Adding a PowerShell host using Kerberos fails with the error: send message on http://host name or ip:5985/wsman error , document in
book
Article ID: 340383
calendar_today
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
- Cannot add a PowerShell Host in vRealize Orchestrator (formerly known as vCenter Orchestrator).
- Adding a PowerShell Host in vRealize Orchestrator fails.
- You see the error:
send message on http://host name or ip:5985/wsman error, document in
Environment
VMware vCenter Orchestrator 5.1.x
VMware vCenter Orchestrator 4.2.x
Cause
This issue occurs when you configure Windows Remote Management (WinRM) with HTTP but do not set the AllowUnencrypted to True for Client and Service.
Resolution
To resolve this issue, you must configure WinRM to allow unencrypted traffic.
To change the configuration of WinRM to allow encrypted traffic:
-
Run this command to set the default WinRM configuration values.
c:\> winrm quickconfig
-
You can run this optional command to check whether a listener is running and verify the default ports:
c:\> winrm e winrm/config/listener
Note: The default ports are 5985 for HTTP and 5986 for HTTPS.
-
Enable basic authentication on the WinRM service:
-
Run this command to check whether basic authentication is allowed:
c:\> winrm get winrm/config
-
Run this command to enable basic authentication:
c:\> winrm set winrm/config/service/auth @{Basic="true"}
-
Run this command to allow transfer of unencrypted data on the WinRM service:
c:\> winrm set winrm/config/service @{AllowUnencrypted="true"}
-
Enable basic authentication on the WinRM client:
-
Run this command to check whether basic authentication is allowed:
c:\> winrm get winrm/config
-
Run the following command to enable basic authentication:
c:\> winrm set winrm/config/client/auth @{Basic="true"}
-
Run this command to allow transfer of unencrypted data on the WinRM client:
c:\> winrm set winrm/config/client @{AllowUnencrypted="true"}
-
If the WinRM host machine is in an external domain, run this command to specify the trusted
hosts:
c:\> winrm set winrm/config/client @{TrustedHosts="host1, host2, host3"}
-
Run this command to test the connection to the WinRM service:
c:\> winrm identify -r:http://winrm_server:5985 -auth:basic -u:user_name -p:password -
encoding:utf-8
Note: For more information to resolve this using HTTPS authentication, see
Configuring WinRM
Feedback
thumb_up
Yes
thumb_down
No