Control Node:
Remote Node:
VERBOSE: Verifying WinRM service.
VERBOSE: Starting WinRM service.
VERBOSE: PS Remoting is already enabled.
VERBOSE: SSL listener is already active.
VERBOSE: Basic auth is already enabled.
VERBOSE: Firewall rule already exists to allow WinRM HTTPS.
VERBOSE: HTTP: Enabled | HTTPS: Disabled
VERBOSE: PS Remoting has been successfully configured for Ansible.
Why would HTTPS be disabled and how do I enable it?
Here are my winrm service settings.
PS C:\Users\ads-6999> winrm get winrm/config/service
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
The “HTTPS Disabled” check was not written by me, that’s been added later. It might not mean much, as it tests without explicit credentials.
The ultimate test is (still) to perform the following from another machine:
$httpsOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
New-PSSession -UseSSL -ComputerName -SessionOption $httpsOptions -Credential (get-Credential) -Authentication Basic
And then type in the local user at the credential prompt (Administrator/MyPassword)
Thanks for your reply, I’ve appreciated many of your contributions to this group.
I tried to connect to my remote node via powershell from three different computers and it failed on all of them with the following error message…
PS C:\windows\system32> $httpsOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
New-PSSession -UseSSL -ComputerName 10.1.22.33 -SessionOption $httpsOptions -Credential (get-Credential) -Authentication Basic
[10.1.22.33] Connecting to remote server failed with the following error message : The SSL connection cannot be established. Verify that the service on the remote host is properly configured to listen for HTTPS requests. Consult the logs and docum…
And I fail to connect from my linux management node too with the following errors…
“Name or service not know” or “Connection reset by peer”
I’m running your powershell script on the remote node to configure it but it seems like the following line fails
|
$httpsResult = New-PSSession -UseSSL -ComputerName “localhost” -SessionOption $httpsOptions -ErrorVariable httpsError -ErrorAction SilentlyContinue
|
|
|
Should I try passing in the thumbnail of the cert manually on the command line? If not what next?
Turns out it was using the wrong hostname. On line 139 of the powershell script I had to hard-code the common name used for my certificate. Like this…
139 $valueset.Add('Hostname", “ansibleAdmin.aa.bb.acme.com”)
Now it works.