I finally figured out why the error messages in PowerShell are in bright red. It’s because it’s the color of flames and/or red hot coals and it means you may be in PowerShell Hell. That’s what recently happened when I updated the Antivirus on my PC from Eset NOD32 version 4 to version 5. A few days after updating, I was in PowerShell Hell as shown below:
When trying to run Get-ChildItem against WSMan:localhost, I received the following:
Get-ChildItem : WS-Management cannot process the request. The operation failed because of an HTTP error. The HTTP error (12152) is: The server returned an invalid or unrecognized response .
At line:1 char:1
+ dir WSMan:localhost
+ CategoryInfo : NotSpecified: (:) [Get-ChildItem], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.Get
When trying to use Invoke-Command (PowerShell Remoting), I received the following error which made me think the issue was on the destination end and not the source. I tried the same command from another machine and it worked without issue so that eliminated the computer I was trying to run PowerShell remoting commands against as the problem.
[remote-pc] Connecting to remote server remote-pc failed with the following error message : The WinRM client cannot process the request. The encrypted message body has an invalid format and cannot be decrypted. Ensure that the service is encrypting the message body according to the specifications. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (:) , PSRemotingTransportException
+ FullyQualifiedErrorId : PSSessionStateBroken
When trying to use Enter-PSSession (1 to 1 Remoting), I received the following error:
Enter-PSSession : Connecting to remote server localhost failed with the following error message : The WinRM client cannot process the request. The encrypted message body has an invalid format and cannot be decrypted. Ensure that the service is encrypting the message body according to the specifications. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession localhost
+ CategoryInfo : InvalidArgument: (localhost:String) [Enter-PSSession], PSRemotingT
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
When trying to run Enable-PSRemoting, I received another error. I was able to use cmdlets that had a computer name parameter such as Get-Process without issue though.
<f:WSManFault xmlns:f=”http://schemas.microsoft.com/wbem/wsman/1/wsmanfault” Code=”995″ Machine=”localhost“><f:Message>WS-Management cannot process the request. The operation failed because of an HTTP error. The HTTP error (12152) is: The server returned an invalid or unrecognized response . </f:Message></f:WSManFault>
At line:59 char:13
+ Set-WSManQuickConfig -force
+ CategoryInfo : InvalidOperation: (:) [Set-WSManQuickConfig], InvalidOperationException
+ FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.SetWSManQuickConfigCommand
This took a fair amount of time to track down since I’d made several changes to my machine between the time the antivirus was updated and the time I discovered the problems. By default NOD32 version 5 does protocol filtering on HTTP connections which is evidently needed by all of the PowerShell commands that were generating errors. You could disable this protocol filtering all together (not recommended). This will require a reboot if you chose to use this method to resolve the problems:
My recommended way of resolving this issue is to add exceptions for PowerShell and the PowerShell ISE under Protocol filtering > Excluded Applications:
All of the issues went away once these exceptions were added: