Kerberos authentication error server manager

Kerberos security error

Client-side authentication error: KerbUnknownSecurityError

Error <computer name> : Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error with errorcode
0x80090322 occurred while using Kerberos authentication: An unknown security error occurred. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts
domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains. After checking for
the above issues, try the following: -Check Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the
TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config.

Client and target server are in the same domain; the target server is added to Server Manager, but later, the target server’s domain is changed to a trusted but different domain. Try removing the target server from the Server
Manager server pool, and then adding the server again by using the Active Directory tab in the
Add Servers dialog box. If you do not want to remove the server from Server Manager, try following instructions in
Add Servers to Server Manager to add the target server to the client’s trusted hosts list.

Error

Kerberos target resolution error

Client-side authentication error: KerbResolutionError

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error occurred while
using Kerberos authentication: Cannot find the computer <computer name>. Verify that the computer exists on the network and that the name provided is spelled correctly.

Client is in a domain, and the target server is in a workgroup (using the NetBIOS name of the server): A Kerberos error occurs if explicit credentials are not specified for managing the target server, because the Kerberos ticket
granting service (TGS) cannot find the workgroup server, and the Default authentication mechanism does not attempt to use
Negotiate authentication unless explicit credentials are specified for the target server. For information about how to add servers in workgroups to Server Manager, see
Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error occurred while
using Kerberos authentication: Cannot find the computer <computer name>. Verify that the computer exists on the network and that the name provided is spelled correctly.

Error <computer name>: Refresh failed with the following error: Call was canceled by the message filter.

Client is in Domain1 and the target server is in an untrusted Domain2. A Kerberos error occurs because the Kerberos TGS cannot find the target server. Explicit credentials must be used to manage the target server. Right-click
the target server in the Servers tile of the All Servers page, and then click
Manage As to provide explicit credentials.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error occurred while
using Kerberos authentication: Cannot find the computer <computer name>. Verify that the computer exists on the network and that the name provided is spelled correctly.

Error <computer name>: Refresh failed with the following error: Call was canceled by the message filter.

Client is in a domain and the target server is in the same domain, but the domain name provided for the target server is incorrect or misspelled.

Error

Kerberos authentication error

Client-side authentication error: Kerb0x80090311Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error with errorcode
0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and
no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust
between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config.

Client is in a domain, but the domain controller for the client computer is not accessible. Try adding the target server to the client computer’s trusted host list. For information about how to add a managed server to the trusted
host list, see
Add Servers to Server Manager.

Error

Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error with errorcode 0x80090311 occurred
while using Kerberos authentication: There are currently no logon servers available to service the logon request. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains.After
checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.Note that
computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config.

Client is in a domain, and the target server is in the same domain (using the NetBIOS name or FQDN, and explicit but local-only administrator credentials for the target, or other non-domain credentials): A Kerberos error occurs
because the credentials are unknown on the domain. The user must add the target server to the trusted host list on the client computer to allow the Default authentication mechanism to use Negotiate authentication instead of Kerberos. For information about
how to add a managed server to the trusted host list, see
Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error with errorcode
0x80090311 occurred while using Kerberos authentication: There are currently no logon servers available to service the logon request. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and
no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust
between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config.

Client is in a domain and the target server is in a workgroup (using the NetBIOS name of the server): User has specified explicit credentials. An error occurs if the user has not added the server to the trusted host list of the
client, because the Default authentication mechanism will not attempt Negotiate authentication unless explicit credentials are specified. For information about how to add a workgroup server to Server Manager, see
Add Servers to Server Manager.

Error

Client-side authentication error: Kerb0x8009030eError

Error : Refresh failed with the following error (WSMAN): The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error with errorcode 0x8009030e occurred
while using Kerberos authentication: A specified logon session does not exist. It may already have been terminated. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are
specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two
domains.After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.Note
that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config.

Client is in a domain: Attempting to connect to a remote server by using implicit credentials that are the local administrator’s credentials on the client. Instead, use domain credentials that are recognized by the domain of
the target server, or right-click the server entry in the Servers tile, click
Manage As, and then specify credentials of an administrator on the target server.

