HTTP: Disabled while configuring WinRM service

[skinnedknuckles]

Control Node:

• CentOS 7
  
• Ansible 2.1
  
• pywinrm version from May 19th, 2016

Remote Node:

• Windows 7
  
• Powershell 3

When I run Trond Hindenes powershell script for setting up my windows remote node to connect with ansible I get the following output.

VERBOSE: Verifying WinRM service.

VERBOSE: Starting WinRM service.

VERBOSE: PS Remoting is already enabled.

VERBOSE: SSL listener is already active.

VERBOSE: Basic auth is already enabled.

VERBOSE: Firewall rule already exists to allow WinRM HTTPS.

VERBOSE: HTTP: Enabled | HTTPS: Disabled

VERBOSE: PS Remoting has been successfully configured for Ansible.

Why would HTTPS be disabled and how do I enable it?

Here are my winrm service settings.

PS C:\Users\ads-6999> winrm get winrm/config/service

Service

    RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)

    MaxConcurrentOperations = 4294967295

    MaxConcurrentOperationsPerUser = 1500

    EnumerationTimeoutms = 240000

    MaxConnections = 300

    MaxPacketRetrievalTimeSeconds = 120

    AllowUnencrypted = false

    Auth

        Basic = true

        Kerberos = true

        Negotiate = true

        Certificate = true

        CredSSP = false

        CbtHardeningLevel = Relaxed

    DefaultPorts

        HTTP = 5985

        HTTPS = 5986

    IPv4Filter = *

    IPv6Filter = *

    EnableCompatibilityHttpListener = false

    EnableCompatibilityHttpsListener = false

    CertificateThumbprint

    AllowRemoteAccess = true

[Trond Hindenes]

The "HTTPS Disabled" check was not written by me, that's been added later. It might not mean much, as it tests without explicit credentials.

The ultimate test is (still) to perform the following from another machine:

$httpsOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck

New-PSSession -UseSSL -ComputerName <computername> -SessionOption $httpsOptions -Credential (get-Credential) -Authentication Basic

And then type in the local user at the credential prompt (Administrator/MyPassword)

[skinnedknuckles]

Thanks for your reply, I've appreciated many of your contributions to this group.

I tried to connect to my remote node via powershell from three different computers and it failed on all of them with the following error message...

PS C:\windows\system32> $httpsOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck

New-PSSession -UseSSL -ComputerName 10.1.22.33 -SessionOption $httpsOptions -Credential (get-Credential) -Authentication Basic

[10.1.22.33] Connecting to remote server failed with the following error message : The SSL connection cannot be established. Verify that the service on the remote host is properly configured to listen for HTTPS requests. Consult the logs and docum....

And I fail to connect from my linux management node too with the following errors...

"Name or service not know" or "Connection reset by peer"

I'm running your powershell script on the remote node to configure it but it seems like the following line fails

$httpsResult = New-PSSession -UseSSL -ComputerName "localhost" -SessionOption $httpsOptions -ErrorVariable httpsError -ErrorAction SilentlyContinue

Should I try passing in the thumbnail of the cert manually on the command line?  If not what next?

[skinnedknuckles]

*Thumbprint

On Thursday, June 16, 2016 at 2:18:27 PM UTC-5, skinnedknuckles wrote:

[skinnedknuckles]

Turns out it was using the wrong hostname.  On line 139 of the powershell script I had to hard-code the common name used for my certificate.  Like this..

139       $valueset.Add('Hostname", "ansibleAdmin.aa.bb.acme.com")

Now it works.

On Thursday, June 16, 2016 at 2:18:27 PM UTC-5, skinnedknuckles wrote: