1. Joined : Aug 2016
    Posts : 6
    Windows 10
       4 Weeks Ago #1

    What's WinRM?


    I have recently found out that I have a bunch of Windows Remote Management entries in my Event Viewer which can be found by this path:
    Event Viewer> Application and Service Logs>Microsoft>Windows>Windows Remote Management>Operational


    I don't remember configuring/enabling such a thing. What does it actually do? I've tried googling for it but found no good information.


    Here is how the events look like

    Click image for larger version. 

Name:	fe0ef4c4c1.png 
Views:	10 
Size:	28.0 KB 
ID:	109236
      My System SpecsSystem Spec

  2.    4 Weeks Ago #2

    It's a windows remote management protocol, as documented on TechNet: Windows Remote Management (Windows). Different applications use it for a variety of purposes; from what I see in your event log, some kind of scripting interface related to remote management (WSMan API call) is generating these events and their responses from your OS. There's a discussion on how to set up a remote management listener (Setting Up Security Event Log Subscriptions with Windows Server 2003/2008 Premier Field Engineering) that seems to indicate it's likely a server-based process or service of some kind behind it all. I'm in a workgroup only environment and I find no Windows Remote Management events in my event log.
    HTH,
    --Ed--
      My System SpecsSystem Spec


  3. Joined : Aug 2016
    Posts : 6
    Windows 10
       4 Weeks Ago #3

    EdTittel said: View Post
    It's a windows remote management protocol, as documented on TechNet: Windows Remote Management (Windows). Different applications use it for a variety of purposes; from what I see in your event log, some kind of scripting interface related to remote management (WSMan API call) is generating these events and their responses from your OS. There's a discussion on how to set up a remote management listener (Setting Up Security Event Log Subscriptions with Windows Server 2003/2008 Premier Field Engineering) that seems to indicate it's likely a server-based process or service of some kind behind it all. I'm in a workgroup only environment and I find no Windows Remote Management events in my event log.
    HTH,
    --Ed--
    Thank you very much for your response Ed.

    Is there any way to find out what could be the culprit of these entries? They seem to occur almost daily at random times.

    There are 4 events which keep repeating over and over again:


    Event 145: WSMan operation Enumeration started with resourceUri http://schemas.microsoft.com/wbem/ws...onfig/listener
    Event 254: Activity Transfer
    Event 161: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".
    Event 142: WSMan operation Enumeration failed, error code 2150858770
      My System SpecsSystem Spec

  4.    4 Weeks Ago #4

    WBEM is web-based enterprise management. Chances are you've got some kind of management tool or agent running on your PC and it's making the WSMan calls. I found an MS answers post on this but no meaningful response from Microsoft: Windows 10 Windows Remote Management Event IDs 142 and 161 - Microsoft Community
    The URI specified in the 145 message also comes up as invalid/unreachable, so it looks like a pointer error.

    HTH,
    --Ed--
      My System SpecsSystem Spec


  5. Joined : Aug 2016
    Posts : 6
    Windows 10
       4 Weeks Ago #5

    EdTittel said: View Post
    WBEM is web-based enterprise management. Chances are you've got some kind of management tool or agent running on your PC and it's making the WSMan calls. I found an MS answers post on this but no meaningful response from Microsoft: Windows 10 Windows Remote Management Event IDs 142 and 161 - Microsoft Community
    The URI specified in the 145 message also comes up as invalid/unreachable, so it looks like a pointer error.

    HTH,
    --Ed--
    So I am not the only one with this weird issue... Thank you Ed for finding this. I guess it's some sort of a Microsoft bug
      My System SpecsSystem Spec

  6.    4 Weeks Ago #6

    No, no, it's not a BUG: it's a FEATURE!
    --Ed--
      My System SpecsSystem Spec


 

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:06.
Find Us
Twitter Facebook Google+



Windows 10 Forums