Error

WinRM Default authentication error

Client-side authentication error: DefaultAuthReqsError

Error <computer IP address>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WinRM client cannot process the request. Default authentication
may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list
might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.

Client and target server are both in the same domain. The target server was added to Server Manager by using the IP address of the server, such as by using the
Import tab of the Add Servers dialog box. An authentication error occurs because if a client is in a domain, and attempting to connect to a target server by referencing an IP address, the user must provide explicit server to
the client computer’s trusted host list. This is required for the Default authentication mechanism to use Negotiate instead of Kerberos authentication. To avoid this problem, if target servers that you want to manage are in the same domain as the client computer,
add them by using the Active Directory tab of the Add Servers dialog box.

Error

Client is in a domain and the target server is in a workgroup. The target server was added to Server Manager by using its IP address. An authentication error occurs because if a client is in a domain, and attempting to connect
to a target server by referencing an IP address, the user must provide explicit credentials and add the target server to the client computer’s trusted host list. This is required for the Default authentication mechanism to use Negotiate instead of Kerberos
authentication. For information about how to add a workgroup server to Server Manager, see
Add Servers to Server Manager.

Error

WinRM Negotiate authentication error

Client-side authentication error: NegoAuthReqsError

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WinRM client cannot process the request. If the authentication
scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that
computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config.

Client is in a workgroup, and the target server is in a workgroup (using the NetBIOS name of the server): The network can resolve the name of the server. An authentication error occurs because the target server has not been added
to the trusted host list of the client computer, which permits Negotiate authentication. For information about how to add a workgroup server to Server Manager, see
Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WinRM client cannot process the request. If the authentication
scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that
computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config.

Client computer is in a workgroup, and the target server is also in a workgroup (using the IP address of the server): An authentication error occurs because the target server has not been added to the trusted host list of the
client, which permits Negotiate authentication. For information about how to add a workgroup server to Server Manager, see
Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WinRM client cannot process the request. If the authentication
scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that
computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config.

Client computer is in a workgroup, and the target server is in a domain (using the NetBIOS name of the server): User’s network can resolve the name of the server. An authentication error occurs because the target server has not
been added to the trusted host list of the client computer to allow Negotiate authentication. For information about how to add a domain server to Server Manager when the client is in a workgroup, see
Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WinRM client cannot process the request. If the authentication
scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that
computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config.

Client is in a workgroup and the target server is in a domain (using the IP address of the server): An authentication error occurs because the target server has not been added to the trusted host list of the client computer to
allow Negotiate authentication. For information about how to add a domain server to Server Manager when the client is in a workgroup, see
Add Servers to Server Manager.

Error

Target name resolution error

Name resolution error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WinRM client cannot process the request because the server name
cannot be resolved.

Error <computer name>: Refresh failed with the following error: The RPC server is unavailable.

Client is in a workgroup, and the target server is in a workgroup (using the NetBIOS name of the server): A name resolution error occurs if the DNS server that is used by the client cannot resolve the target server name. This
can occur when the client and target server are in two different workgroups, and each has a different DNS server. Add the target server to the client computer’s trusted host list. For information about how to add a workgroup server to Server Manager, see
Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WinRM client cannot process the request because the server name
cannot be resolved.

Error <computer name>: Refresh failed with the following error: The RPC server is unavailable.

Client is in a workgroup and the target server is in a domain (using the NetBIOS name of the server): A name resolution error occurs if the DNS server that is used by the client cannot resolve the target server name. Add the
target server to the client computer’s trusted host list. For information about how to add remote servers to a workgroup client that is running Server Manager, see
Add Servers to Server Manager.

Error

Name resolution error: SpecialCasedError

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WS-Management could not connect to the specified destination: (<computer
name>:5985).

The target server name includes an unsupported character or string, such as
. This error can occur when a cluster logical node is offline. For more information about characters that cannot be used in server names, see
Naming conventions in Active Directory for computers, domains, sites, and OUs.

