I've been breaking my head over this error. When I try to start a new CIMSession, it says it cannot find the computer. Ive verified that both computers are on the same network and that they both can talk to each other. I can ping both PCs from each other and i can access the shared folders as well. I can ping using both IP and NetBIOS name. I have added both PCs to the trusted hosts on Group Policy and have allowed it on the firewall. What am i missing or what am i doing wrong?
PS C:\Windows\system32> $session=New-CimSession -ComputerName DESKTOP-FJMTUOQ
New-CimSession : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a
firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to
remote computers within the same local subnet.
At line:1 char:10
+ $session=New-CimSession -ComputerName DESKTOP-FJMTUOQ
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ConnectionError: (:) [New-CimSession], CimException
+ FullyQualifiedErrorId : HRESULT 0x80338126,Microsoft.Management.Infrastructure.CimCmdlets.NewCimSessionCommand
+ PSComputerName : DESKTOP-FJMTUOQ
Error
EDIT
When running Test-NetConnection -ComputerName DESKTOP-FJMTUOQ -CommonTCPPort WINRM, I get the following results
PS C:\Windows\system32> Test-NetConnection -ComputerName DESKTOP-FJMTUOQ -CommonTCPPort WINRM
WARNING: TCP connect to DESKTOP-FJMTUOQ:5985 failed
ComputerName : DESKTOP-FJMTUOQ
RemoteAddress : 10.0.2.15
RemotePort : 5985
InterfaceAlias : Ethernet
SourceAddress : 10.0.2.254
PingSucceeded : True
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded : False
EDIT - Same test but backwards (from DESKTOP-FJMTUOQ to WIN-R9HLL0ILD3)
PS C:\Users\freyes.FRANK> Test-NetConnection -ComputerName WIN-R9HLL0ILD37 -CommonTCPPort WINRM ComputerName : WIN-R9HLL0ILD37
RemoteAddress : 10.0.2.254
RemotePort : 5985
InterfaceAlias : Ethernet
SourceAddress : 10.0.2.15
TcpTestSucceeded : True
Related
Seeing error credssp: Bad HTTP response returned from server. Code 502
Ansible is installed on Linux machine & I am trying to establish connection to Windows client machine
Have set below variables as per : https://docs.ansible.com/ansible/latest/os_guide/windows_winrm.html
ansible_user: <uname>
ansible_password: <pass>
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
ansible_winrm_transport: credssp
Running playbook is resulting in below error. Could you give any pointers to check this further to get resolution on it?.
fatal: [<hostname>]: UNREACHABLE! => {"changed": false, "msg": "credssp: Bad HTTP response returned from server. Code 502", "unreachable": true}
Adding details on client setup, which looks ok, following along : https://docs.ansible.com/ansible/latest/os_guide/windows_setup.html#winrm-listener
PS C:\Windows\system32> (Get-Service "WinRM").Status
Running
Below indicates : HTTP: Enabled
PS C:\Temp\Ansible> .\ConfigureRemotingForAnsible.ps1 -Verbose
VERBOSE: Verifying WinRM service.
VERBOSE: PS Remoting is already enabled.
VERBOSE: SSL listener is already active.
VERBOSE: Basic auth is already enabled.
VERBOSE: Firewall rule already exists to allow WinRM HTTPS.
VERBOSE: HTTP: Enabled | HTTPS: Disabled
VERBOSE: PS Remoting has been successfully configured for Ansible.
Exec policy set to Unrestricted as well.
PS C:\Temp\Ansible> Get-ExecutionPolicy -List
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine Unrestricted
Powershell version looks ok : 5.x :
PSVersion 5.1.19041.1682
And quick check on http link per below is working on windows client as well. Issue I am seeing only from Linux machine from which I am trying to connect/run playbook.
winrs -r:http://<hostname>:5985/wsman -u:<user> -p:<pass> ipconfig
I assume upon the chosen authentication method
ansible_winrm_transport: credssp
and the missing info about the CredSSP on the Windows side in the question and the 502 error, that this might be caused, because CredSSP ist not enabled.
