Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Dell EMC OpenManage Enterprise Version 3.0 User's Guide

PDF

Enable WS-Man in HTTPS mode for discovering Windows or Hyper-V servers

By default, the WS-Man service is not enabled on the Windows servers. You must enable the WS-Man service on target servers in HTTPS mode.

Pre-requisites:

  • IIS with HTTPS enabled
  • WS-Man service with HTTPS enabled
  • PowerShell 4.0 to configure the WS-Man service with certificate

Creating a Self-Sign Certificate

NOTE: If you have a publicly-signed certificate, things are easier and you can use Set-WSManQuickConfig -UseSSL. Run the following command on PowerShell by logging in as an administrator:

$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "myHost"

It is important to enter the name of the server that you want to manage remotely to the ‑DnsName parameter. If the server has a DNS name, you must use the fully qualified domain name (FQDN).

NOTE: The $Cert variable is important because it stores thumbprint for future command use.

Creating PowerShell Remoting on the host system

The Enable-PSRemoting command also starts a WS-Man listener, but only for HTTP.

Enable-PSRemoting -SkipNetworkProfileCheck -Force
  1. If you do not want anyone to use HTTP to connect to the server, you can remove the HTTP listener by running the command:
    Get-ChildItem WSMan:\Localhost\listener | Where -Property Keys -eq "Transport=HTTP" | Remove-Item -Recurse
  2. Remove all the WS-Man listeners to add the new HTTPS listener: 
    Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse
  3. Add your WS-Man HTTPS listener:
    New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint –Force

    NOTE: Use the $Cert variable that you defined earlier to read the Thumbprint. This variable allows the New-Item cmdlet to locate the certificate in your certificates store.

  4. Add the firewall rule:
    New-NetFirewallRule -DisplayName "Windows Remote Management (HTTPS-In)" -Name "Windows Remote Management (HTTPS-In)" -Profile Any -LocalPort 5986 -Protocol TCP
  5. Verify settings by running the following:
    C:\Windows\system32>winrm g winrm/config
Config
    MaxEnvelopeSizekb = 500
    MaxTimeoutms = 60000
    MaxBatchItems = 32000
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = false
        Auth
            Basic = true
            Digest = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = false
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts
    Service
        RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
        MaxConcurrentOperations = 4294967295
        MaxConcurrentOperationsPerUser = 1500
        EnumerationTimeoutms = 240000
        MaxConnections = 300
        MaxPacketRetrievalTimeSeconds = 120
        AllowUnencrypted = false
        Auth
            Basic = true
            Kerberos = true
            Negotiate = true
            Certificate = false
            CredSSP = false
            CbtHardeningLevel = Relaxed
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        IPv4Filter = *
        IPv6Filter = *
        EnableCompatibilityHttpListener = false
        EnableCompatibilityHttpsListener = true
        CertificateThumbprint = 02554D694FD06BB3C765E5868EFB59B7D786ED67
        AllowRemoteAccess = true
    Winrs
        AllowRemoteShellAccess = true
        IdleTimeout = 7200000
        MaxConcurrentUsers = 2147483647
        MaxShellRunTime = 2147483647
        MaxProcessesPerShell = 2147483647
        MaxMemoryPerShellMB = 2147483647
        MaxShellsPerUser = 2147483647

    NOTE: If service-basic-authentication is false, run the following command:

    winrm set winrm/config/service/auth @{Basic="true"}

    NOTE: In the WinRM configuration, enable HTTPS by running the command:

    winrm set winrm/config/service @{EnableCompatibilityHttpsListener="true"}

  6. Enabling IIS to accept HTTPS on 443–Run the following command on the Hyper-V server from a remote system to make sure the settings are working:
    winrm e wmi/root/virtualization/v2/Msvm_SummaryInformation  -r:https://<hyper-v server ip>:443/wsman -u:UserName -p:password -skipCNcheck -skipCAcheck -skipRevocationcheck -a:Basic
  7. Start IIS Manager.
  8. In the Site bindings over Default Website dialog box, enter 443 as the HTTPS port number.
  9. Select the SSL certificate which is created on PowerShell by logging in as an administrator.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\