In order to communicate with SCCM, we are using a WinRM, which is the implantation of another protocol called WS-Management. We need to make sure that they are functioning, and we are able to utilize them for the sync to work.

  1. We need to make sure that the IP and Port that are configured in our UI can reach the SCCM. (default port is 5985 / or 5986 via SSL). We are adding this test to the UI, until then, ask 1 of us if network connectivity is OK. – Done.

2. On the SCCM, the most basic thing is that we have WS running. Please run the test (Test-WSMan). This example shows that is running.

3. Next, we want to see that WinRM is running, by running: winrm e winrm/config/listener

Here we need to check three things: the Port matches what we configured in the UI, that the ListeningOn containg the IP address configured in Vulcan or (which means everyone), and enabled = True.

4. We also want to check that the local firewall is not blocking the connection on the server itself: Get-NetFirewallRule WINRM-HTTP-In-TCP

5. Credntials wise, make sure that the username is in the following formats:

Domainname\user – for domain computers

computername\user – for workstation computers
.\user – for workstation computers

6. Verify that the user has the correct permissions:

On the windows server – Has to be in the domain users group + and remote desktop users. During the debug phase - might be a good idea to add the user to the local administrators group - to make sure we don't have any more permission blocks for the user.

On the SCCM - Full Administration to the Domain group which the user is part of

7. validate that on the SCCM server, the following configs are met (in order to connect remotely using winrm

WinRM should be allowed to us run over http. On the cmd in SCCM run:

winrm set winrm/config/service '@{AllowUnencrypted="true"}'

8. WinRM should allow basic authentaction. From Powershell on the SCCM run:

winrm set winrm/config/service/auth '@{Basic="true"}'

9. For the user that we are connecting with, should have read + execute permission. On the SCCM run:

Winrm configSDDL default

10. We need to validate that the IP is not blocked in the server management:

  • From the menu tree, click Computer Configuration > Policies > Administrative Templates: Policy definitions > Windows Components > Windows Remote Management (WinRM) > WinRM Service.

  • Right-click on Allow remote server management through WinRM and click Edit.

  • Select Enabled to allow remote server management through WinRM.

  • Enter an asterisk (*) into each field.

  • Click OK.

11. Make sure that UAC is not blocking us - by trying to remove it completely:

  • Select Start > Control Panel.

  • Select User Accounts > Turn User Account Control on or off.

  • Deselect Use User Account Control (UAC) to help protect your computer and click OK.

  • Reboot the machine for changes to take effect.

Did this answer your question?