We recently acquired a brand new and very powerful server at my company. Its purpose is to act as a host for a very large virtual environment. In getting it prepared for use, I wanted to be able to set it up so many or all of its functions could be administered remotely.

I design, implement, and manage software systems for a living; however, I feel it is important for good developers to engage in more traditional IT-tasks every once in awhile, such as setting up a complicated server and hosting environment. All good engineers or developers should be able to do these things, and it is illuminating for us in terms of knowing what is and is not beneficial for our customers. Simply put, it translates to better software.

Attempting to Connect…

The main administrative interface on Windows 2008 is the Server Manager. Normally, this interface is something you would only see if you are using the server locally, or if you have a RDP session going. I thought it would be neat if one could access this utility from a remote workstation; remote access would allow us to forego the additional and cumbersome step of having to establish a Remote Desktop session to the machine.

The Remote Server Administration Tools for Windows 7 installs a variety of utilities to your workstation, including a Server Manager capable of remotely connecting to a Windows 2008 server.

The reason why I’m writing an article about this, is because it is an utter pain in the ass to get working. I quickly became aware of some very common solutions to issues experienced in remotely connecting a Server Manager session, however none of these solutions worked for me (they were all obvious ones that were too often repeated). I bet a lot of them won’t work for you either. Since I was working off of a normal Windows 2008 machine and normal Windows 7 machine, I can’t help but imagine these issues would probably occur for any and all attempting to do this.

When starting the Server Manager, it would ask me to identify the server I wanted to connect to. After doing so, a message that would become all too familiar was displayed:

As you can see, I’m trying to connect to a machine that can be reached by using the FQDN “valid.address.com”. As it should hopefully be obvious to you, in this example I’m having an issue connecting to a real machine using the correct address for that machine.

The Solution

There are a plethora of reasons as to why a connection will fail when attempting to use the Server Manager remotely. If you Google this error message, you will get a billion pages of people complaining about this, and you will see a billion replies sourcing the exact same material which provides some stock solutions found here.

These solutions did not do the trick for me. From what I saw out there on the Internet, it appeared that the issue remained unsolved for most of the people complaining as well.

You are probably familiar with the “Enable remote management of this server from other computers” option found on the Window 2008′s local server manager. While it is great that they provide an option for this, I found that it simply does not do everything that must be done in order to allow for remote access.

I could not find this mentioned ANYWHERE (be it from Microsoft’s official documentation, or third-party support), but things did not start working for me until I installed the WinRM IIS Extension feature on the server. I consider the installing of this feature to be the critical step that ultimately allowed me to use Server Manager remotely.

An Updated Solution

While I was attempting to get the remote Server Manager to work, I made a large number of attempts to fix it; Unfortunately, I can’t exactly say for sure if the installation of the WinRM IIS Extension feature is what did the trick. I have heard of people getting remote Server Manager to work without needing to do this (if I interpreted their words correctly). It may have just been a coincidence.

Another important thing that you’ll want to check is if the Server Manager is making a connection to the correct port. You’ll want the Windows Server 2008 machine’s WinRM listener to be listening on the same port as the client’s WinRM client defaults to. Try out the following and see if it helps.

On the Server

Execute the following in an elevated command prompt:

    winrm enum winrm/config/listener

The above command will output something similar to the following:

    Listener
        Address = *
        Transport = HTTP
        Port = 80
        Hostname
        Enabled = true
        URLPrefix = wsman
        CertificateThumbprint
        ListeningOn = 10.1.10.105, 127.0.0.1

Ok, looks like my listener is using the HTTP protocol on port 80. I have seen it default to something other 80, probably due to other web sites hogging the port; regardless of the port, all we need to do is ensure the client is using this port.

On the Client

Execute the following in an elevated command prompt:

    winrm get winrm/config/client

The above command might output something similar to the following:

    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = false
        Auth
            Basic = true
            Digest = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = false
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts = remote.host.com

Hmm, that’s strange: this machine’s WinRM client is defaulting to port 5985 when using HTTP. That certainly isn’t going to work. We need to change the default port to 80. To do this, you can execute the following:

    winrm set winrm/config/client/DefaultPorts @{HTTP="80"}

Yes, a truly inspirational configuration interface!