PS Remoting diagnostics

One of the very common problems is to find the root cause why your Powershell Remoting is now working as expected.

Below is a small tool that might shed some more light on this type of problem.

function Get-PSRemotingDiagnostics{
                                    <#
                                    .SYNOPSIS
                                    Presents WINRM diagnostic log data. 
                                    .DESCRIPTION
                                    Presents WINRM diagnostic log data. 
                                    .example
                                    PS C:\> Get-PSRemotingDiagnostics | Select-Object -First 10 | Format-Table

                                    TimeCreated         OpcodeDisplayName TaskDisplayName          User            Message
                                    -----------         ----------------- ---------------          ----            -------
                                    24.10.2018 10:57:40 Info              Winrm service start/stop NETWORK SERVICE The Winrm service started successfully
                                    24.10.2018 10:57:40 Start             Winrm service start/stop NETWORK SERVICE The Winrm service is starting
                                    24.10.2018 10:56:03 Stop              Response handling        SYSTEM          WSMan operation Enumeration failed, error code 2150858770
                                    24.10.2018 10:56:03 Info              User authentication      SYSTEM          The client cannot connect to the destination specified in the request. Verify that the
                                    24.10.2018 10:56:03 Info                                       SYSTEM          Activity Transfer
                                    24.10.2018 10:56:01 Start             WSMan API call           SYSTEM          WSMan operation Enumeration started with resourceUri http://schemas.microsoft.com/wbem/
                                    23.10.2018 16:19:38 Stop              Response handling        Szymon          WSMan operation Identify failed, error code 2150858770
                                    23.10.2018 16:19:38 Info              User authentication      Szymon          The client cannot connect to the destination specified in the request. Verify that the
                                    23.10.2018 16:19:38 Info                                       Szymon          Activity Transfer
                                    23.10.2018 16:19:36 Start             WSMan API call           Szymon          WSMan operation Identify started with resourceUri NotSpecified
                                    #>

                                    Get-WinEvent -LogName "*winrm*" | Select-Object TimeCreated, OpcodeDisplayName, TaskDisplayName ,@{n='User';e={ ([wmi]"root\cimv2:WIN32_SID.sid='$($_.userID)'").AccountName }}, Message
                                  }

Leave a Reply

Your email address will not be published. Required fields are marked *