Differences

This shows you the differences between two versions of the page.

--- tutorial:adm:configuration_-_winrm [2019/06/12 13:46]
kucerar https
+++ tutorial:adm:configuration_-_winrm [2019/08/14 09:41]
kucerar credssp hadnshake error
@@ Line 51: / Line 51: @@
 <code>winrm set winrm/config/service/auth '@{Kerberos="true"}'</code>
   * CredSSP
-<code>winrm set winrm/config/service/auth '@{CredSSP="true"}'</code>
+<code>winrm set winrm/config/service/auth '@{CredSSP="true"}'
+winrm set winrm/config/client/auth '@{CredSSP="true"}'
+Enable-WSManCredSSP -Role Server
+</code>
 ==== Permission configuration ====
@@ Line 103: / Line 106: @@
 For connecting via HTTPS use this lane. The difference is in URL where we need to use https and port 5986. Then we are using one more argument where we specify path to trust store
 <code>
->>> s = winrm.Session('https://HOST:5986/wsman', auth=(HOST, PASS), transport='ntlm', ca_trust_path='/etc/ssl/certs')
+>>> s = winrm.Session('https://HOST:5986/wsman', auth=(HOST, PASS), transport='ntlm', ca_trust_path='/etc/ssl/certs/CRT.pem')
 </code>
 After executing "r" you should see this:
@@ Line 121: / Line 124: @@
   * WinRM SDDL is not configured
 {{:tutorial:adm:winrm_500.png?nolink|}}
+CredSSP handshake error
+If you get this error when you trying to use CredSSP over HTTPS connection, the problem can be that there is configured certificate thumbprint directly in config/service
+class 'requests_credssp.exceptions.AuthenticationException'>("Server did not response with a CredSSP token after step Step 1. TLS Handshake - actual ''",)
+<code>winrm set winrm/config/service '@{CertificateThumbprint=""}'</code>
 ==== HTTPS support ====