Error when running winrm in jenkins pipeline - powershell

Connecting to remote server 172.18.32.39 failed with the following error message : The WinRM client
14:53:09 cannot process the request. Default authentication may be used with an IP address under the following conditions: the
14:53:09 transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use
14:53:09 winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more
14:53:09 information on how to set TrustedHosts run the following command: winrm help config. For more information, see the
14:53:09 about_Remote_Troubleshooting Help topic.
I'm getting the above winrm error when the test-wsman command is called from my build node against my test node. When I manually run the test-wsman command from the build node against the test node, it works. I guess besides that oddity, has anyone had success resolving the above error? Is there any way I can get more output from winrm to troubleshoot this?

Add Host to TrustedHosts
Can you run the following commands in Powershell on the node that the pipeline is running on
winrm quickconfig
winrm set winrm/config/client #{TrustedHosts="172.18.32.39”}
Afterwards try running the pipeline again. Also, can you verify that you are running the test-wsman cmdlet from the same user that’s running it when it’s ran via the pipeline?

Related

The WinRM client cannot process the request

I try to run the command:
Invoke-Command 10.xx.3x.1xx -ScriptBlock {Get-ADDefaultDomainPasswordPolicy}
But got an error:
OpenError: [10.xx.3x.1xx] Connecting to remote server 10.xx.3x.1xx failed with the following error message : The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
The hosts are in the domain and it working fine with another host in the domain.
I checked using Test-WsMan host_ip command from the remote machine where I try to run the command from and got:
wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor : Microsoft Corporation
ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 3.0
I also retriggered the Enable-PSRemotinge on the remote hosts (with no answer back after triggering) but got the above error.
Question
Most concern - How do I handle this?
Is it possible for when the host is not allowed to run PS remotely to enable it remotely and after the command is triggered successfully turn it to the original status
Thanks
To connect by IP address, add the machine to your TrustedHosts list.
Run PowerShell as Administrator and enter this:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value 'TheRemoteHostsIpAddress' -Concatenate
Replace TheRemoteHostsIpAddress with the remote host's IP address.
Note to readers: The error message "The WinRM client cannot process the request" can show up for other reasons, too. My answer is for OP's scenario specifically.
Check the details included in the error message after the "cannot process the request" part. In OP's case, the message says that to remotely connect by IP address, you must either use HTTPS or have the host in the TrustedHosts list.
Connecting to remote server 10.xx.3x.1xx failed with the following error message : The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.

Powershell on targeted machine in Azure Devops

[error]Unable to create pssession. Error: 'Connecting to remote server 192.168.2.33 failed with the following error message : The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.'
Getting this error i have actived https ports as well if you can help me with it
This error message is thrown when you try to connect with an IP address instead of a hostname or FQDN (fully qualified domain name).
To use an IP address, you must either use WinRM over HTTPS or add the IP address to the TrustedHosts list on the target system.
These steps are mainly relevant when trying to connect from workgroup-based computers.
Within an Active Directory, WinRM will use Kerberos for authentication, and this requires you either use the hostname or the FQDN of the target system you’re connecting to.
So, please try using the hostname or FQDN (like ComputerName.test.com) instead of the IP to check if it works. If that doesn't work, then please double check your WinRM configuration. Configure WinRM for your reference.
Instead of using powershell on target machine just setup agent on your machine and use powershell task in CI/CD. It's an easiest way.

powershell on target machine causes "PSSession could not be created for Machine:'XXX:5986"

