We have 7 Terminal Servers, and for some reason, I can only use Invoke-Command on those two, when the domain administrator is logged on to the servers.
I will get this error, when I try to use Invoke-Command on them, when the domain administrator isn't logged on to them. The other 5 servers have no issue.
As soon as I log in with the remote administrator, it works flawlessly.
[RDH004] Connecting to remote server RDH004 failed with the following error message : The WSMan service could not launch a host process to process the given request. Make s
ure the WSMan provider host server and proxy are properly registered. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (RDH004:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : 2,PSSessionStateBroken
I did doublecheck if the service Windows Remote Management (WS-Management) was running. And I did create a GPO (Allow remote server management through WinRM) to allow remote connections.
Did the same thing, on all servers to attempt to enable it. All servers are a clone from the same template in ESXi. And all servers are running Windows Server 2016.
I've searched far and wide for solutions, but none of the solutions seem to be the same problem. Especially not, since it works if the server I'm trying to send a remote command to, has the domain administrator logged in.
The cause of this issue is due to the Windows User Account Control (UAC). The remote account must be a domain account and a member of the remote computer Administrators group. If the account is a local computer member of the Administrators group, then UAC does not allow access to the WinRM service. This error happens even if the account is a Local Administrator and the command line is run with administrator privileges.
To solve the problem, UAC filtering for local accounts must be disabled by creating the following DWORD registry entry and setting its value to 1:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] LocalAccountTokenFilterPolicy
Additional Information
https://learn.microsoft.com/en-us/windows/win32/winrm/obtaining-data-from-a-remote-computer