Symptoms
Adding a Host to System Center Virtual Machine Manager 2008 (SCVMM 2008) fails with a variation of Error (2916):
Error (2916)
VMM is unable to complete the request. The connection to the agent ServerA.contoso.com was lost.
(The WinRM client cannot complete the operation within the time specified. Check if the machine name is valid and is reachable over the network and firewall exception for Windows Remote Management service is enabled. (0x80338126))Recommended Action:
Ensure that the WS-Management service and the agent are installed and running and that a firewall is not blocking HTTP traffic. If the error persists; reboot ServerA.contoso.com and then try the operation again.
Cause
Specific content is being filtered by a non-Windows firewall. The firewall could be software installed on either the SCVMM 2008 Server or the Host that is being added. More likely, there is a hardware appliance firewall on the network between the two communicating servers.
Resolution
Test multiple communication protocols between the two systems; the SCVMM 2008 Server and Host in this example. Some firewalls can have content filtering enabled despite showing that it is not. Remove all non-Windows software firewalls and bypass all hardware appliance firewalls entirely long enough to perform testing to verify whether or not they are contributing to the problem.
The following tests are examples of protocols that should always succeed. Test both directions always:
- Ping by DNS name in both directions (NETBIOS and FQDN). The IP address returned must match.
- Access to '\\ServerA.contoso.com\admin$' from the 'Run' command in both directions. This must succeed.
- From Server B: \\ServerA.contoso.com\admin$
- From Server A: \\ServerB.contoso.com\admin$
- WinRM basic connectivity in both directions. This must succeed. If it does not, execute 'winrm qc' on both servers, accepting all prompts, then test again.
- Remote NETBIOS test: winrm id -r:remoteserver
- Remote FQDN test: winrm id -r:remoteserver.contoso.com
WinRM successful reply example:
C:\>winrm id -r:ServerA
IdentifyResponse
ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor = Microsoft Corporation
ProductVersion = OS: 6.1.7600 SP: 0.0 Stack: 2.0
More Information
Recently a firewall appliance sold by a major vendor showed content filtering disabled and not licensed to be turned on, yet was still filtering specific content. This was discovered through examination of network traces. Do not assume content, protocols or traffic are not being blocked. Perform tests to verify.
=====
For the latest version of this article see the link below:
J.C. Hornbeck | System Center Knowledge Engineer
The App-V Team blog: http://blogs.technet.com/appv/
The WSUS Support Team blog: http://blogs.technet.com/sus/
The SCMDM Support Team blog: http://blogs.technet.com/mdm/
The ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/
The SCOM 2007 Support Team blog: http://blogs.technet.com/operationsmgr/
The SCVMM Team blog: http://blogs.technet.com/scvmm/
The MED-V Team blog: http://blogs.technet.com/medv/
The DPM Team blog: http://blogs.technet.com/dpm/
The OOB Support Team blog: http://blogs.technet.com/oob/
The Opalis Team blog: http://blogs.technet.com/opalis
