Skip to content

winrm over openwsman setup

Jump to bottom Edit New page
Klaus Kämpf edited this page Oct 15, 2013 · 12 revisions

WinRM over OpenWSMAN Setup

Windows Remote Management is one component of Windows Hardware Management features that manage server hardware locally and remotely.

WinRM Service Configuration

The WinRM service configuration prepares a Windows client to be accessed by OpenWSMAN, e.g. the openwsman command line client

  • Install Microsoft Windows Vista, Windows 7 or higher.
  • Activate “Command Prompt” window with “Administrator privilege.”
  • Click through to Start/All Programs/Accessories
  • Right-click on Command Prompt
  • Click on Run as administrator
  • Press Continue button.
  • Run the following “winrm” commands in the command prompt window to enable WinRM firewall exception:
    winrm quickconfig
  • Additionaly, security needs to be untightened bu enabling Basic Authentication and enabling unencrypted communication (required for testing only):
    winrm set winrm/config/service/auth @{Basic="true"} 

    winrm set winrm/config/service @{AllowUnencrypted="true"}

Attn the above winrm commands will fail in Windows Server 2012 (with PowerShell2), you need to put the @{...} in single quotes like

    winrm set winrm/config/service/auth '@{Basic="true"}'

(see here for a discussion)

Another way of setting winrm configuration values is via PowerShell (as an elevated process) and run

    cd WSMan:\localhost\Service
    set-item .\allowunencrypted $true
    cd WSMan:\localhost\Service\Auth
    set-item .\basic $true

WinRM Client Configuration

The WinRM client configuration allows the winrm command line client on Windows to communicate with an OpenWSMAN service.

  • Install Microsoft Windows Vista, Windows 7 or higher.
  • Activate “Command Prompt” window with “Administrator privilege.”
  • Click through to Start/All Programs/Accessories
  • Right-click on Command Prompt
  • Click on Run as administrator
  • Press Continue button.
  • Run the following “winrm” commands in the command prompt window to change the default settings:
    winrm set winrm/config/client/auth @{Basic="true"}

    winrm set winrm/config/client @{AllowUnencrypted="true"}

    winrm set winrm/config/client @{TrustedHosts="192.168.1.100"}

Note: Replace the 192.168.1.100 with the host address of the server hosting the target OpenWSMAN service.

Attn the above winrm commands will fail in Windows Server 2012 (with PowerShell2), you need to put the @{...} in single quotes like

    winrm set winrm/config/client/auth '@{Basic="true"}'

(see here for a discussion)

Another way of setting winrm configuration values is via PowerShell (as an elevated process) and run

    cd WSMan:\localhost\Client
    set-item .\allowunencrypted $true
    cd WSMan:\localhost\Client\Auth
    set-item .\basic $true

WinRM over Openwsman Test

Verify the OpenWSMAN service is running on the target server. Run the following “winrm command” to test the connection:

winrm enumerate http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ComputerSystem -username:wsman -password:secret -r:143.166.157.213:8889/wsman -auth:basic

(Replace -username, -password, and IP address with appropriate values for your setup)

Output should look something like:

  CIM_ComputerSystem
  Name = ZPB9K34
  CreationClassName = CIM_ComputerSystem
  NameFormat = 'other'
  Dedicated = null
  ResetCapability = 1
  PrimaryOwnerName = null
  PrimaryOwnerContact = null
  EnabledState = 2
  OtherEnabledState = null
  RequestedState = 2
  EnabledDefault = 2
  TimeOfLastStateChange = null
  InstallDate = null
  OperationalStatus = null
  Status = null
  HealthState = 25
  Caption = null
  Description
  ElementName = server1.domain.com

Troubleshooting

Tools

Tools available on Windows to debug WinRM requests

  • wbemtest (Windows Management Instrumentation Tester, aka wbem browser)
  • wmimgmt (Windows Management Instrumentation service config)

Permissions

Follow this guideline to check for correct permissions.

If only 'identify' works for you but you cannot access other CIM namespaces via WinRM, then you need to adapt the security settings of WMI Control Properties. Follow step 3 in the resolution section of this guideline

Logging

Windows Server 2012

Run Server Manager, choose Event Viewer from the Tools menu.

Inside 'Event Viewer', choose Applications and Services Logs from the left tree pane. Navigate to Microsoft, Windows

There is Windows Remote Management logging if the WinRM service is operational at all.

WMI Activity gives you a more detailed log about the actual WinRM requests.

WinRM debugging

See Collecting WinRM Traces blog entry at the Windows Management Infrastructure Blog

Beware - the WPP trace is binary :-/

Add a custom footer
Add a custom sidebar
Clone this wiki locally