Issue with Discovery via WinRM: non-admin MID Server Service user doesn't have access to get trusted hostDescriptionIssue with Discovery via WinRM: If MID server service user is a non-admin user, then during discovery it throws error below:2025-06-23T08:38:27.228+0000 WARN (Worker-Expedited:PowershellProbe-9b148d3593d626903970b8a47aba1019) [RemotePowerShellSession:106] Unable to retrieve TrustedHosts from MID server hostcom.snc.automation_common.integration.exceptions.PowerConsoleCommandException: Get-WSManInstance : <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="5" Machine="TerryMIDProd.lab01.com"><f:Message>Access is denied. </f:Message></f:WSManFault>At C:\MID Servers\emptwang0201\agent\scripts\Powershell\WinRMAPI\ScriptAPI\ScriptAPI.psm1:70 char:12Steps to Reproduce > Provision MID server on a Windows Server, and set logon user as non-admin user> Enable WinRM on the MID server:mid.windows.management_protocol WinRMalso enable mid.log.level: debug> Run discovery to another MID server> Check agent log, it shows error:2025-06-23T08:38:27.228+0000 WARN (Worker-Expedited:PowershellProbe-9b148d3593d626903970b8a47aba1019) [RemotePowerShellSession:106] Unable to retrieve TrustedHosts from MID server hostcom.snc.automation_common.integration.exceptions.PowerConsoleCommandException: Get-WSManInstance : <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="5" Machine="TerryMIDProd.lab01.com"><f:Message>Access is denied. </f:Message></f:WSManFault>At C:\MID Servers\emptwang0201\agent\scripts\Powershell\WinRMAPI\ScriptAPI\ScriptAPI.psm1:70 char:12> Now set mid server service user as local system, restart, then run discovery again, there's no above errorWorkaroundNavigate to the MID script file ScriptAPI.psm1 and replace the getTrustedHost() function with the new content below: function getTrustedHosts { # Try WSMan PSDrive (GPO-aware) try { $value = (Get-Item WSMan:\localhost\client\TrustedHosts -ErrorAction Stop).Value return $value } catch { } # Try GPO registry (non-admin readable, higher precedence) try { $gpoPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client" # Check if GPO policy is enabled (TrustedHosts = 1 means enabled) $policyEnabled = Get-ItemPropertyValue -Path $gpoPath -Name "TrustedHosts" -ErrorAction Stop if ($policyEnabled -eq 1) { # Policy is enabled, read the actual list from TrustedHostsList $gpoValue = Get-ItemPropertyValue -Path $gpoPath -Name "TrustedHostsList" -ErrorAction Stop # Return even if empty - GPO explicitly set to empty means "no trusted hosts" return $gpoValue } } catch { } # Try registry (non-admin readable, local configuration only) try { $value = Get-ItemPropertyValue -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client -Name trusted_hosts -ErrorAction Stop return $value } catch { } return "" }Related Problem: PRB1909983