Windows 10: WinRM Security - Event Logs

Hi, could someone please take a look at the logs attached and tell me if it's possible to tell by the logs if anyone might have used WinRM on my machine to gain unauthorized access? I use Windows 11 and I never set up WinRM to begin with. Thank you so much in advance.

:)

 

What's WinRM?

Thank you very much for your response Ed.

Is there any way to find out what could be the culprit of these entries? They seem to occur almost daily at random times.

There are 4 events which keep repeating over and over again:


Event 145: WSMan operation Enumeration started with resourceUri http://schemas.microsoft.com/wbem/ws...onfig/listener
Event 254: Activity Transfer
Event 161: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".
Event 142: WSMan operation Enumeration failed, error code 2150858770

 

Unable to configure WinRM on domain user

Hi everyone,

I'm unable to configure WinRM on a domain computer. I have a simple domain with

1) Windows server 2012

2) A client running Windows 7

If I try to run WinRM on the local Administrator, everything works fine, but if I switch to a domain user, than problems occured.

For example, if i run winrm quickconfig in powershell as the domain Administrator, then I get:

WinRM already is set up to receive requests on this machine.

WSManFault

Message = WinRM cannot process the request. The following error occured while using Negotiate authentication: An unknown security error occurred.

Possible causes are:

-The user name or password specified are invalid.

-Kerberos is used when no authentication method and no user name are specified.

-Kerberos accepts domain user names, but not local user names.

-The Service Principal Name (SPN) for the remote computer name and port does not exist.

-The client and remote computers are in different domains and there is no trust between the two domains.

After checking for the above issues, try the following:

-Check the Event Viewer for events related to authentication.

-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use

HTTPS transport.

Note that computers in the TrustedHosts list might not be authenticated.

-For more information about WinRM configuration, run the following command: winrm help config.

Error number: -2144108387 0x8033809D

An unknown security error occurred.

When i run it as local admin, everything goes well.

So, what am I missing?

 

Events 4672 & 4624 Win 10 Freezes - special LOGON ?

Hi,

Thank you for writing to Microsoft Community Forums.

1. Are you on a domain network?
   
2. May I know the make and the model number of your system?
   

The event logs you have provided seems to be the security logs that is generated when you login to your system. For more information on the event that was generated, you can check
4672(S): Special privileges assigned to new logon.

The Windows error logs will be located at Event Viewer > Windows Logs > System.

Please follow the step below and check if it works for you.

Step: Improve Windows 10 Performance.

Try some of the following suggestions to help
make your Windows 10 PC run better. The steps are listed in order, so start with the first one, see if that fixes the problem, and then continue to the next one if it doesn’t.

Note: The last step on the article contains Windows Reset, I suggest you not to perform Windows reset, as there is a change your data and applications will be wiped and also
the OS will reverted back to previous version you upgraded from.

If the issue still persists, please reply to this post with more information so that we can identify the root cause of this issue and assist you further.

Hope it helps.

Amit Sunar

Microsoft Community – Moderator