Troubleshooting

This section provides information about troubleshooting this release. It contains the following topics:

Tip

 For more information about known issues, see Issues-tables.

WinRM configuration 

You can use one of the following commands to configure the WinRM:

Note

If you are logged in on a non-Administrator account, you must either right-click the Command Prompt icon in the Start Menu and select Run as Administrator, or use the Runas command at the command prompt.

The winrm quickconfig command creates a firewall exception only for the current user profile. If the firewall profile is changed for any reason, you must run the winrm quickconfig command again to enable the firewall exception for the new profile.

WinRM automatically configures the ports that it uses. The port number might be different, depending on the version of WinRM that you install.

For WinRM 2.0 or later:

  • The default HTTP port used is 5985.
  • The default HTTPS port used is 5986.

The winrm quickconfig command also performs following tasks:

  • Starts the WinRM service.
  • Sets the WinRM service type to auto start.
  • Creates a listener to accept requests on any IP address.
  • Enables a firewall exception for WS-Management traffic (HTTP only).

Note

During WinRM configuration, on machines with User Access Control (UAC) enabled, ensure that LocalAccountTokenFilterPolicy is configured to grant administrative rights remotely to local users. If you do not configure this during WinRM configuration, then you need to manually add the LocalAccountTokenFilterPolicy registry key.

To add the LocalAccountTokenFilterPolicy registry key manually:
  1. Click Start, click Run, type regedit, and press ENTER.
  2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  3. If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:
    1. On the Edit menu, point to New, and click DWORD Value.
    2. Type LocalAccountTokenFilterPolicy, and press ENTER.
  4. Right-click LocalAccountTokenFilterPolicy, and click Modify.
  5. In the Value data box, type 1, and click OK.
  6. Exit Registry Editor.

Tip

  • If WinRM reports that it is unable to verify the status of the firewall, start the firewall service and run the winrm quickconfig command again. You can stop the firewall service after configuring WinRM, if desired.
  • If WinRM reports that it is unable to create a WinRM listener on HTTPS because the WinRM Server does not have a valid SSL certificate, check whether the SSL certificate is valid and ensure that it meets all requirements.

For an SSL certificate to be valid, its CN value must match the host name, it must not be expired, revoked, or self-signed, and it should be valid for server authentication.

Viewing WinRM configuration 

You can use the following commands to view the WinRM configuration details:

  • For the WinRM configuration:
    winrm get winrm/config
  • For the WinRM Client configuration:
    winrm get winrm/config/client
  • For the WinRM Server configuration:
    winrm get winrm/config/service
  • For Winrs configuration:
    winrm get winrm/config/winrs
  • For listener information:
    winrm enumerate winrm/config/listener
  • For the WinRM version details:
    winrm id

Verifying WinRM connection for a remote host 

You can use the following commands to verify the WinRM connection with a remote host.

  • To verify a remote host connection via HTTP or HTTPS using a domain account:
    • winrm id -r:http://<hostname>:<port> -u:<domain\username> -p:<password>
    • winrm id -r:https://<hostname>:<port> -u:<domain\username> -p:<password>

      OR
    • winrs -r:http://<hostname>:<port> -u:<domain\username> -p:<password><sys_command>
    • winrs -r:https://<hostname>:<port> -u:<domain\username> -p:<password><sys_command>

  • To verify a remote host connection via HTTP or HTTPS using a local account:

    • winrm id -r:http://<hostname>:<port> -u:<username> -p:<password>
    • winrm id -r:https://<hostname>:<port> -u:<username> -p:<password>

      OR
    • winrs -r:http://<hostname>:<port> -u:<username> -p:<password> <sys_command>
    • winrs -r:https://<hostname>:<port> -u:<username> -p:<password> <sys_command>

    Note

    <sys_command> refers to any Microsoft Windows operating system command, such as DIR or SYSTEMINFO.

Data collection issues with published applications

For issues in data collection for published applications (BTK_APPLICATION application class) perform the following:

  • Check whether "Citrix Independent Management Architecture" service is running on the XenApp Server used for monitoring the farm.
  • Connect to the XenApp farm using Citrix AppCentre. Select the farm from left navigation tree. Click Users tab to see if all active user sessions are listed correctly. In case of issues while viewing the user sessions in AppCenter, PATROL data collection could also be impacted. Please contact Citrix Support to resolve this issue. To know the exact PATROL error please activate /BTK_FARM/_CollectionStatus parameter.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*