WinRM Operations over HTTPS fail with Access Denied for some systems


You are unable to perform some tasks that use WinRM when using HTTPS.  The attempt returns an access denied.  The same tasks succeed when using HTTP.

An example of such a task is using the “new-pssession” Powershell cmdlet. The symptom is not limited to this Powershell example as the underlying issue could manifest for any operation attempting to use WinRM over HTTPS.


The issue in this scenario may occur if Microsoft security bulletin MS09-059 is applied to a system that does not also have Microsoft KB968389 installed.


Ensure that both KB968389 and MS09-059 are installed on the affected system.

More Information

975467 - MS09-059: Vulnerability in the Local Security Authority Subsystem Service could allow denial of service;EN-US;975467

968389 - Extended Protection for Authentication;EN-US;968389