Configure WinRM for HTTPS manually

    Configuring for HTTPS involves following steps.

      1. Check whether WinRM service is running
      2. Create HTTPS listener
      3. Add firewall exception
      4. Validate HTTPS listener

    Check whether WinRM service is running

    Get-Service WiRM

    PS C:\Users\wintel> Get-Service WinRM
     
    Status Name DisplayName
    ------ ---- -----------
    Running WinRM Windows Remote Management (WS-Manag...​


    If the WinRM service is not running, you might need to configure WinRM using winrm quickconfig. When you configure winrm first time, it is configured to use 5985 by default.

    check already registered listeners by running following command

    PS C:\Users\Administrator> WinRM e winrm/config/listener
    Listener
        Address = *
        Transport = HTTP
        Port = 5985
        Hostname
        Enabled = true
        URLPrefix = wsman
        CertificateThumbprint
        ListeningOn = 127.0.0.1, 172.20.20.1, ::1, fe80::5efe:172.20.20.1%15, fe80::d071:b058:c541:a212%12

    Create HTTPS listener


    To create a HTTPS listener, you need to have a certificate.

    Generate SSL Certificate with one of these options

    winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="<YOUR_DNS_NAME>"; CertificateThumbprint="<COPIED_CERTIFICATE_THUMBPRINT>"}

    C:\>winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="vc01.winadmin.org";CertificateThumbprint="9
     
    
    a20b7dab60933e3ce2ba6fddc02025dcdb83558"}
    
    ResourceCreated
    
    Address = http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
    
    ReferenceParameters
    
    ResourceURI = http://schemas.microsoft.com/wbem/wsman/1/config/listener
    
    SelectorSet
    
    Selector: Address = *, Transport = HTTPS​

     

    Add firewall exception


    You can use command and GUI tool to configure firewall exception.

     

    Via command

    # Add a new firewall rule

    netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" dir=in action=allow protocol=TCP localport=5986

    Using Windows Firewall with Advanced Security GUI tool.

    Open Windows Firewall with Advanced Security and click New Rule.
    Configure WinRM for https

    Select Port
    Configure WinRM for https

    Specific local ports – Enter 5986
    040718 1653 ConfigureWi3

    Select Allow the connection
    040718 1653 ConfigureWi4

    Select the options whatever is required
    040718 1653 ConfigureWi5

    And give a name and click Finish
    040718 1653 ConfigureWi6

    Now check the WinRM Listener. The output should be as follows.

    C:\>WinRM e winrm/config/listener
     
    Listener
    Address = *
    Transport = HTTP
    Port = 5985
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = 127.0.0.1, 172.20.20.2, 192.168.20.2, ::1, fe80::5efe:172.20.20.2%17, fe80::5efe:192.168.20.2%16, fe80
    ::1c21:cbdc:66d9:967%12, fe80::4d34:b19b:402c:ae3a%13
    Listener
    Address = *
    Transport = HTTPS
    Port = 5986
    Hostname = vc01.winadmin.org
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint = 9a20b7dab60933e3ce2ba6fddc02025dcdb83558
    ListeningOn = 127.0.0.1, 172.20.20.2, 192.168.20.2, ::1, fe80::5efe:172.20.20.2%17, fe80::5efe:192.168.20.2%16, fe80
    ::1c21:cbdc:66d9:967%12, fe80::4d34:b19b:402c:ae3a%13
    
    

    Verify you can connect to the machine via HTTPS

    PS C:\Users\Administrator> Enter-PSSession -Cn vc01.winadmin.org -UseSSL
     
    [vc01.winadmin.org]: PS C:\Users\wintel\Documents>


    If you give only host name, it will give errors and will not connect.

    PS C:\Users\Administrator> Enter-PSSession -Cn vc01 -UseSSL
     
    
    Enter-PSSession : Connecting to remote server vc01 failed with the following error message : The server certificate on
    
    the destination computer (vc01:5986) has the following errors:
    
    The SSL certificate contains a common name (CN) that does not match the hostname. For more information, see the
    
    about_Remote_Troubleshooting Help topic.
    
    At line:1 char:1
    
    + Enter-PSSession -Cn vc01 -UseSSL
    
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    + CategoryInfo : InvalidArgument: (vc01:String) [Enter-PSSession], PSRemotingTransportException
    
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed​

     


     

     


     

    Page 18 of 18

    © 2019 WinAdmin.org . All Rights Reserved.
    Cookies make it easier for us to provide you with our services. With the usage of our services you permit us to use cookies.
    Ok Decline