Error

Error — Cannot manage the operating system of the target computer

Non-Windows target computer error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The client cannot connect to the destination specified in the request.
Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following
command on the destination to analyze and configure the WinRM service: «winrm quickconfig».

Error <computer name>: Refresh failed with the following error: The RPC server is unavailable.

The target computer is not running a Windows-based operating system. You cannot use Server Manager to manage this computer.

Error

Target computer not accessible

Network connection-related errors

Configuration Refresh failed with the following error: Windows Remote Management (WinRM) cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that
a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. [#1]Refresh failed
with the following error: Windows Remote Management (WinRM) cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service
is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. [#1]

The network connecting the client and server is offline, or there is a problem with the target server’s connection to the network. Try verifying that Windows Firewall exceptions have been enabled on the target server for Windows
Remote Management (WinRM) inbound rules.

The
netsh trace command-line utility can help troubleshoot network connectivity problems, if you do not immediately find the cause of network connectivity failures.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Windows Remote Management (WinRM) cannot complete the operation. Verify
that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception for
public profiles limits access to remote computers within the same local subnet.

Error <computer name>: Refresh failed with the following error: Call was canceled by the message filter.

The target computer is offline; either it is turned off, or not responding because of other hardware or software failures.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Windows Remote Management (WinRM) cannot complete the operation. Verify
that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception for
public profiles limits access to remote computers within the same local subnet.

Error <computer name>: Refresh failed with the following error: The RPC server is unavailable.

Client computer is in a domain and the target server is in a workgroup (using the NetBIOS name of the server): User has specified explicit credentials for the target server, and added the target server to the trusted host list
of the client. However, a subnet timeout error occurs if the user has not changed the default subnet restrictions for computers in workgroups. See step 2 of “To add remote workgroup servers to Server Manager” in
Add Servers to Server Manager.

Error

Error <computer IP address>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Windows Remote Management (WinRM) cannot complete the operation.
Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception
for public profiles limits access to remote computers within the same local subnet.

Error <computer IP address>: Refresh failed with the following error: The RPC server is unavailable.

Client is in a domain, and the target server is in a workgroup (using the IP address of the server): User has specified explicit credentials for the target server, and added the target server to the trusted host list of the client.
However, a subnet timeout error occurs if the user has not changed the default subnet restrictions for computers in workgroups. See step 2 of “To add remote workgroup servers to Server Manager” in
Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Windows Remote Management (WinRM) cannot complete the operation. Verify
that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception for
public profiles limits access to remote computers within the same local subnet.

Error <computer name>: Refresh failed with the following error: The RPC server is unavailable.

The client is in a workgroup, and the target server is in a workgroup (using the NetBIOS name of the server): The user’s network can resolve the name of the server, and the user has added the target server to the trusted host
list of the client. However, a subnet timeout error occurs if the user has not changed the default subnet restrictions for computers in workgroups. See step 2 of “To add remote workgroup servers to Server Manager” in
Add Servers to Server Manager.

Error

Error <computer IP address>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Windows Remote Management (WinRM) cannot complete the operation.
Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception
for public profiles limits access to remote computers within the same local subnet.

Error <computer IP address>: Refresh failed with the following error: The RPC server is unavailable.

The client is in a workgroup, and the target server is in a workgroup (using the IP address of the target server): The user has added the server to the trusted host list of the client. However, a subnet timeout error occurs if
the user has not changed the default subnet restrictions for computers in workgroups. See step 2 of “To add remote workgroup servers to Server Manager” in
Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Windows Remote Management (WinRM) cannot complete the operation. Verify
that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception for
public profiles limits access to remote computers within the same local subnet.

Error <computer name>: Refresh failed with the following error: Call was canceled by the message filter.

WinRM 3.0, WinRM 2.0, and DCOM are unavailable or not enabled on the target. On a server that is running Windows Server 2012, the user might have disabled both WinRM 3.0 or DCOM. On a server that is running an older Windows Server
operating system, WinRM 2.0 and DCOM are not enabled by default, while WinRM 3.0 is not available. Follow instructions in
Managing Downlevel Windows-based Servers from Server Manager in Windows Server 2012 to resolve this error.

