WinRM for XenDesktop

Website Visitors:

Windows Remote Management (WinRM) is the Microsoft implementation of WS-Management Protocol(a protocol developed by a group of hardware and software manufacturers as a public standard for remotely exchanging management data with any computer device that implements the protocol.), a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that allows hardware and operating systems, from different vendors, to interoperate.

The WS-Management protocol specification provides a common way for systems to access and exchange management information across an IT infrastructure. WinRM and Intelligent Platform Management Interface (IPMI), along with the Event Collector are components of the Windows Hardware Management features.


WinRM is short for Windows Remote Management. It is Microsoft’s new remote management standard which allows administrators to remotely manage and remotely execute programs on windows machines. Prior to this Remote Procedure Calls (RPC) had to be used for everything by collecting data from the COM and DCOM services.

One of the best features of a XenDesktop 5.5/5.6 is the Virtual Desktop management via the Desktop Director.  It provides Admins, Support/NOC folks with an excellent overview on what is going on inside your deployment which can be utilized for user connection troubleshooting.  What is really nice, is that it gives you information on user sessions including Audio, USB devices, Flash Redirection, Printing as well as others.  One of the best features is to allow connections (AKA Shadowing) directly to XD sessions.

To use this feature you must configure WinRM, if this is not set up on your XD’s, you will receive an error when establishing a connection.

WinRM Configuration:

Configure WinRM Listeners through Quick Configure.

  1. Configuration HTTP listener and other actions to enable this machine for remote management:

winrm qc

  1. Configuration HTTPS listener and other actions to enable this machine for remote management:

winrm qc –transport:https

Note: this command requires a valid server authentication certificate present in machine MY store.

Configure WinRM HTTP listener through Group Policy.

  1. Launch Group Policy Management on Windows Server 2008 Domain Controller machine.
  2. Create a new Starter GPO.
  3. Right click “Starter GPOs” and click “New” and give a name (for example “turn on winrm http listener”) and comment if needed.
  4. Right click the created Starter GPO and click “Edit”. A window “Group Policy Starter GPO Editor” pops up.
  5. Browse the tree on left pane of “Group Policy Starter GPO Editor” to “Administrative Templatesà Windows ComponentsàWindows Remote Management (WinRM) à WinRM Service”
  6. Double click the policy setting “Allow automatic configuration of listeners”. A window “Allow automatic configuration of listeners” will show up.
  7. Check “Enabled” button. In the options field, put filter for IPv4 and IPv6. For example, fill “*” in both IPv4 and IPv6 text boxes and click OK.
  8. Close the “Group Policy Starter GPO Editor”.
  9. Click setting tab in the right pane of “Group Policy Management” and refresh the setting. You setting will show up in the right pane.
  10. Create a new Group Policy Object.
  11. Right click “Group Policy Objects” and click “New”.
  12. Give a name to the GPO and select the Starter GPO created in step 2.
  13. Click OK.
  14. Link the new Group Policy object to the domain.
  15. Right click your domain name and click “Link an existing GPO.”
  16. In the “select GPO” dialogue, select the GPO created in step 3.
  17. Click OK.
  18. On the client machine in the domain, run “gpupdate /force” or wait the group policy to be deployed to the client machine.
  19. On the client machine, enumerate the winRM listeners (winrm e winrm/config/listener). A new GPO source listener should be created automatically.

Configure WinRM HTTP listener without quick configure and Group Policy.

  1. Create an instance of HTTP Listener on all IPs:

winrm create winrm/config/Listener?Address=*+Transport=HTTP

  1. Create instance of HTTPS Listener on all IPs:

winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=“HOST”;CertificateThumbprint=“XXXXXXXXXX”}

Note: XXXXXXXXXX represents a 40-digit hex string; see help config.

Want to learn more on Citrix Automations and solutions???

Subscribe to get our latest content by email.

If you like our content, please support us by sponsoring on GitHub below: