WinRMDiagnostics is a stand-alone tool that helps to configure or fix Windows event sources for Windows Log Collection.
The tool can be invoked either in command line or UI mode, and supports Windows OS 2008 and above.

The tool can be invoked either in command-line mode or User Interface (UI) mode. By default, the tool runs in UI mode.
To run the tool in command-line mode, the -noui switch should be used. 

Tool run modes: 

• Verify: Checks whether WinRM is configured on windows event source by executing pre-selected set of commands.(Default Mode)
• Auto: Checks whether WinRM is configured on windows event source by executing pre-selected set of commands. If WinRM is not configured correctly, then the tool will try to fix the issue.
• Manual: Allows user to specify a set of commands to execute.

 

Command-Line Mode

Below is the tool usage and parameters for running tool in command-line mode.
 
Where:

-noui	Tool will run in console mode or else in UI mode
-mode	Tool mode (VERIFY (V), AUTO (A), MANUAL (M))
-username	User account credentials (DomainName@UserName)
-zip	Zip results directory (true/false)
-transport	WinRM listener transport mode
-port	WinRM listener port
-servicename	Service name
-hostname	Host name or Host FQDN
-usebasic	Use Basic Authentication for WinRM (true/false)
-resultdir	Result directory name (by default result directory is named as '<machinename>_wrm_<timestamp>)'
commands>	Commands to run (specify only if MANUAL mode is chosen)

Note: If ‘Verify’ or ‘Auto’ mode is chosen, then no command list should be specified.

 

Command Name	Description	Mode
		Verify	Auto	Manual
FirewallSrvStatus	Check state of Windows Firewall service
WinRMSrvStatus	Check state of WinRM service
WinRMVersion	Get WinRM version
WinRMListenerConfig	Get WinRM Listener configuration
WinRMOnDefaultPort	Check whether WinRM Listener is running on default port
AllowUnencryptGet	Check whether AllowUnencrypted property is set
EventLogPermGet	Check whether Event Log permissions are set correctly
EventReadersGrpGet	Check whether user account is part of Event Log Readers Local User Group Input: User Account Credentials (username)
SecLogChReadAccStatus	Verify whether SDDL string for Windows Log channel is configured for reading access to the Security Log channel
AllowUnencryptSet	Set AllowUnencrypted property to 'true'
EventLogPermSet	Set Event Log permissions for Event Log Readers group
SecLogChReadAccAdd	Grant read access to the Security Log channel by modifying SDDL string for Windows Log channel
WinRMQuickConfig	Run WinRM Quick config command Input - Transport (Default = HTTP), Use Basic Authentication (Default = False)
EventReadersGrpAdd	Add user account to Event Log Readers Local User Group Input: User Account Credentials (username)
WinRMListenerCreate	Create WinRM Listener Input - Transport (Default = HTTP), Port (Default = 5985)
WinRMListenerDelete	Delete WinRM Listener    Input - Transport (Default = HTTP)
WinRMListenerPortSet	Set WinRM Listener port Input - Transport (Default = HTTP), Port (Default = 5985)
EventReadersGrpRem	Remove user account from Event Log Readers Local User Group Input: User Account Credentials (username)
ServiceStart	Start given service Input - Service Name
ServiceStop	Stop given service Input - Service Name
SystemTime	Get system time on local computer
OSName	Get host operating system name
HostIPByDns	Get Host IP Address from DNS Hostname Input - Host name or Host FQDN

Sample Usage
WinRMDiagnostics -noui -mode verify  (Run 'verify' mode commands)
WinRMDiagnostics -noui -mode auto    (Run 'auto' mode commands)
WinRMDiagnostics -noui <commands>    (Run specified commands)
WinRMDiagnostics -ver                (Tool version)
WinRMDiagnostics -help            (Displays Tool usage)
 

User Interface Mode

General Tab:

• Provides options for configuration and execution of the tool.

Run Mode:

• Verify & Autorun mode runs a pre-selected set of commands (Ones that are not grayed out).
• Commands need to be selected for Manual run mode only.
• Command information is displayed in the Steps Description pane when the command name is clicked.
• Specify tool parameters only for the selected commands.
• To run the tool click on the Run button.

Results Tab:

• Displays tool results in XML format. Tool results are saved here:  ~\ WinRMToolResults\<hostname>_wrm_<timestamp>
• Optional: Select Zip Results option to zip up the results directory. Specify Result Dir Name option to create result directory with a non-default name. eg. ~\ WinRMToolResults\rsasa-123

Results (Tabular) Tab:

• Displays tool results in tabular format.