As stated in the Ansible WinRM Module Documentation, if the selected authentication method is CredSSP, it needs to be enabled:
CredSSP authentication is not enabled by default on a Windows host,
but can be enabled by running the following in PowerShell:
Enable-WSManCredSSP -Role Server -Force
According to the WSMAN Documentation the state of the CredSSP can be checked with:
Get-WSManCredSSP
Possible results:
If the computer is configured for CredSSP, this is the output:
The machine is configured to allow delegating fresh credentials to the
following target(s): wsman/server02.accounting.fabrikam.com
If the computer is not configured for CredSSP, this is the output:
The machine is not configured to allow delegating fresh credentials.
first make sure that the user you are trying to connect with has admin rights on the remote computer.
If the user does, maybe it's a problem with the proxy.
I once had a similar problem and simply running this command on the remote server fixed it:
netsh winhttp reset proxy
you can read more about netsh here:
WINHTTP - netsh
Hope that helps, good luck !
Strange behavior, i working on configuring Kafka broker on my home server PC and trying to connect from another computer over wifi. The firewall port is opened on 9092 using following command
netsh advfirewall firewall add rule name="TCP Port 9092" dir=in
action=allow protocol=TCP localport=9092
However when i try to use Test-NetConnection to test the port connectivity it fails. I cannot connect to any port that is configured as open in windows firewall settings not sure why. I have disabled ipv6 on client and server
PS C:\Users\ram> Test-NetConnection 10.58.35.113 -Port 9092 -Verbose
WARNING: TCP connect to (10.58.35.113 : 9092) failed
VERBOSE: 113.35.58.10.in-addr.arpa
VERBOSE: 113.35.58.10.in-addr.arpa
VERBOSE: 113.35.58.10.in-addr.arpa
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = QueryIsolationType,'className'
= MSFT_NetAddressFilter,'namespaceName' = root\standardcimv2'.
VERBOSE: Operation 'Invoke CimMethod' complete.
ComputerName : 10.58.35.113
RemoteAddress : 10.58.35.113
RemotePort : 9092
InterfaceAlias : Wi-Fi
SourceAddress : 10.58.35.134
PingSucceeded : True
PingReplyDetails (RTT) : 1 ms
TcpTestSucceeded : False
Update
Kafka broker is running with in windows linux subsystem, hence this odd behavior. When i install the kafka broker on window Test-Netconnection successful
My computer has a Windows 10 and I was following through Microsoft 98-366 Network Fundamentals book.
It had me to open Windows Powershell and type
New-NetIPAddress -InterfaceAlias "Local Area Network" -IPv4Address 192.168.1.101 -PrefixLength "24" -DefaultGateway 192.168.1.1
Then I got the error that it can't find a parameter with the name IPv4Address. It'ns not a typo though, because above was directly copied from the book.
So when I looked up the documentations on New-NetIPAddress it seemed -IPv4Address is not an option and instead I have to use IPAddress. So I tried the below
New-NetIPAddress -InterfaceAlias "Local Area Network" -IPAddress 192.168.1.101 -PrefixLength "24" -DefaultGateway 192.168.1.1
Then I got a new error saying
New-NetIPAddress : Invalid parameter InterfaceAlias Local Area Network
but InterfaceAlias does exist in the documentations, so I'm not sure what causes it to be invalid.
Thanks in advance for any kind of help.
Additionally, the documentation I looked up was this:
Net-NetIPAddress
I think the InterfaceAlias is not valid.