Error

The metadata failed to be retrieved from the server, due to the following error: WS-Management cannot process the request. The operation failed because of an HTTP error. The HTTP error (50) is: The request is not supported.

User is attempting to connect to the target server by using an IPv4 address, but on the client computer, only IPv6, not IPv4, is enabled. Either connect to the target server by using its IPv6 address, or change settings on the
client computer network adapters to support IPv4 addresses. These settings are found in
Control PanelNetwork and Sharing CenterChange Adapter Settings. Right-click the network connection, click
Properties, select Internet Protocol Version 4, and save your changes.

Error

Online — Verify WinRM 3.0 service is installed, running, and required firewall ports are open

Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Windows Remote Management (WinRM) cannot complete the operation. Verify that the specified
computer name is valid, that the computer is accessible over the network, and that a firewall exception for the Windows Remote Management service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles
limits access to remote computers within the same local subnet.

WinRM 2.0 and 3.0 are either not available or not enabled, but DCOM is enabled on the target server.

Note:
DCOM is enabled by default for domain-joined servers that are running Windows Server 2012 and Windows Server 2008 R2, but not for Windows Server 2008.

This error can occur on a server that is running an older Windows Server operating system (Windows Server 2008 R2 or Windows Server 2008) where the
Windows Management Framework 3.0 download package has not been installed (so WinRM 3.0 is not available) and WinRM 2.0 is not enabled but DCOM is enabled. It can also occur on servers
that are running Windows Server 2012 and older Windows Server operating systems where Windows Management Framework 3.0 is installed and DCOM is still enabled, but the user has disabled WinRM 3.0 (either stopped the service or closed required firewall ports).
Follow instructions in
Managing Downlevel Windows-based Servers from Server Manager in Windows Server 2012 to resolve this error.

Error

Network connection related errors: WinRM 2.0 and DCOM

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WS-Management service cannot process the request. The resource
URI (<URI>) was not found in the WS-Management catalog. The catalog contains the metadata that describes resources, or logical endpoints.

WinRM 3.0 is not available or enabled, but WinRM 2.0 and DCOM are both enabled on the target server. This can occur on servers that are running older Windows Server operating systems (Windows Server 2008 R2 or Windows Server
2008 where the
Windows Management Framework 3.0 download package has not been installed (so WinRM 3.0 is not available), but WinRM 2.0 and DCOM are both enabled. Follow instructions in
Managing Downlevel Windows-based Servers from Server Manager in Windows Server 2012 to resolve this error.

Error

Network connection related errors: WinRM 2.0

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: The WS-Management service cannot process the request. The resource
URI (http://schemas.dmtf.org/wbem/cim-xml/2/cim-schema/2/*) was not found in the WS-Management catalog. The catalog contains the metadata that describes resources, or logical endpoints.

Error <computer name>: Refresh failed with the following error: Call was canceled by the message filter.

WinRM 3.0 and DCOM are either not available or not enabled, but WinRM 2.0 is enabled on the target server.

Note:
DCOM is enabled by default for domain-joined servers that are running Windows Server 2012 and Windows Server 2008 R2, but not for Windows Server 2008.

A user might have enabled WinRM 2.0, but not DCOM, on a target server that is running an older Windows Server operating system, and not yet installed the
Windows Management Framework 3.0 download package to get WinRM 3.0. Follow instructions in
Managing Downlevel Windows-based Servers from Server Manager in Windows Server 2012 to resolve this error.

