Collecting WinRM Traces

This blog entry explains how to collect WinRM ETW and WPP traces: WinRM ETW Traces: You can use EventViewer to look at WinRM ETW events: ·         They are under Application and Services Logs à Microsoft àWindowsàWindows Remote Management   Operational channel is enabled by default. Analytic needs to be enabled Use the following to show…

4

WinRM hosted in IIS fails to start with error 1300 in event log

WinRM is hosted within IIS by enabling the WinRM native module at a particular IIS site, app or a vdir. IIS sites and apps can be configured to run in a specific application pool. Each application pool runs under a specific user context. WinRM will fail to start when the user associated with the application pool does not have the required privileges….

5

WMI: Remote query for Win32_Product class results in ‘Generic Failure’ error (0x80041001)

Here’s an issue that some of our WMI enthusiasts have been seeing in the field. When remotely querying the Win32_Product class to determine what software is installed on a Windows XP or Windows Server 2003 system, a “Generic Failure” (0x80041001) error is returned. If the same query is run locally on the target system, it…

0

Let’s troubleshoot WMI (Part 1: Remoting and Security)

Starting point of a troubleshooting problem is usually an error code and the journey from the error code to the actual failing component might not always be an easy one. In this series, we’ll be taking a look at various WMI error codes and how to investigate and get to the root cause with a…

3