First look at all the network interfaces using the command Get-NetIPInterface. Here is the output in my PC:
InterfaceAlias
--------------
vEthernet (Wi-Fi)
vEthernet (VMware Network ) 2
vEthernet (VMware Network )
vEthernet (VirtualBox Host)
vEthernet (Ethernet)
VMware Network Adapter VMnet8
VMware Network Adapter VMnet1
VirtualBox Host-Only Network
Local Area Connection* 10
Local Area Connection* 9
Ethernet
Wi-Fi
Loopback Pseudo-Interface 1
vEthernet (Wi-Fi)
vEthernet (VMware Network ) 2
vEthernet (VMware Network )
vEthernet (VirtualBox Host)
vEthernet (Ethernet)
VMware Network Adapter VMnet8
VMware Network Adapter VMnet1
VirtualBox Host-Only Network
Local Area Connection* 10
Local Area Connection* 9
Ethernet
Wi-Fi
Loopback Pseudo-Interface 1
Re-check by reading all properties with Get-NetIPInterface | Format-List * will help you identify which is the correct network interface you are looking for.
I have to start and stop the sites after they are automatically updated. For now this requires me to Remote Desktop Connection to the server and start and stop them manually. I would like to be able to connect to the server through the command prompt and start and stop specific sites. I believe AppCmd can start and stop sites easily, but how should I connect to the server?
According to your description, I suggest you could use powershell WinRM to achieve your requirement.
You could use WinRM to remote access the server, the you could run the powershell command to manage the IIS application.
You should firstly enable the WinRM to allow remote management in the server side by using below powershell command:
#Get the winrm service status
Get-Service WinRM
#Allow remote access
Enable-PSRemoting –Force
#Quick config the winrm
winrm quickconfig
#Add all clients to trustedhosts
Set-Item wsman:\localhost\client\trustedhosts *
Restart-Service WinRM
In the client server, you could run below command:
#Connect to remote server
Enter-PSSession -ComputerName {yourremoteserver ip address or computer name} -Credential {accont name}
If you succeess, you will see the powershell window as below:
Then you could use below command to stop or start the application pool:
import-module WebAdministration
Stop-WebAppPool -Name 'DefaultAppPool'
or
import-module WebAdministration
Start-WebAppPool -Name 'DefaultAppPool'
Every time I try running a playbook to automate some installations in Windows Server, my Windows Remote Host seems to be unreachable.
Here, I am trying to install IIS Server and my playbook looks like this :
---
- hosts : windows
tasks :
- name : Install Microsoft IIS
win_feature :
name : Web-Server
state : present
And the error is :
fatal: [ec2-54-197-197-91.compute-1.amazonaws.com]: UNREACHABLE! => {
"changed": false,
"msg": "ssl: HTTPSConnectionPool(host='ec2-54-197-197-91.compute-1.amazonaws.com', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x1b11310>, 'Connection to ec2-54-197-197-91.compute-1.amazonaws.com timed out. (connect timeout=30)'))",
"unreachable": true
}
But, now I came to know that, to run playbooks for Windows, I need to have winrm installed on my control node.
I have done the following :
pip install "pywinrm>=0.1.1"
I have added the public ip of Windows Instance and my hosts file looks like:
[local]
127.0.0.1
[aws]
ec2-54-152-85-197.compute-1.amazonaws.com
[windows]
ec2-54-197-197-91.compute-1.amazonaws.com
Then, I created a directory "group_vars" in /etc/ansible, and in that a file windows.yml which reads :
ansible_user: Administrator
ansible_password: SecretPasswordGoesHere
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
Please let me know where I am going wrong.
(most likely, because you have not mentioned it)
You need to configure remote commands in PowerShell on your Windows instance (as described in the Windows system prep section). Execute the following (with administrator permissions):
iwr https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 -UseBasicParsing | iex
Before, depending on your settings, you might also need to enable the PowerShell execution policy, set the network interface to private network (mind the InterfaceAlias value below) and enable PowerShell remoting.
Set-ExecutionPolicy Unrestricted -Force
Set-NetConnectionProfile -InterfaceAlias Ethernet0 -NetworkCategory Private
Enable-PSRemoting