Error

Online — Access denied

Access denied error

Error <computer IP address>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

Client is in a domain and the target server is in a workgroup (using the IP address of the server): The user has provided explicit credentials and added the server to the trusted host list of the client. However, an “access denied”
error occurs if the user specifies credentials for the target server other than the built-in Administrator account, and if the account token filter policy is not configured. See “To add remote workgroup servers to Server Manager” in
Add Servers to Server Manager.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

Client is in a workgroup and the target server is in a workgroup (using the NetBIOS name of the server): The user’s network can resolve the name of the server, the user has added the target server to the trusted hosts list on
the client, and the user has already removed subnet restrictions on the server. However, an “access denied” error can occur if the user is managing the target server by using the same credentials that were provided to log on to the client computer, but that
are not valid or recognized on the target server.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

Client is in a workgroup and the target server is in a workgroup (using the IP address of the server): The user has added the server to the trusted hosts list of the client, and removed subnet restrictions on the server. However,
an “access denied” error can occur if the user is managing the target server by using the same credentials that were provided to log on to the client computer, but that are not valid or recognized on the target server.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

Client is in a workgroup and the target server is in a domain (using the NetBIOS name of the server): The user’s network can resolve the name of the server, and the user has added the server to the trusted hosts list of the client.
However, an “access denied” error can occur if the user is managing the target server by using the same credentials that were provided to log on to the client computer, but that are not valid or recognized on the target server.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

The client is in a workgroup, and the target server is in a domain (using the IP address of the server): The user has added the server to the trusted hosts list on the client. However, an “access denied” error can occur if the
user is managing the target server by using the same credentials that were provided to log on to the client computer, but that are not valid or recognized on the target server.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

The user is attempting to manage the remote server with a credential that has only standard user (not a member of the Administrators group) access rights on the target server, and the user has not enabled standard user remote
management of the target server. By default, an account with standard user access rights is not a part of the WinRM remote WMI user’s group, and can perform limited management tasks on a remote server in Server Manager. To allow standard users more management
access rights on a target server, run the Enable-ServerManagerStandardUserRemoting cmdlet on the target server, in a Windows PowerShell session that has been opened with elevated user rights (Run as Administrator). For more information about how
to use this cmdlet (and disable standard user management access when it is no longer needed), see the cmdlet Help topic for
Enable-ServerManagerStandardUserRemoting.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

An incorrect or misspelled user name was provided to log on to the target server.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

The correct user name for the account used to manage the target server was provided, but the password was incorrect.

Error

MessageID: 1326. Message: The metadata failed to be retrieved from the server, due to the following error: The user name or password is incorrect.

The correct user name for the account used to manage the target server was provided, but the password was incorrect.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

Client is in a domain, and the server is in a workgroup (using the NetBIOS name of the server): The user has specified explicit credentials, added the target server to the trusted hosts list of the client, and removed the subnet
restrictions on the target server. However, an access denied error occurs if the user specified an account to manage the target server other than the built-in Administrator account, and the local account token filter policy is not configured correctly. See
“To add remote workgroup servers to Server Manager” in
Add Servers to Server Manager to resolve this issue.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

Both the client and the target server are in workgroups (using the NetBIOS name of the server): The user’s network can resolve the name of the server, the user has added the server to the trusted hosts list of the client, the
user has removed the subnet restrictions on the server, and specified explicit credentials that are valid on the target server, but is not using the built-in Administrator account for the target server. An access denied error occurs because the specified account
is not the built-in Administrator account, and the local account token filter policy is not set. See “To add remote workgroup servers to Server Manager” in
Add Servers to Server Manager to resolve this issue.

Error

Error <computer name>: Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: Access is denied.

Both the client and target server are in workgroups (using the IP address of the server): User has added the server to the trusted host list of the client, and removed the subnet restrictions on the server. The user attempts
to manage the target server by using the credentials with which they logged on to the client computer. An access denied error occurs because the specified account is not the built-in Administrator account on the target server, and the local account token filter
policy is not set. See “To add remote workgroup servers to Server Manager” in
Add Servers to Server Manager to resolve this issue.

Error

Online – Cannot manage a client-based operating system

Server Manager WMI providers are not available on the target computer

Message: The metadata failed to be retrieved from the server, due to the following error: The WS-Management service cannot process the request. The CIM namespace root/microsoft/windows/servermanager is not valid.

This is typical of Windows 8, on which Server Manager providers are not available and DCOM is not enabled by default. You cannot manage this computer by using Server Manager.

