Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManagerEMC OpenManage Enterprise
81828384858687888990
Enable WS-Man in HTTPS mode for discovering
Windows or Hyper-V servers
By default, the WS-Man service is not enabled on the Windows servers. You must enable the WS-Man service on target servers in HTTPS
mode.
Pre-requisites:
IIS with HTTPS enabled
WS-Man service with HTTPS enabled
PowerShell 4.0 to configure the WS-Man service with certificate
Creating a Self-Sign Certificate
NOTE: If you have a publicly-signed certificate, things are easier and you can use Set-WSManQuickConfig -UseSSL.
Run the following command on PowerShell by logging in as an administrator:
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "myHost"
It is important to enter the name of the server that you want to manage remotely to the DnsName parameter. If the server has a DNS
name, you must use the fully qualified domain name (FQDN).
NOTE: The $Cert variable is important because it stores thumbprint for future command use.
Creating PowerShell Remoting on the host system
The Enable-PSRemoting command also starts a WS-Man listener, but only for HTTP.
Enable-PSRemoting -SkipNetworkProfileCheck -Force
1. If you do not want anyone to use HTTP to connect to the server, you can remove the HTTP listener by running the command:
Get-ChildItem WSMan:\Localhost\listener | Where -Property Keys -eq "Transport=HTTP" |
Remove-Item -Recurse
2. Remove all the WS-Man listeners to add the new HTTPS listener:
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse
3. Add your WS-Man HTTPS listener:
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -
CertificateThumbPrint $Cert.Thumbprint –Force
NOTE:
Use the $Cert variable that you defined earlier to read the Thumbprint. This variable allows the New-Item
cmdlet to locate the certificate in your certificates store.
4. Add the firewall rule:
New-NetFirewallRule -DisplayName "Windows Remote Management (HTTPS-In)" -Name "Windows
Remote Management (HTTPS-In)" -Profile Any -LocalPort 5986 -Protocol TCP
5. Verify settings by running the following:
C:\Windows\system32>winrm g winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
90
Discovering devices for monitoring or management