Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows Server 2012 R2 / The WinRM client received an HTTP bad request status (400)

September 21, 2018 Windows 10Windows Server 2012 R2

The WinRM client received an HTTP bad request status (400)

When configuring WinRM on servers in the Active Directory domain, I have faced a strange problem. After WinRM service is configured and enabled on the Windows server, and remote connection to it is allowed through Windows PowerShell Remoting, the following WinRM error appears in PowerShell console after the attempt of the remote connection to the server using Enter-PSSession lon-dc1 command:

PS C:\Windows\system32> Enter-PSSession lon-dc01

Enter-PSSession : Connecting to remote server lon-dc1 failed with the following error message : The WinRM client received an HTTP bad request status (400), but the remote service did not include any other information about the cause of the failure. For more information, see the about_Remote_Troubleshooting Help topic.

At line:1 char:1

+ Enter-PSSession lon-dc1

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : InvalidArgument: (lon-dc1 :String) [Enter-PSSession], PSRemotingTransportException

+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed

Also you can see the following error message:

The WinRM client cannot process the request. It cannot determine the content type of the HTTP response from the destination computer. The content type is absent or invalid.

The WinRM client received an HTTP bad request status (400), but the remote service did not include any other information about the cause of the failure

At the same time WinRM ports on the server (5985/HTTP, 5986/HTTPS) respond and accept connections. You can check the availability of WinRM TCP ports using PortQry tool or Test-NetConnection PowerShell cmdlet:

TNC lon-dc1 –port 5985

test winrm port TCP 5985 response

As it turned out, the problem was relatedted with the large size of Kerberos token of a user due to the user being a member of too many domain security groups. The error appears when the size of the token exceeds 16 KB (see the article Kerberos MaxTokenSize and Security Groups). In our case, it happens in the same way, WinRM server resets the request from a client, since the size of the authentication package header exceeds 16 KB. In the article on the link above we mentioned that the default HTTP header on IIS is no more than 16 KB, and in case of problems with HTTP authentication due to a large user token, it needs to be increased to 64 KB.

To fix the problem, you need to reduce the token size (reduce the number of security groups a user is a member of), and if it is not possible, change the values of the following DWORD parameters on the server registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters .

  • MaxFieldLength increase to 0000ffff (65535);
  • MaxRequestBytes increase to 0000ffff (65535).

http header MaxFieldLength

Now just restart your server and check your WinRM connection from the remote client using Enter-PSSession.

 

0 comment
0
Facebook Twitter Google + Pinterest
previous post
How to Install Hyper-V Role in Windows 10 VM under VMWare ESXi
next post
User Profile Disks on Windows Server 2012 R2 / 2016 RDS

Related Reading

Using PowerShell Behind a Proxy Server

July 1, 2022

How to Deploy Windows 10 (11) with PXE...

June 27, 2022

Checking Windows Activation Status on Active Directory Computers

June 27, 2022

Configuring Multiple VLAN Interfaces on Windows

June 24, 2022

How to Disable or Enable USB Drives in...

June 24, 2022

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows 7
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • PowerShell
  • VMWare
  • Hyper-V
  • MS Office

Recent Posts

  • Using PowerShell Behind a Proxy Server

    July 1, 2022
  • How to Access VMFS Datastore from Linux, Windows, or ESXi?

    July 1, 2022
  • How to Deploy Windows 10 (11) with PXE Network Boot?

    June 27, 2022
  • Checking Windows Activation Status on Active Directory Computers

    June 27, 2022
  • Configuring Multiple VLAN Interfaces on Windows

    June 24, 2022
  • How to Disable or Enable USB Drives in Windows using Group Policy?

    June 24, 2022
  • Adding Domain Users to the Local Administrators Group in Windows

    June 23, 2022
  • Viewing a Remote User’s Desktop Session with Shadow Mode in Windows

    June 23, 2022
  • How to Create a Wi-Fi Hotspot on your Windows PC?

    June 23, 2022
  • Configuring SSH Public Key Authentication on Windows

    June 15, 2022

Follow us

woshub.com

ad

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Booting Windows 7 / 10 from GPT Disk on BIOS (non-UEFI) systems
  • Error Code: 0x80070035 “The Network Path was not found” after Windows 10 Update
  • Removable USB Flash Drive as Local HDD in Windows 10 / 7
  • How to increase KMS current count (count is insufficient)
  • How to Disable UAC Prompt for Specific Applications in Windows 10?
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
  • Installing SFTP (SSH FTP) Server on Windows with OpenSSH
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top