Adding a PowerShell host using Kerberos fails with the error: send message on http://host name or ip:5985/wsman error , document in
search cancel

Adding a PowerShell host using Kerberos fails with the error: send message on http://host name or ip:5985/wsman error , document in

book

Article ID: 340383

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:

  • Cannot add a PowerShell Host in vRealize Orchestrator (formerly known as vCenter Orchestrator).
  • Adding a PowerShell Host in vRealize Orchestrator fails.
  • You see the error:
    send message on http://host name or ip:5985/wsman error, document in

Environment

VMware vCenter Orchestrator 5.1.x
VMware vCenter Orchestrator 4.2.x

Cause

This issue occurs when you configure Windows Remote Management (WinRM) with HTTP but do not set the AllowUnencrypted to True for Client and Service.

Resolution

To resolve this issue, you must configure WinRM to allow unencrypted traffic.

To change the configuration of WinRM to allow encrypted traffic:
 
  1. Run this command to set the default WinRM configuration values.

    c:\> winrm quickconfig

  2. You can run this optional command to check whether a listener is running and verify the default ports:

    c:\> winrm e winrm/config/listener

    Note: The default ports are 5985 for HTTP and 5986 for HTTPS.

  3. Enable basic authentication on the WinRM service:

    1. Run this command to check whether basic authentication is allowed:

      c:\> winrm get winrm/config

    2. Run this command to enable basic authentication:

      c:\> winrm set winrm/config/service/auth @{Basic="true"}

  4. Run this command to allow transfer of unencrypted data on the WinRM service:

    c:\> winrm set winrm/config/service @{AllowUnencrypted="true"}

  5. Enable basic authentication on the WinRM client:

    1. Run this command to check whether basic authentication is allowed:

      c:\> winrm get winrm/config

    2. Run the following command to enable basic authentication:

      c:\> winrm set winrm/config/client/auth @{Basic="true"}

  6. Run this command to allow transfer of unencrypted data on the WinRM client:

    c:\> winrm set winrm/config/client @{AllowUnencrypted="true"}

  7. If the WinRM host machine is in an external domain, run this command to specify the trusted
    hosts:

    c:\> winrm set winrm/config/client @{TrustedHosts="host1, host2, host3"}

  8. Run this command to test the connection to the WinRM service:

    c:\> winrm identify -r:http://winrm_server:5985 -auth:basic -u:user_name -p:password -
    encoding:utf-8
 
Note: For more information to resolve this using HTTPS authentication, see Configuring WinRM