In order to communicate with SCCM, we are using a WinRM, which is the implantation of another protocol called WS-Management. We need to make sure that they are functioning, and we are able to utilize them for the sync to work.

  1. We need to make sure that the IP and Port that are configured in our UI can reach the SCCM. (default port is 5985 / or 5986 via SSL). We are adding this test to the UI, until then, ask 1 of us if network connectivity is OK. – Done.

2. On the SCCM, the most basic thing is that we have WS running. Please run the test (Test-WSMan). This example shows that is running.

3. Next, we want to see that WinRM is running, by running: winrm e winrm/config/listener

Here we need to check three things: the Port matches what we configured in the UI, that the ListeningOn containg the IP address configured in Vulcan or (which means everyone), and enabled = True.

4. We also want to check that the local firewall is not blocking the connection on the server itself: Get-NetFirewallRule WINRM-HTTP-In-TCP

5. Credntials wise, make sure that the username is in the following formats:

Domainname\user – for domain computers

computername\user – for workstation computers
.\user – for workstation computers

6. Verify that the user has the correct permissions:

On the windows server – Has to be in the domain users group + and remote desktop users

On the SCCM - Full Administration to the Domain group which the user is part of

7. validate that on the SCCM server, the following configs are met (in order to connect remotely using winrm

WinRM should be allowed to us run over http. On the cmd in SCCM run:

winrm set winrm/config/service '@{AllowUnencrypted="true"}'

8. WinRM should allow basic authentaction. From Powershell on the SCCM run:

winrm set winrm/config/service/auth '@{Basic="true"}'

9. For the user that we are connecting with, should have read + execute permission. On the SCCM run:

Winrm configSDDL default

Did this answer your question?