diff --git a/changelogs/fragments/win_reboot-psrp.yaml b/changelogs/fragments/win_reboot-psrp.yaml
new file mode 100644
index 0000000000..2325d36fb5
--- /dev/null
+++ b/changelogs/fragments/win_reboot-psrp.yaml
@@ -0,0 +1,2 @@
+bugfixes:
+- win_reboot - Fix reboot command validation failure when running under the psrp connection plugin
diff --git a/lib/ansible/modules/windows/win_reboot.py b/lib/ansible/modules/windows/win_reboot.py
index b15fd81d7a..4cdb47b7b0 100644
--- a/lib/ansible/modules/windows/win_reboot.py
+++ b/lib/ansible/modules/windows/win_reboot.py
@@ -61,6 +61,9 @@ options:
 notes:
 - If a shutdown was already scheduled on the system, C(win_reboot) will abort the scheduled shutdown and enforce its own shutdown.
 - For non-Windows targets, use the M(reboot) module instead.
+- The connection user must have the C(SeRemoteShutdownPrivilege) privilege enabled, see
+  U(https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system)
+  for more information.
 author:
     - Matt Davis (@nitzmahone)
 '''
diff --git a/lib/ansible/plugins/action/win_reboot.py b/lib/ansible/plugins/action/win_reboot.py
index 1d4903e0cb..f8773857c2 100644
--- a/lib/ansible/plugins/action/win_reboot.py
+++ b/lib/ansible/plugins/action/win_reboot.py
@@ -52,7 +52,7 @@ class ActionModule(RebootActionModule, ActionBase):
     def perform_reboot(self, task_vars, distribution):
         shutdown_command = self.get_shutdown_command(task_vars, distribution)
         shutdown_command_args = self.get_shutdown_command_args(distribution)
-        reboot_command = '{0} {1}'.format(shutdown_command, shutdown_command_args)
+        reboot_command = self._connection._shell._encode_script('{0} {1}'.format(shutdown_command, shutdown_command_args))
 
         display.vvv("{action}: rebooting server...".format(action=self._task.action))
         display.debug("{action}: distribution: {dist}".format(action=self._task.action, dist=distribution))
@@ -69,7 +69,8 @@ class ActionModule(RebootActionModule, ActionBase):
             display.warning('A scheduled reboot was pre-empted by Ansible.')
 
             # Try to abort (this may fail if it was already aborted)
-            result1 = self._low_level_execute_command('shutdown /a', sudoable=self.DEFAULT_SUDOABLE)
+            result1 = self._low_level_execute_command(self._connection._shell._encode_script('shutdown /a'),
+                                                      sudoable=self.DEFAULT_SUDOABLE)
 
             # Initiate reboot again
             result2 = self._low_level_execute_command(reboot_command, sudoable=self.DEFAULT_SUDOABLE)
diff --git a/test/integration/targets/win_reboot/tasks/main.yml b/test/integration/targets/win_reboot/tasks/main.yml
index 6bbaf98806..ebb8707ad9 100644
--- a/test/integration/targets/win_reboot/tasks/main.yml
+++ b/test/integration/targets/win_reboot/tasks/main.yml
@@ -78,7 +78,7 @@
         ansible_password: '{{standard_pass}}'
         ansible_winrm_transport: ntlm
       register: fail_shutdown
-      failed_when: "fail_shutdown.msg != 'Reboot command failed, error was:  Access is denied.(5)'"
+      failed_when: "'Reboot command failed, error was:  Access is denied.(5)' not in fail_shutdown.msg"
 
   always:
     - name: set the original SDDL to the WinRM listener