Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:configuration_-_winrm [2019/06/12 12:31] kucerar |
tutorial:adm:configuration_-_winrm [2019/10/08 13:17] fiserp [Debug] |
||
---|---|---|---|
Line 51: | Line 51: | ||
< | < | ||
* CredSSP | * CredSSP | ||
- | < | + | < |
+ | winrm set winrm/ | ||
+ | Enable-WSManCredSSP -Role Server | ||
+ | </ | ||
==== Permission configuration ==== | ==== Permission configuration ==== | ||
Line 94: | Line 97: | ||
Next we want to try to connect to WinRM. Install [[devel: | Next we want to try to connect to WinRM. Install [[devel: | ||
Open terminal (Linux) or powershell (Windows) | Open terminal (Linux) or powershell (Windows) | ||
- | < | + | < |
> python | > python | ||
>>> | >>> | ||
Line 101: | Line 104: | ||
>>> | >>> | ||
</ | </ | ||
- | After executing " | + | For connecting via HTTPS use this lane. The difference is in URL where we need to use https and port 5986. Then we are using one more argument where we specify path to trust store |
- | {{:tutorial:adm: | + | <code python> |
+ | >>> | ||
+ | </ | ||
- | Now what we did here? We connect | + | Then, execute the winrm call. Followin call simply instructs the remote powershell |
< | < | ||
+ | |||
+ | The fact that there were some stacktraces printed does not necessarily mean the call failed. | ||
+ | |||
+ | Now simply print the result by calling '' | ||
+ | {{: | ||
+ | |||
+ | |||
=== Commons errors === | === Commons errors === | ||
- | the specified | + | **Specified |
* wrong username or password | * wrong username or password | ||
- | * user is not in group | + | * user is not in correct |
{{: | {{: | ||
- | Access denied 500 - this error can be caused by: | + | **Access denied 500** - this error can be caused by: |
* wrong username or password | * wrong username or password | ||
* WinRM SDDL is not configured | * WinRM SDDL is not configured | ||
{{: | {{: | ||
+ | |||
+ | |||
+ | **CredSSP handshake error** | ||
+ | If you get this error when you trying to use CredSSP over HTTPS connection, the problem can be that there is configured certificate thumbprint directly in '' | ||
+ | < | ||
+ | Execute this command to delete '' | ||
+ | < | ||
+ | |||
+ | |||
+ | ==== HTTPS support ==== | ||
+ | The best case is to use HTTPS connection to connect to WinRM. To achieve this we need to do some more configuration on the server and on the client. | ||
+ | We need to create HTTPS listener and for this we will need some certificate. In this tutorial we will cover setting up WinRM with self signed certificate. | ||
+ | The configuration will be same if we want to use some other certificate, | ||
+ | |||
+ | The tested way to generate self signed certificate on linux via tutorial which can be found [[https:// | ||
+ | |||
+ | Now we have certificate which is imported in our windows server and now we can configure the HTTP listener | ||
+ | < | ||
+ | for deleting | ||
+ | winrm delete winrm/ | ||
+ | </ | ||
+ | |||
+ | Restart WinRM | ||
+ | < | ||
+ | |||
+ | Next step is to validate if we can connect to HTTPS listener so follow instruction in section debug and validate if HTTPS port is accessible. | ||
+ | Before we try to execute some powershell command via WinRM we need to import this certificate into client trust store and pass the path to this store as parameter - see debug section |