Error with endpoint Exchange Agentless. WinRM cannot complete the operation
Article ID: 186473
CA Identity ManagerCA Identity GovernanceCA Identity PortalCA Identity Suite
Connecting to remote server failed with the following error message: WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
Component: CA IDENTITY SUITE (VIRTUAL APPLIANCE) Component: CA IDENTITY MANAGER (IDENTITY MANAGER)
The error message is directly related to either bad DNS / Firewall / Misconfigured DNS within the AD Endpoint Configuration between IDM and the Domain Controller.
- Check that the winrm configurations have been implemented correctly on both servers (the Gateway server and the CCS server);
- Run NSLookup commands and confirm that the AD Endpoint Configuration DNS record is valid and matches the destination from the source machines.
- Run Telnet commands and confirm there are no ports or firewalls blocking communication.
- Check how is the Gateway server set on the ADS endpoint object
- Check how is the Exchange server hostname is resolved from this Gateway server and from the ADS endpoint server.
- Verify that the WinRM service is started and Automatic.
- Make sure that there is no firewall in between the AD / Connector server, or if there is, there are exceptions for port 5985 for HTTP, and/or 5986 for HTTPS.
If those are verified, from an administrator command prompt run: winrm quickconfig -q
This will correct any issues found automatically, such as the LocalAccountTokenFilterPolicy, and you are ready to test all the above scenarios once more.