Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:configuration_-_winrm [2019/08/14 09:41] kucerar credssp hadnshake error |
tutorial:adm:configuration_-_winrm [2019/10/08 13:20] fiserp [Debug] |
||
---|---|---|---|
Line 84: | Line 84: | ||
< | < | ||
- | ==== Debug ==== | + | ==== Debugging |
When you need to check if WinRM is ready for connection but you don't have access to the Windows server to check the configuration yourself use this tips. | When you need to check if WinRM is ready for connection but you don't have access to the Windows server to check the configuration yourself use this tips. | ||
Line 97: | Line 97: | ||
Next we want to try to connect to WinRM. Install [[devel: | Next we want to try to connect to WinRM. Install [[devel: | ||
Open terminal (Linux) or powershell (Windows) | Open terminal (Linux) or powershell (Windows) | ||
- | < | + | < |
> python | > python | ||
>>> | >>> | ||
Line 105: | Line 105: | ||
</ | </ | ||
For connecting via HTTPS use this lane. The difference is in URL where we need to use https and port 5986. Then we are using one more argument where we specify path to trust store | For connecting via HTTPS use this lane. The difference is in URL where we need to use https and port 5986. Then we are using one more argument where we specify path to trust store | ||
- | < | + | < |
>>> | >>> | ||
</ | </ | ||
- | After executing " | ||
- | {{: | ||
- | Now what we did here? We connect | + | Then, execute the winrm call. Followin call simply instructs the remote powershell |
< | < | ||
+ | |||
+ | The fact that there were some stacktraces printed does not necessarily mean the call failed. | ||
+ | |||
+ | Now simply print the result by calling '' | ||
+ | {{: | ||
+ | |||
+ | |||
=== Commons errors === | === Commons errors === | ||
- | the specified | + | == Specified |
+ | Can be caused by: | ||
* wrong username or password | * wrong username or password | ||
- | * user is not in group | + | * user is not in correct user group on the Windows system |
{{: | {{: | ||
- | Access denied 500 - this error can be caused by: | + | == Access denied 500 == |
+ | Can be caused by: | ||
* wrong username or password | * wrong username or password | ||
* WinRM SDDL is not configured | * WinRM SDDL is not configured | ||
Line 126: | Line 133: | ||
- | CredSSP handshake error | + | == CredSSP handshake error == |
- | If you get this error when you trying to use CredSSP over HTTPS connection, the problem can be that there is configured certificate thumbprint directly in config/ | + | If you get this error when you trying to use CredSSP over HTTPS connection, the problem can be that there is configured certificate thumbprint directly in '' |
- | class ' | + | < |
- | + | Execute this command to delete '' | |
< | < | ||
- | + | The configuration of certificate thumbprint in the Listener should remain there. | |
==== HTTPS support ==== | ==== HTTPS support ==== | ||
The best case is to use HTTPS connection to connect to WinRM. To achieve this we need to do some more configuration on the server and on the client. | The best case is to use HTTPS connection to connect to WinRM. To achieve this we need to do some more configuration on the server and on the client. |