WinRM firewall exception will not work - network connection type is public

This topic contains 3 replies, has 3 voices, and was last updated by Profile photo of vamsee vamsee 2 months, 2 weeks ago.

  • Author
    Posts
  • #61435
    Profile photo of vamsee
    vamsee
    Participant

    My machine has ethernet card but its cable is unplugged (we need it that way). so there are no network connections on the box.
    When i run the following command, i get an error "WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again."

    set-item WsMan:\localhost\MaxEnvelopeSizekb 10000

    I ran the command "Get-NetConnectionProfile" and as expected it does not list any thing because there are no connections. Also ran the command "Get-NetConnectionProfile NetworkCategory Public" and as expected it did not list anything.

    I get the same error even when i disable the network adapter.

    Only way i can get out of this problem is to connect the machine to internet (by plugging in the cable) and running the command
    "Set-NetConnectionProfile InterfaceIndex X NetworkCategory Private" where X is the index of the network interface

    Question:- why do i get the error when there are no network connections at all. And when i disable all network adapters.

    Thanks
    Vamsee

  • #61546
    Profile photo of Don Jones
    Don Jones
    Keymaster

    That's why we usually end up using Enable-PSRemoting -SkipNetworkProfileCheck to enable Remoting in the first place ;).

    You get the same problem is you have something like VMware Workstation installed, because it creates a bunch of virtual network interfaces, and Windows defaults everything to "Public." Even if the connection isn't active.

    The error message isn't saying *Remoting* won't work. It's saying that the Windows Firewall, a separate component, won't allow incoming traffic on a Public network, even if that network isn't connected to anything. You can't really change the way Windows Firewall works, short of disabling it entirely. But in your case, the error message may be a bit misleading. If you aren't *using* a Public interface, then the firewall will still work fine.

  • #61587
    Profile photo of Stefan Werner
    Stefan Werner
    Participant

    I found this script on blog somewhere a couple of years ago, which changes the NIC profile from public to private.

    $nlm = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))
    $connections = $nlm.getnetworkconnections()
    $connections | foreach {
        if (($_.getnetwork().getcategory() -eq 0) -and ($_.getnetwork().getcategory() -ne 2))
        {
            $_.getnetwork().setcategory(1)
        }
    }
  • #61893
    Profile photo of vamsee
    vamsee
    Participant

    Don Jones:
    If i understand your reply correctly, you are saying if my machine is not connected or is not using public networks, things are ok inspite of the error message. However i am afraid its not so, the result of the behavior is that i cannot increase "MaxEnvelopeSizekb" as a result of the above error. For me to increase the value, i WILL HAVE to connect it to a network and make its network category private.
    Also i tried "Enable-PSRemoting -SkipNetworkProfileCheck" but the result is still the same i.e. when i execute the command "set-item WsMan:\localhost\MaxEnvelopeSizekb 10000", I still get the error message and the maxevenlopesize is not increased.

    Stefan: I too found the same script you indicated. It does not work when machine is not connected to any network. And i need to be able to increase the size of the maxenvelopsize without the machine being connected to network.

You must be logged in to reply to this topic.