WINRM:: ERROR Waiting for remote response before bootstrap.ERROR

Greetings Professionals,

Our infrastructure has win 2012 /2008 Servers i have bootstrapped all the 2012Servers and got registered to chefserver when im trying to register 2008 Server it shows error

Waiting for remote response before bootstrap.ERROR: Connection refused connecting to
ERROR: Network Error: Connection refused - Connection refused - connect(2) for “” port 5985 (
Check your knife configuration and network settings
WinRM Autorization Error :: for few Servers i get this error

Please help me


is this port 5985 open on the node, and the winrm service ruining?

Just as @nic_chef has suggested - Is port 5985 open & listening? I am assuming you have already run basic trouble shooting like ping <ip address> to verify the machine is accessible from the Chef server & ChefDK Workstation. Also from the ChefDK Machine telnet <ip address>? If not, then we need to very that the node is setup for WINRM!

To verify that the client is LISTENING on the port you can type netstat -an | find "5985" from CMD. Output on your node/client? You should have an output as follows (You will see I am listening on both IPv4 & IPv6):

  C:\>netstat -an | find "5985"
  TCP               LISTENING
  TCP    [::]:5985              [::]:0                 LISTENING
  UDP        *:*

If the client machine doesn’t have port 5985 open, you can run the WINRM quick config as detailed here. But the quick (and maybe not the ‘Best practice’ method) way to get going is to type from CMD winrm qc and respond yes to all prompts. You should end up with an output of something similar to this:

WinRM has been updated for remote management.

WinRM service type changed to delayed auto start.
WinRM service started.
Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this

Then you can rerun the netstat -an | find "5985" to see if you are now listening on port 5985 (Maybe a quick reboot might also help here).

If telnet fails, but netstat gives you a port 5985 LISTENING output, then I would check your firewall.

Good luck.

here is some extra WINRM troubleshooting info as per big old Microsoft…

And while I think about it - I also had issues with bootstrapping initially until I ran WINRM qc on my ChefDK workstation. Might also be worth a shot

Are these Server 2008 Standard or Server 2008 R2 servers? I’m asking because we ran into bootstrap issues with Server 2008 Standard machines.

yes sir the port is opened on the node i used telnet and ping to check the status … i came to know that WINRM will be disabled for win 2008 servers …is there any possibility to write a recipe to configure winRM through automation?

Thank you

yes Sir,

We have both 2008 Standard and 2008 R2 Servers.


You can’t bootstrap until you have this enabled in windows using the normal knife bootstrap command as far as I am aware on windows anyway. What you are suggesting is a cookbook that requires the machine to be bootstrapped (requiring WINRM to be enabled) so that you can run a cookbook to enable WINRM. Unfortunately this would be a circular dependency.

OK, there are some possible avenues you could look at:

  • Active Directory Group Policy

    • Have a read through this article which will explain the process. I assume you are familiar with working in a windows domain and will take the correct precautions when implementing this.
  • Chef-Solo

    • You could write a cookbook that does exactly what you have suggested - But this will need to be run in chef-solo and will much more time to get right than the group policy method.
      • Here is the chef-solo docs from chef them self.
      • The cookbook could be as simple as the following:

    powershell_script ‘enable_winrm_if_needed’ do
    code <<-EOH
    # Query the winrm service
    $service = winrm
    $servicestatus = Get-Service $service

      # Here is where the fun/logic begins
      if ($servicestatus.status -ne 'Running')
              # run winrm quickconfig to get us up and going
              winrm quickconfig -quiet
              # Change the startup type so that it runs at every boot
              Set-Service winrm -StartupType 'Automatic'
              # Actually start the service
              Start-Service wrinm
              # Lets be nice and let the end user know that this has done SOMETHING
              Write-Host "WINRM configured, startup type changed and service started"
              # Just letting the end user know that NOTHING has happened
              Write-Host "winrm should already be good to go"