No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionAccessR5C30 failed to add user to VM due to customer GPO blocked winrm service listening

Publication Date:  2017-05-09 Views:  532 Downloads:  0
Issue Description

Product: FusionAccessR5C30SPC100

Issue Description:

The customer created some full-copy VMs ,and the assigned them to multi users before, but one day when they try to add other users to the VM,it failed.

Alarm Information

The task failed with the alarm like below:

Handling Process

1: We checked the AD service status and the communication between ITA and AD, both are normal;

2:During the VM assignment process, ITA will communicate with the VM through winrm service, so we login the VM by VNC, and check the winrm service, it is running;

3:But when we run the command " netstat -aon|find "5985" ",the result is empty,this means the winrm service is not listening on the port 5985,so ITA will fail to communicate with the VM through winrm,and the assignment task will fail.

4:Manually create the winrm listener by the command "winrm quickconfig",then the issue can be resolved.

Root Cause

1: The direct root cause is the winrm service was not listening on the port 5985,but this shouldn't happen internally with the user VM, also the customer feedback they didn't face any issue before ,so there must be something changed in the environment.

2: We ask the customer what has been changed for these VMs which facing the assignment issue, the customer feedback the OU had been changed.

3:We collect the GPO details of two VMs,one VM in the old OU without the assignment issue, another VM in the new OU with the assignment issue happening.

Then we find there is difference:

For the VM in the old OU without the assignment issue, there are many denied GPOs as below screenshot:

But for the VM in the new OU with the assignment issue happening, there is no denied GPOs:

4:It means there is some GPO blocked the winrm listener in the new OU ,so the VM assignment task failed.

5:Then we ask the customer to move the VM from new OU back to the old OU or deny the same GPOs as old OU, the issue resolved.

Solution

Manually create the winrm listener by the command "winrm quickconfig", or ask the customer to deny the GPO which will block the winrm service listener .

Suggestions

For VM provisioning or assignment issue, must make sure the winrm service is running properly.

END