When attempting to run a Remote Assessment on a Domain Joined target I am unable to make a successful WinRM connection over HTTPS.

Owned by
Amanda McGown
, created
Last updated: Jun 04, 2021 by
Chris Boldiston
2 min read

Product Name

CIS-CAT Pro Assessor and CIS-CATY Pro Dashboard

Product Version

all

Date

May 18, 2021

 

Problem

I have followed the Knowledge Base articles below about establishing a remote WinRM connection to my Target device but it is still failing to connect.

 

Solution

If you are still unable to make the connection over HTTPS but HTTP works and your computer is in an Active Directory - GPOs may be conflicting with your ability to make a remote connection from Host to Target.

  1. Run the following Elevated PowerShell command

    PS> Winrm get http://schemas.microsoft.com/wbem/wsman/1/config

  2. Review the content of the Command Line output for any mention of GPO, or any settings which do not match the output of the following Winrm get response

  3. The easiest way to locate a GPO which may be blocking HTTPS WinRM access is to move the Target device into a test OU free from all existing GPOs your Organization has in place.

 

  • On the left is the output from a non-domain joined Windows machine which is able to connect to WinRM over HTTPS.

  • On the right is the output from a domain joined Windows Computer which cannot connect to WinRM over HTTPS due to GPO settings

 

Please carefully review the articles below for help with WinRM troubleshooting.

Keywords; WinRM GPO Remote Assessment

Content by Label

Copyright © 2020

Center for Internet Security®