PowerShell

The PowerShell forum accepts bug reports as well as feedback and suggestions. For more information, check out the PowerShell Homepage

The following is a list of the states we use to track items.

status meaning
survey We saw this and we are considering it. Please upvote if it’s important to you.
needs more information We don’t understand the issue and need additional details.
investigating We are looking at this internally to understand things like: scenario, reproduction of issue, costing, or other technical details.
in queue The issue is understood and in our unprioritized backlog. Your votes will be used to drive prioritization of this work.

Please feel free to provide feedback or file bugs here.

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. WMF/WinRM 5.1 System File version issues after installing KB4103724

    My operating system environment is W8.1/WS12R2 with Windows Mangagement Framework 5.1 installed

    After installing KB4103724 (May, 2018 Preview of monthly Rollup for NT6.3), I found that some of the files in WMF/WINRM 5.1 were changed, and those changes were not listed on the update history.

    Let me say a few questions about this change:

    1: Generally speaking, the monthly Summary preview update is used to resolve performance and reliability issues, but this update history does not list the changes in WMF/WINRM 5.1. The affected file in WMF/WINRM 5.1 is listed only in file information for update 4103724.

    2: I noticed…

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
    • 1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
      • Possible Bug: Mapping persistent drives with New-PSDrive using WINRM sessions

        I am trying to map persistent drives using New-PSDrive on a remote winrm session, but when I opened a new session the mapping driver got the status of "Unavailable". I am using CREDSSP

        #Session A creating the mapping

        $credentials = Get-Credential user
        $session = New-PSSession -ComputerName Server1 -Credential $credentials -Authentication CredSSP
        $computername = "Server2"
        Invoke-Command -Session $session -ScriptBlock {
        param($computername)
        New-PSDrive -PSProvider FileSystem -Name "X" -Root "\\$computername\scripts" -Persist -Verbose -Scope Global
        } -ArgumentList $computername
        #Session B checking the mapping

        $credentials = Get-Credential user
        $session = New-PSSession -ComputerName Server1 -Credential $credentials -Authentication CredSSP
        $computername = "Server2"

        Invoke-Command -Session $session -ScriptBlock { …

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
        • WinRM

          Possible Bug WFM 5.1 with WinRM via Command line. (Can provide Screenshots of issue)

          When trying to authenticate to WinRM via command line receive the following error using password with ^ as a special character.

          Example Command:

          winrm id -r:https://servname:5986 -a:Kerberos -u:serviceaccount@localdomain.local -p:gt^qB%CxkaSQ -encoding:utf-8

          Error:
          WSManFault
          Message = The user name or password is incorrect.

          Error number: -2147023570 0x8007052E

          When change ^ to ! receive the following output:

          C:\Users\shawns>winrm id -r:https://servername:5986 -a
          :Kerberos -u:serviceaccount@localdomain.local -p:gt!qB%CxkaSQ -encoding:ut
          f-8
          IdentifyResponse
          ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
          ProductVendor = Microsoft Corporation
          ProductVersion = OS: 6.3.9600 SP: 0.0 Stack: 3.0
          SecurityProfiles
          SecurityProfileName = …

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
          • Enable WINRM certificate mapping for domain user

            Currently I need to manage Windows DNS server. I would like to use a client certificate to connect to WinRM to manage it, since I want to expose it in RESTful interface. But WINRM certificate mapping only allows non-domain account.

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
            • WMF 5.1 RestrictedRemoteServer session type fails to import the 'Microsoft.PowerShell.Utility' module

              When importing this module in a restricted session type or when making a function or a cmdlet from this module visible, i.e:
              VisibleFunctions = 'Get-FileHash'
              the following message is returned:
              WARNING: The 'Microsoft.PowerShell.Utility' module was not imported because the 'Microsoft.PowerShell.Utility' snap-in was already imported.
              In practice, the module is not being imported.
              Get-PSSnapin shows that a snapin with the same name is indeed loaded:
              Name : Microsoft.PowerShell.Utility
              PSVersion : 5.1.14409.1005
              Description : This Windows PowerShell snap-in contains utility
              cmdlets that are used to view and organize data in different ways.
              but exposes no commands
              Get-PSSnapin from a regular (not remote)…

              6 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                5 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →

                This report is a bit confusing, so need some information.
                On the system where you received this error, please try running any of the commands from Microsoft.PowerShell.Utility, such as get-member, or get-date. The error message and the information you provided seems to indicate that the module is already loaded, so we are looking for other indications that it is not.

              • Register-PSSessionConfiguration -WarningAction SilentlyContinue does not suppress warning text

                When creating a JEA endpoint with the following command:

                Register-PSSessionConfiguration -WarningAction SilentlyContinue ...

                The warning about restarting the WinRM service is still displayed. The expected action is for the SilentlyContinue argument to suppress any warnings. This occurs every time.

                The workaround here is to use the -NoServiceRestart switch and then restart the WinRM service manually.

                Behavior is observed on Server 2016 with PSVersion 5.1.14393.0.

                Thanks,
                J.

