Problems getting WinRM to use HTTPS

All replies

• 

  

  3

  Sign in to vote

  My first suggestion would be to simply try the same command from DOS. Otherwise, you'll definitely have to escape some of the characters so PowerShell will try to interpret them literally.

  • Proposed as answer by Mariusz ORKISZ Wednesday, November 20, 2013 1:08 AM

  Saturday, January 2, 2010 5:07 AM
• 

  

  0

  Sign in to vote

  When I run the same command from a cmd prompt I receive the following error:
  
  The system cannot find the file specified.

  Saturday, January 2, 2010 3:10 PM
• 

  

  0

  Sign in to vote

  Does this work?
  DOS>winrm get winrm/config/client

  Saturday, January 2, 2010 4:52 PM
• 

  

  0

  Sign in to vote

  Yes that works fine, I got this response:
  
  Client
      NetworkDelayms = 5000
      URLPrefix = wsman
      AllowUnencrypted = false
      Auth
          Basic = true
          Digest = true
          Kerberos = true
          Negotiate = true
          Certificate = true
          CredSSP = false
      DefaultPorts
          HTTP = 5985
          HTTPS = 5986
      TrustedHosts

  Saturday, January 2, 2010 4:57 PM
• 

  

  0

  Sign in to vote

  Did you get that specific syntax from somewhere?

  Sunday, January 3, 2010 2:36 AM
• 

  

  0

  Sign in to vote

  I received the following response when I run "winrm get winrm/config/client" from a command line:
  
  Client
      NetworkDelayms = 5000
      URLPrefix = wsman
      AllowUnencrypted = false
      Auth
          Basic = true
          Digest = true
          Kerberos = true
          Negotiate = true
          Certificate = true
          CredSSP = false
      DefaultPorts
          HTTP = 5985
          HTTPS = 5986
      TrustedHosts
  
  This is a copy and paste from the DOS screen.

  Sunday, January 3, 2010 2:38 AM
• 

  

  0

  Sign in to vote

  When I issue this command winrm create winrm/config/listener?Address=*+Transport=HTTPS @{Hostname=”<the name of your server>”;CertificateThumbprint=”<Paste from the previous step and remove the spaces>”} I get the following error:
  
  
  

  Sorry, I meant this particular winrm command above...  Where did you find that syntax?
  

  Sunday, January 3, 2010 1:04 PM
• 

  

  0

  Sign in to vote

  If you're checking this thread in order, see above.  I was asking about one of the previous command.

  Sunday, January 3, 2010 1:05 PM
• 

  

  0

  Sign in to vote

  I found it both on the web and from winrm -?

  Sunday, January 3, 2010 4:26 PM
• 

  

  2

  Sign in to vote

  I don't find that syntax by simply doing "winrm -?", but I found something for Server 2003 R2 HERE .
  
  What worked for me was (run from DOS; run as Administrator):
  C:\Users\Administrator>winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="WMSvc-WIN-IIO2LMTEP6H";CertificateThumbprint="f...7"}
  ResourceCreated
      Address = http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
      ReferenceParameters
          ResourceURI = http://schemas.microsoft.com/wbem/wsman/1/config/listener
          SelectorSet
              Selector: Address = *, Transport = HTTPS
  
  That link also specifies:
  "In the URI, "Listener" must be capitalized. When using the Create or Invoke commands, the last part of the resource URI must match case-wise the top-level element of the expected XML."
  
  You've got "listener" above, so that might be your only error...  Note my hostname from my only installed cert has "WMSvc-" in the issued to/issued by fields in the cert details.

  • Proposed as answer by Marco Shaw Sunday, January 3, 2010 8:46 PM
  • Marked as answer by Jecker Monday, January 4, 2010 1:06 AM

  Sunday, January 3, 2010 8:46 PM
• 

  

  0

  Sign in to vote

  Thank you, that worked perfect.

  Monday, January 4, 2010 1:07 AM
• 

  

  0

  Sign in to vote

  for me it has no effect.

  i ran

  winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="zed-box";CertificateThumbprint="x99 and so on without spaces"} to no avail.

  this works: winrm create winrm/config/Listener?Address=*+Transport=HTTP

  the output of winrm get winrm/config is:

  Config
      MaxEnvelopeSizekb = 150
      MaxTimeoutms = 60000
      MaxBatchItems = 32000
      MaxProviderRequests = 4294967295
      Client
          NetworkDelayms = 5000
          URLPrefix = wsman
          AllowUnencrypted = false
          Auth
              Basic = true
              Digest = true
              Kerberos = true
              Negotiate = true
              Certificate = true
              CredSSP = false
          DefaultPorts
              HTTP = 5985
              HTTPS = 5986
          TrustedHosts = *
      Service
          RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
          MaxConcurrentOperations = 4294967295
          MaxConcurrentOperationsPerUser = 15
          EnumerationTimeoutms = 60000
          MaxConnections = 25
          MaxPacketRetrievalTimeSeconds = 120
          AllowUnencrypted = false
          Auth
              Basic = false
              Kerberos = true
              Negotiate = true
              Certificate = false
              CredSSP = false
              CbtHardeningLevel = Relaxed
          DefaultPorts
              HTTP = 5985
              HTTPS = 5986
          IPv4Filter = *
          IPv6Filter = *
          EnableCompatibilityHttpListener = false
          EnableCompatibilityHttpsListener = false
          CertificateThumbprint
      Winrs
          AllowRemoteShellAccess = true
          IdleTimeout = 180000
          MaxConcurrentUsers = 5
          MaxShellRunTime = 2147483647
          MaxProcessesPerShell = 15
          MaxMemoryPerShellMB = 150
          MaxShellsPerUser = 5
  
  i have no idea what to do next :(

  i created the certificate using openssl... in linux.

  Thursday, February 24, 2011 3:58 PM
• 

  

  0

  Sign in to vote

  This solution works for me. Just typed cmd and having DOS in PowerShell @ was no longer the issue.

  Thanks Marco.

  ---

  Mariusz

  Wednesday, November 20, 2013 1:10 AM
• 

  

  0

  Sign in to vote

  When I issue this command winrm create winrm/config/listener?Address=*+Transport=HTTPS @{Hostname=”<the name of your server>”;CertificateThumbprint=”<Paste from the previous step and remove the spaces>”} I get the following error:
  
  Error: Invalid use of command line. Type "winrm -?" for help.
  
  I am using Windows 2008 R2.
  
  I have tried everything I can think of to get this to work but no luck. Anyone have any ideas?

  Hi.

  I'have just recently made a big job about WINRM + HTTPS. so my knowledge is sharp and clear.

  I think your sintax is correct. The imprtnat point is you should invoke the command in cmd space not powershell space.

  in my  case : windows 2012 the following line in cmd  space works 

  > winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="192.168.164.152";CertificateThumbprint="3d 9005 6e 78 6f 2c 65 87 58 68 86 a8 2f 60 e0 a3 c5 fc 39";Port="5986"}

  Hope it helps to people.

  The one more very importnat point -> the command will work successfully ONLY if you have installed certificate with private key in the system . It can be checked very easily , open certificates mmc , find your certificate in local machine - personal , and check if the icon of certificate has small key on the icon on certificate icon.

   

  Thursday, November 20, 2014 12:30 PM
• 

  

  1

  Sign in to vote

  Also works on 2012 R2 and 2016 Datacentre.

  Run from DOS; run as Administrator as the '-' in your host name are interpreted by power shell, in a different way. 

  Thursday, February 16, 2017 2:37 PM