Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:configuration_-_winrm [2019/07/24 12:19]
kucerar [Debug] 		tutorial:adm:configuration_-_winrm [2019/10/08 13:17]
fiserp [Debug]
Line 97: Line 97:
 Next we want to try to connect to WinRM. Install [[devel:documentation:systems:dev:winrm_connector#installation|pywinrm]] follow only the first part of installation, we don't need to install connector server. Next we want to try to connect to WinRM. Install [[devel:documentation:systems:dev:winrm_connector#installation|pywinrm]] follow only the first part of installation, we don't need to install connector server.
 Open terminal (Linux) or powershell (Windows) Open terminal (Linux) or powershell (Windows)
-<code>+<code python>
 > python > python
 >>> import winrm >>> import winrm
Line 105: Line 105:
 </code> </code>
 For connecting via HTTPS use this lane. The difference is in URL where we need to use https and port 5986. Then we are using one more argument where we specify path to trust store For connecting via HTTPS use this lane. The difference is in URL where we need to use https and port 5986. Then we are using one more argument where we specify path to trust store
-<code>+<code python>
 >>> s = winrm.Session('https://HOST:5986/wsman', auth=(HOST, PASS), transport='ntlm', ca_trust_path='/etc/ssl/certs/CRT.pem') >>> s = winrm.Session('https://HOST:5986/wsman', auth=(HOST, PASS), transport='ntlm', ca_trust_path='/etc/ssl/certs/CRT.pem')
 </code> </code>
-After executing "r" you should see this: 
-{{:tutorial:adm:winrm_response.png?nolink&400|}} 
  
-Now what we did here? We connect to WinRM via ntlm and executed command Write-Host which is just basic output to console. If there is some misconfiguration in Windows server you will probably get error after executing line +Then, execute the winrm call. Followin call simply instructs the remote powershell to echo "connection test OK". If there some errors or warnings during the call, the python REPL will display them.
 <code>r = s.run_ps('Write-Host connection test OK')</code> <code>r = s.run_ps('Write-Host connection test OK')</code>
 +
 +The fact that there were some stacktraces printed does not necessarily mean the call failed.
 +
 +Now simply print the result by calling ''r''. After executing ''r''you should see something like this (note the "connection test OK" string is there):
 +{{:tutorial:adm:winrm_response.png?nolink&400|}}
 +
 +
  
 === Commons errors === === Commons errors ===
-the specified credentials were rejected by the server - this error can be caused by:+**Specified credentials were rejected by the server** - this error can be caused by:
   * wrong username or password   * wrong username or password
-  * user is not in group+  * user is not in correct group
 {{:tutorial:adm:winrm_rejected.png?nolink&600|}} {{:tutorial:adm:winrm_rejected.png?nolink&600|}}
  
-Access denied 500  - this error can be caused by:+**Access denied 500** - this error can be caused by:
   * wrong username or password   * wrong username or password
   * WinRM SDDL is not configured   * WinRM SDDL is not configured
 {{:tutorial:adm:winrm_500.png?nolink|}} {{:tutorial:adm:winrm_500.png?nolink|}}
 +
 +
 +**CredSSP handshake error** 
 +If you get this error when you trying to use CredSSP over HTTPS connection, the problem can be that there is configured certificate thumbprint directly in ''config/service''.
 +<code>class 'requests_credssp.exceptions.AuthenticationException'>("Server did not response with a CredSSP token after step Step 1. TLS Handshake - actual ''",)</code>
 +Execute this command to delete ''CertificateThumbprint'' value from the ''config/service''.
 +<code>winrm set winrm/config/service '@{CertificateThumbprint=""}'</code>
 +
  
 ==== HTTPS support ==== ==== HTTPS support ====
  • by erbenr