Tuesday, June 26, 2012

WinRM QuickConfig failing with 0x8033809D

There are a few posts out there on this that point to a few different things on this error while running winrm qc.

 PS C:\Users\administrator> winrm quickconfig
WinRM already is set up to receive requests on this machine.
    Message = WinRM cannot process the request. The following error occured while using Negotiate authentication: An unknown security error occurred.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config.

Error number:  -2144108387 0x8033809D
An unknown security error occurred.

Keep in mind what you are doing, opening WinRM via HTTP/HTTPS.  Check what your server is configured for (80 or 443, or both) and review the SPN's, and add what is needed.

To review (read only)
setspn.exe -L MACHINENAME

Review the results for HTTP/HTTPS entries (or any duplicates as well)

 Add missing names:
setspn -A HTTP/machinename
setspn -A HTTP/machinename.fqdn.com
setspn -A HTTPS/machinename
setspn -A HTTPS/machinename.fqdn.com

They reattempt your quickconfig.


manyrootsofallevil said...

In order to add an spn you need to do this:

setspn -A HTTP/servername servername

or even better:

setspn -D HTTP/servername servername

Kiquenet said...