WinRM configuration for communication through firewall using port
Grazzer
manage computers in a different domain using HTTP only (initially) through a
firewall which only allows traffic on port 3389 (apparently).
Steps I've taken :
I've created HTTP listeners on each system on port 3389
I've added each system to the other systems list of Trusted Hosts
Tried the following command without success :
new-pssession -port 3389 -computername <remotesystemname> -credential
domain\user
[10.xx.xx.6] Connecting to remote server failed with the following error
message : The client cannot connect to the des
tination specified in the request. Verify that the service on the
destination is running and is accepting requests. Con
sult the logs and documentation for the WS-Management service running on the
destination, most commonly IIS or WinRM. I
f the destination is the WinRM service, run the following command on the
destination to analyze and configure the WinRM
service: "winrm quickconfig". For more information, see the
about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError:
(System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
eption
+ FullyQualifiedErrorId : PSSessionOpenFailed
I then modified the Client\DefaultPorts\HTTP = 3389
But this didn't work.
Am I heading in the right direction or have I got this all wrong?
When I do a default fresh install (winrm qc) on servers within the same
domain there are no issues (using default ports 5985/5986). How do I change
the HTTP to 3389 for all communication?
Thanks in advance for any help suggestions,
Graham
Marco Shaw [MVP]
> I've created HTTP listeners on each system on port 3389
For some odd reason, just creating the listener doesn't seem to change where
the server listens to.
Try this after you create your listener:
PS>winrm get winrm/config/service
I've played with that setting and just get "access denied" and "read-only",
so there must be a different way to accomplish this. I'll just need to
check the winrm script...
I'll report back tomorrow.
Marco
Grazzer
Thank you for your response.
Here's the output from one of my systems.
=================== OUTPUT ==================
PS C:\Documents and Settings\xxxxx> winrm get winrm/config/service
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 15
EnumerationTimeoutms = 60000
MaxConnections = 25
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
PS C:\Documents and Settings\xxxxx> winrm e winrm/config/listener
Listener
Address = *
Transport = HTTP
Port = 3389
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 10.xx.xx.5, 127.0.0.1
PS C:\Documents and Settings\xxxxx> winrm get winrm/config/client
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
DefaultPorts
HTTP = 3389
HTTPS = 5986
TrustedHosts
PS C:\Documents and Settings\xxxxxx>
==================================================
I cannot even create a new-pssession on the local machine once I change the
default port settings.
Cheers,
Graham Land
"Marco Shaw [MVP]" wrote:
> .
>
Marco Shaw [MVP]
> the
> default port settings.
I'll try to check this out, but it could be a few days or even next week if
I have to do a lot of digging...
Marco
Grazzer
"Marco Shaw [MVP]" wrote:
> .
>
Marco Shaw [MVP]
in the next few days or it could be around Monday.
"Grazzer" <Gra...@discussions.microsoft.com> wrote in message
news:C894BB3D-AD93-48B3...@microsoft.com...