I was trying to use PS-Remoting to remotely run some powershell commands on a few servers, but one of them returned an error instead of connecting. I found this odd because:

1. The other 2 servers didn’t have this error, and they all used the same GPOs to enforce configuration, and
2. Enter-PSSession worked on this server a few days ago.

> enter-pssession DomainController01

Enter-PSSession: Connecting to remote server DomainController01 failed with the following error message : 
WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is 
accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access 
from this computer. By default, the WinRM firewall exception for public profiles limits access to remote 
computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.

I opened an RDP session to the server to see exactly what was going on:

• WinRM was correctly configured
• Windows Firewall was correctly configured. The Domain profile permitted Windows Remote Management.
• PS-Remoting was correctly configured in Powershell

… Then I saw it. The network connection icon in the systray said “unidentified network”.

Of course! Since Windows isn’t detecting the network connection as part of the Domain Network, Windows Firewall can’t permit my WinRM traffic under the Domain profile rule. The job of reviewing the network configuration (IP Address) and assigning a location to the network is the job of the Network Location Awareness (NLA) service. NLA first attempts to identify a logical network by its domain name (DNS). If a logical network does not have a domain name, NLA identifies the network from custom static information stored in the registry, and finally from its subnet address.

Fixing this misdetection is quite easy. Off the top of my head, there are at least 3 ways to do this:

1. From the command prompt: net stop nlasvc && net start nlasvc
2. From the services.msc GUI interface: Restart the Network Location Awareness service
3. From powershell: get-service nlasvc | restart-service

After restarting the service, the OS assigned the proper location (“domain network”) to the connection. A quick test with powershell confirmed that enter-pssession now worked like it should have 10 minutes ago.