Error

Inventory discovery-based errors

None

Server Manager inventory collection finds that the target computer is running a Windows client-based operating system. You cannot manage this computer by using Server Manager, so you must contact them. h

Error

Online — Server Manager WMI providers not loading on the target server

Server Manager WMI provider cannot load error

Error <computer name>: Configuration refresh failed with the following error: HRESULT = 0x80041013

The Server Manager provider is available, but cannot load. This error can occur when WMI namespace access rights do not grant access to the user, and is most commonly seen when standard users (those who are not members of the
Administrators group on the target server) are managing a server by using Server Manager. To grant WMI namespace access rights to standard users, administrators should run the
Enable-ServerManagerStandardUserRemoting cmdlet on the target server. For more information about how to use this cmdlet (and disable standard user management access when it is no longer needed), see the cmdlet Help topic for
Enable-ServerManagerStandardUserRemoting.

Error

Online – Cannot manage operating systems older than Windows Server 2003

Inventory discovery-based errors

None

Server Manager inventory collection finds that the target computer is running a release of Windows Server that is older than Windows Server 2003. You cannot manage this computer by using Server Manager.

Error

Online – Limited data – Windows Server 2003

Inventory discovery-based errors

None

Server Manager inventory collection finds that the target computer is running Windows Server 2003.

Informational

Online – Restart pending

Inventory discovery-based errors

None

Server Manager inventory collection finds that the target server requires a restart. Restart the target server.

Informational

Online – Windows PowerShell not installed

Inventory discovery-based errors

None

Server Manager inventory collection finds that Windows PowerShell is not installed on the target server. On a target server that is running Windows Server 2012, run the following cmdlet on the computer that is running Server
Manager to install Windows PowerShell: Install-WindowsFeature -Name PowerShell –ComputerName <target server name>. On Windows Server 2008 R2 and Windows Server 2008, install the
Windows Management Framework 3.0 download package to get Windows PowerShell 3.0. Install prerequisites for Windows Management Framework 3.0 by following instructions in
Managing Downlevel Windows-based Servers from Server Manager in Windows Server 2012 to resolve this error.

Informational

Online – Performance counters not started

Inventory discovery-based errors

None

Server Manager inventory collection finds that performance counter data collection is turned off on the target server.

Informational

Online — Cannot get event data

Data retrieval errors

Any errors from the Server Manager provider that are related to event data retrieval.

This error can also occur if specific roles and features have been installed, but not yet configured. The following underlying error messages are examples of known cases where a role, role service, or feature requires post-installation
configuration to clear the error.

• Events from ‘Virtualization.Events.xml’ could not be enumerated. (This error is cleared after required post-installation configuration for Hyper-V is completed.)
  
• Events from ‘PrintServices.Events.xml’ could not be enumerated. (This error is cleared after required post-installation configuration for Print and Document Services is completed.)
  
• Events from ‘ADAM.Events.xml’ could not be enumerated. (This error might be cleared after required post-installation configuration for Active Directory Lightweight Directory Services is completed.)
  

The following underlying error message can occur for Active Directory Federation Services when the only role services that are installed are web agents. Configuring the installed role services does not resolve the error.

• Events from ‘IdentityServer.Events.xml’ could not be enumerated.
  

Server Manager cannot get event data from the target server. The user might not have access rights to the target server event log, or event log files might not contain valid data.

For some roles and features (Hyper-V, Print and Document Services, AD LDS), this error can occur after installation, but before required post-installation configuration has been completed. The error is resolved after post-installation
configuration is complete. For AD FS, this error can occur if web agents are the only role services installed, but there is currently no known resolution for this case of the error.

Error

Online — Cannot get service data

Any errors from the Server Manager provider that are related to service data retrieval

Server Manager cannot get services data from the target server. The user might not have access rights to service data on the target server, or service data files might not contain valid data. To grant service data access rights
to standard (non-Administrator) users, administrators should run the Enable-ServerManagerStandardUserRemoting cmdlet on the target server. For more information about how to use this cmdlet (and disable standard user management access when it is
no longer needed), see the cmdlet Help topic for
Enable-ServerManagerStandardUserRemoting.

