Setup for Hyper-V, VMM, Exchange Targets - Enable WinRM Manually with Troubleshooting steps

Document created by bsong Expert on Jun 7, 2016Last modified by robert.coppersmith on Jan 8, 2019
Version 26Show Document
  • View in full screen mode

Enabling WinRM is required to connect to Hyper-V, VMM, or Exchange targets. To enable WinRM manually on a target, just run the following commands via PowerShell.

 

Set-Item WSMan:\localhost\Service\AllowUnencrypted -Value $True

Set-WSManQuickConfig -Force

 

Optional - the following command is only needed for local users:

Set-Item WSMan:\localhost\Service\Auth\Basic -Value $True

 

Enable multiple Hyper-V, VMM, Exchange targets GPO follow the below link :  WSMan service configuration using domain GPO

 

However, if you would like to use Secure connection via HTTPS follow this article : WSMan/WinRM over HTTPS service configuration

 

IMPORTANT:  Turbonomic requires open bidirectional access over ports 5985, 5986 to validate and discover Hyper-V hosts and VMM. Additionally, if you are adding a VMM target, you still need to enable WSMAN / WinRM on both the VMM and all the underlying Hyper-V hosts as well. Also, make sure that the user has administrator permissions on the Hyper-V and VMM as well. To add a Hyper-V / VMM target please make sure to put the target name using "Fully Qualified Domain name" and username should not contain domain name. 

 

 

 

TROUBLESHOOTING :

 

1)  If targeting is still failing when not using Secure connection, it is good to confirm that "AllowUnencrypted" has been set to "true". Oftentimes, this setting is still set to "false" and will prevent targeting. You can run the following PowerShell command to confirm that in the Service category, AllowUnencrypted is set to "true":

 

winrm get winrm/config/service

 

 

IMPORTANT:  For Hyper-V/VMM we need to have a administrator user who is part of active directory domain because we use kerberos system to validate the credentials. To check the permissions of the user and confirm it is able to go through kerberos check, you can run the following command on a powershell of a different host than the host in question :

 

Get-WSManInstance wmi/root/cimv2/* -Enumerate -Filter "SELECT * FROM Win32_ComputerSystem" -ComputerName hp-             dl591.corp.vmturbo.com -Authentication Kerberos -Credential john.doe@corp.vmturbo.com

 

      ( Here, replace hp-dl591.corp.vmturbo.com with actual host having issue and john.doe@corp.vmturbo.com with the real username)

 

To use IP Address for target, we need to have SPN for the host. To do this, we need to add SPN for the Hyper-v / VMM by doing the following step : 

setspn -A PROTOCOL/ADDRESS:PORTWINDOWS-HOST
Example: setspn –A WSMAN/10.99.9.2 VMM-02

Note: PORT is optional

   Also, You can run the following powershell command to check the permissions of the user is set to administrator or not 

winrm configSDDL default
4 people found this helpful

Attachments

    Outcomes