratch. I have checked them all against victim servers. Nothing changed. At every level Anonymous Auth is enabled and SSL Settings->Client certificates->Accept.

Our admins swear they have changed nothing. IIS logs show nothing after moment X.

Any ideas where to look at? Registry? Metabase?

Exact error returned to the caller as per SOAP e2e trace logs:

The HTTP request was forbidden with client authentication scheme 'Anonymous'.[The remote server returned an error: (403) Forbidden.]
group-policy active-directory iis soap
Martin Hope
Anton Krouglov
Asked: 2016-10-14 07:48:58 +0800 CST
  • 7

Today I have been totally defeated by this infamous 2012R2 error:

Server Manager could not start the task due to the following error: Failed to open the runspace pool. The Server Manager WinRM plug-in might be corrupted or missing.

I have repeatedly tried each of the solutions proposed here, here and here.

No luck. There is no single error in the event log. Of cause I can add-remove roles with Powershell or completely wipe this machine. Still I am looking for the normal solution to this simple problem.

Further testing have shown that my bug is repeatable. I have tested on virgin default fully updated Windows Server 2012 R2 Standard installation and was able to reproduce it. Problems start after this statement:

winrm invoke Restore http://schemas.microsoft.com/wbem/wsman/1/config/plugin @{}

Full details are below. Any ideas?

After domain controller upgrade from win2008 R2 to 2012R2 everything worked flawlessly.
[dcdiag /fix /q] showed nothing apart the error below. 
Error happened in a few hours after upgrade (not immediately):
  Source:        Microsoft-Windows-WinRM
  Event ID:      10155
  Level:         Error
  Description:
  The WSMan service failed to read configuration of the following plugin: 
   Microsoft.ServerManager. 

  The error received was -2144108144: %%-2144108144 
   The WS-Management service cannot process the request. Configuration for plugin: "Microsoft.ServerManager" is corrupted. This plugin needs to be reconfigured or deleted. Use the following command to delete a plugin configuration 

   winrm delete http://schemas.microsoft.com/wbem/wsman/1/config/plugin?Name=xyz 

   Or use the following command to restore default plugin configuration.  Note that all external plugins will be unregistered during this restore operation. 

   winrm invoke Restore http://schemas.microsoft.com/wbem/wsman/1/config/plugin @{}.

   User Action 
   Make sure this plugin configuration is valid.

I have run in the CMD window:
  winrm invoke Restore http://schemas.microsoft.com/wbem/wsman/1/config/plugin @{}

Then after server reboot Server Manager stopped working correctly with the error mentioned in the 1st paragraph.

Config and Windows details are below.

PS C:\> winrm quickconfig
WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.

PS C:\> winrm enumerate winrm/config/listener
Listener
    Address = *
    Transport = HTTP
    Port = 5985
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = 127.0.0.1, 192.168.30.6, ::1

PS C:\> (Get-WmiObject -class Win32_OperatingSystem).Caption
Microsoft Windows Server 2012 R2 Datacenter

PS C:\> [System.Environment]::OSVersion.Version
Major         : 6
Minor         : 3
Build         : 9600
Revision      : 0
MajorRevision : 0
MinorRevision : 0
winrm windows-server-2012