Error

Online — Cannot get BPA results

Any errors from the Server Manager provider related to BPA result retrieval (excluding Windows PowerShell not enabled errors which are covered by other manageability status messages)

Server Manager cannot get Best Practices Analyzer result data from the target server. The user might not have access rights to BPA data on the target server, or BPA result data might not be readable. Standard users cannot get
access to BPA data, even after an administrator runs the Enable-ServerManagerStandardUserRemoting cmdlet.

Error

Online — Cannot get performance counter data

Any errors from the Server Manager provider related to performance data retrieval (excluding performance counters off errors, which are covered by other manageability status messages)

Server Manager cannot get performance counter data from the target server. The user might not have access rights to performance data on the target server, or the data might not be readable. To grant performance data access rights
to standard (non-Administrator) users, administrators should run the Enable-ServerManagerStandardUserRemoting cmdlet on the target server. For more information about how to use this cmdlet (and disable standard user management access when it is
no longer needed), see the cmdlet Help topic for
Enable-ServerManagerStandardUserRemoting.

Error

Online — Cannot get role and feature data

Any errors from the Server Manager provider related to role and feature data retrieval

Server Manager cannot get role and feature inventory data from the target server. The user might not have access rights to role and feature data on the target server, or the data might not be readable. To grant role and feature
inventory data access rights to standard (non-Administrator) users, administrators should run the
Enable-ServerManagerStandardUserRemoting cmdlet on the target server. For more information about how to use this cmdlet (and disable standard user management access when it is no longer needed), see the cmdlet Help topic for
Enable-ServerManagerStandardUserRemoting.

Error

Online — Data retrieval failures occurred

(If two or more types of data cannot be retrieved)

• The WS-Management service cannot process the request. WS-Management cannot identify the enumeration context ID in the SOAP packet. The packet may not be valid, or the operation may have timed out.
  
• The WinRM client cannot process the request because the metadata failed to be retrieved from the server.
  
• Non terminating error during inventory method; for example, an access error to cluster resource data
  

This error can also occur if specific roles and features have been installed, but not yet configured. The following underlying error messages are examples of known cases where a role, role service, or feature requires post-installation
configuration to clear the error.

• Events from ‘Virtualization.Events.xml’ could not be enumerated. (This error is cleared after required post-installation configuration for Hyper-V is completed.)
  
• Events from ‘PrintServices.Events.xml’ could not be enumerated. (This error is cleared after required post-installation configuration for Print and Document Services is completed.)
  
• Events from ‘ADAM.Events.xml’ could not be enumerated. (This error might be cleared after required post-installation configuration for Active Directory Lightweight Directory Services is completed.)
  

The following underlying error message can occur for Active Directory Federation Services when the only role services that are installed are web agents. Configuring the installed role services does not resolve the error.

• Events from ‘IdentityServer.Events.xml’ could not be enumerated.
  

Server Manager cannot get a combination of data types: events, BPA results, performance counters, or services. This can be caused by insufficient user access rights, data that is not valid, or WinRM time-outs.

To grant event, performance, role and feature inventory, and service data access rights to standard (non-Administrator) users, administrators should run the
Enable-ServerManagerStandardUserRemoting cmdlet on the target server. For more information about how to use this cmdlet (and disable standard user management access when it is no longer needed), see the cmdlet Help topic for
Enable-ServerManagerStandardUserRemoting. The
Enable-ServerManagerStandardUserRemoting cmdlet does not provide standard users access to BPA result data.

For some roles and features (Hyper-V™, Print and Document Services, AD LDS), this error can occur after installation, but before required post-installation configuration has been completed. The error is resolved after post-installation
configuration is complete. For AD FS, this error can occur if web agents are the only role services installed, but there is currently no known resolution for this case of the error.

Error

An unknown error occurred

Unknown errors

None

If the error persists,
contact Customer Support Services.

Error