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
                • PowerShell: Unable to reconnect disconnected PSSession when PSRemotingProtocolVersion does not match

                  From a win7 or win10 workstation running PS5 I can create a PSRemoting session (new-pssession) to a server running PS4. But if that session should become disconnected, I'm unable to reconnect (or receive) the session, receiving, instead the following error:
                  Receive-PSSession : Connecting to remote server hsfsrpw001 failed with the following error message : The server that is running
                  Windows PowerShell does not support connect operations on the protocolversion 2.3 that is negotiated by the client computer. Make
                  sure the client computer is compatible with the build 6.3.9600.17400 and the protocol version 2.2 of Windows PowerShell. For more
                  information, see…

                  2 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
                  • Add A "Start In" Directory for Enter-PSSession

                    By default, we are placed into Documents (at least I am), then have to change directories. It would be nice to be able to specify a directory we'd like to start in using Enter-PSSession.

                    17 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      survey  ·  1 comment  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
                    • Block WinRM operations during servicing

                      The WinRM service starts normally and accepts requests during component servicing operations (eg, "Working on Updates", "Working on Features" screens after a post-update/feature-change reboot). This causes problems for configuration management in cases where the servicing process triggers further reboots, especially since there doesn't appear to be a documented way to determine that servicing is underway. WinRM should either wait to accept requests until servicing is complete, or a way for third-party tools to determine that servicing is underway from Powershell should be documented.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        survey  ·  3 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
                      • Remote Invoke-Command Powershell Stop-WebAppPool No Longer Working After Powershell 5 Upgrade

                        The full details of the issue are already documented on Server Fault here: http://serverfault.com/questions/806794/remote-invoke-command-powershell-stop-webapppool-no-longer-working-after-powersh

                        The gist of it is that we have Server A which was on WMF 4 / PowerShell 4 and was able to issue Invoke-Command calls to Server B which was on WMF 2 / PowerShell 2. In particular, a call to Stop-WebAppPool. After upgrading Server A to WMF 5, the call to Stop-WebAppPool no longer works. However, issuing this command to other Servers on WMF 4/5 seems to work.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          1 comment  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
                        • Jea logon fails if the calling account isn't an administrator on the endpoint

                          jea cannot be used if the calling user isn't an administrator

                          I have an issue similar to this but slightly different.

                          https://windowsserver.uservoice.com/forums/301869-powershell/suggestions/13788477-jea-can-not-be-used-with-local-account-if-runasvir

                          I have JEA configured and set up. When I connect to the endpoint with an account that is an administrator where the endpoint is located it works fine. My commands are limited to what I set in my profile etc.

                          When I try to connect as a non-privileged user that is in the correct group to use the endpoint it fails with "the username or password is incorrect". If I add that SAME account to the local administrator's…

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            1 comment  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
                          • JEA is difficult for delegates to use without tab completion

                            By default tab completion is disabled in JEA endpoints- and there is no guidance on how (or if) it can be enabled safely.
                            Without tab completion it is
                            1. Harder to discover available commands (no Get-<tab>)
                            2. Harder to execute available commands with correct parameter name spelling etc.
                            3. Harder to populate correct values (e.g., no help with ValidateSet scenarios)
                            This all works against the applicability of JEA for delegation scenarios where a less expert sub-admin has to blindly type out a potentially complex and unfamiliar command.
                            Please make some basic level of tab completion work by default, and please…

                            4 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              In Queue  ·  4 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
                            • Get-PSSessionCapability returns capabilities even when the speficied user doesn't have permissions to connect to the session

                              The documentation on Get-PSSessionCapability states it returns information (capabilities) on the session configuration the specified username has on it, but it also returns it for a SessionConfiguration (created with a pssc file) when it wasn't created with a RoleDefinition, no matter if the specified user can or cannot access it.
                              I would expect it not to return any information for that SessionConfiguration, or have a property that indicates the specified doesn't have the required permissions (invoke / fullcontrol).

                              2 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                survey  ·  1 comment  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
                              • WinRM "concurrent operations" increase to eventual failure

                                Concurrent operations on an open shell always increase (eg, for each command run) even when the Terminate signal message is sent and (apparently) properly processed after each command. This eventually causes the MaxConcurrentOperationsPerUser quota to be hit, requiring a new shell to be created.

                                A simple reproduction using pywinrm is available at: https://github.com/diyan/pywinrm/issues/124. I'm guessing there's just something wrong with the way the Terminate signal is being sent by pywinrm, but the server appears to be happy with it.

                                To run the repro, ensure python and pip are available, create a file with the repro code (and adjust the…

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  investigating  ·  0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
                                • Server 2012R2 winrm https listener autocertificate reneval

                                  If you enable an https listener on a server and use it with an autoenrolled certificate, the listener will not be updated when the new autoenrollment takes place as the thumbprint will be hardcoded to the listener. This makes the technologie to use an https listener on all your servers to a big administrative burden as you have to keep the listeners up-to-date. Please develop some solution that this certificate will stay up-to-date with each new autoenrollment (like with a scheduled task which starts after autoenrollment scheduled task)

                                  Thanks

                                  Max

                                  36 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    1 comment  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
                                  • WinRM should register it's proper SPN

                                    The WinRM service should register the HTTP/computername:5985 and HTTP/computername.fqdn:5985 (or configured port) SPNs so that clients can locate the proper Kerberos principal to authenticate against. Currently anything that uses Kerberos over http:80 can claim its valid SPN and break Kerberos authentication for WinRM.

                                    18 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  WinRM  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Don't see your idea?

                                    Feedback and Knowledge Base