I try to use release pipeline and setup a task "run powershell on target machines"
And here are the error messages:
##[error]Unable to create pssession. Error: 'Connecting to remote server XXX failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.'
##[error]The remote session query failed for XXX with the following error message: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".
##[error]PSSession could not be created for Machine:'XXX:5986'
My VM is on Azure, and I already open PORT 5986\5985 in 'internet' settings.
I found some article talking about "remote management", however, I am not sure how to set this up on my VM.
https://learn.microsoft.com/en-us/windows/win32/winrm/portal
https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/winrmsecurity?view=powershell-7.2
Maybe I need some setup are needed for the instance which pipelines are running on (agent pools)?
https://developercommunity.visualstudio.com/t/with-powershell-on-target-machines-task-cant-able/635225
Any suggestion is appreciated.
Update-1
The suggestion from #wade-zhou-msft seems not working. But thanks!
Updata-2
change the network setting, no more error.
But the situation still the same ...
In addition, my 'copy file to remote machine' task works well.
Update-3
I find articles talks about "how to remotely run powershell command from Linux"
https://adamtheautomator.com/psremoting-linux/
It shows that some setup is needed. Maybe I need to setup the instance running my CD jobs?
The task "run powershell on target machines" will start a Enter-PSSession session from your agent machine to target VM.
As per the error message, on your target VM, please run winrm quickconfig to configure the service, run winrm set winrm/config/client '#{TrustedHosts="*"}' to trust the host.
If you use the HTTPS, then you need to open port 5986 in the firewall and install a self-signed certificate.
If you create a classic virtual machine from the Azure portal,the virtual machine is already set up for WinRM over HTTPS, with the default port 5986 already opened in the firewall and a self-signed certificate installed on the machine.These virtual machines can be accessed with no further configuration required. Please refer to the task perquisite for the detials.
Or you can use self-hosted agent, with http port 5985 for the task.
I had the same problem and I solved the problem by using azure cli.
The build agent and the VM were added in the same vNet.
az vm run-command invoke -g MyResourceGroup -n MyVm --command-id RunShellScript --scripts 'echo $1 $2' --parameters hello world
https://learn.microsoft.com/en-us/cli/azure/vm/run-command?view=azure-cli-latest#az-vm-run-command-invoke

Executing commands on a remote server via winrm failed

I am trying to remotely manage a windows server which is Azure AD Domain joined. I have activated winrm on both machines. My user has administrator rights and I am working from an elevated prompt. I have even set the Server as trusted host just in case. No matter what I try I keep getting this error message.
Connecting to remote server xxx failed with the following error message: The WinRM client cannot process the request. If the authentication schme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_remote_Troubleshooting Help topic.
CategoryInfo: OpenError: (xxx) [], PSRemotingTranportException
FullyQualifiedErrorId: ServerNotTrusted,PSSessionStateBroken
I am connected via VPN to the company network, I can also ping the server. I also successfully opened a telnet to the server on the port winrm uses normally.
What am I missing?

WinRM not returning client information - quickconfig not working

I am trying to change settings on WinRM however I keep getting an error.
I have read many articles across the web about it but I cannot get any of the suggested fixes to work
When I try to get the winRM quickconfig, which is the common suggested fix, to work I get this:
PS C:\Windows\system32> winrm qc
WinRM service is already running on this machine.
WSManFault
Message = The client cannot connect to the destination specified in the request. Verify that the service on the dest
ination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running o
n the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the
destination to analyze and configure the WinRM service: "winrm quickconfig".
Error number: -2144108526 0x80338012
The client cannot connect to the destination specified in the request. Verify that the service on the destination is run
ning and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destinat
ion, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination t
o analyze and configure the WinRM service: "winrm quickconfig".
The service is running and the firewall rules are all set correctly.
I get the same error regardless of what I'm trying to achieve.
E.G.
PS C:\Windows\system32> winrm get winrm/config
WSManFault
Message = The client cannot connect to the destination specified in the request. Verify that the service on the dest
ination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running o
n the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the
destination to analyze and configure the WinRM service: "winrm quickconfig".
Error number: -2144108526 0x80338012
The client cannot connect to the destination specified in the request. Verify that the service on the destination is run
ning and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destinat
ion, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination t
o analyze and configure the WinRM service: "winrm quickconfig".
PS C:\Windows\system32> winrm enumerate winrm/config/listener
WSManFault
Message = The client cannot connect to the destination specified in the request. Verify that the service on the dest
ination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running o
n the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the
destination to analyze and configure the WinRM service: "winrm quickconfig".
Error number: -2144108526 0x80338012
The client cannot connect to the destination specified in the request. Verify that the service on the destination is run
ning and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destinat
ion, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination t
o analyze and configure the WinRM service: "winrm quickconfig".
I have tried stopping and restarting the Windows Remote Management service in the local Services.
Also tried changing the settings in the Group Policy on the machine. All to no avail.
Checked the expanded analysis logs in the event viewer, no further clues there, it just shows the error above.
Is there anyway to uninstall and reinstall ? I cannot find any info on that, online to configure. I don't seem to be able to get back to the initial setup like this (example from another machine)
PS P:\> winrm qc
WinRM is not set up to receive requests on this machine.
The following changes must be made:
Start the WinRM service.
Set the WinRM service type to delayed auto start.
Make these changes [y/n]? n
I am current using :
Windows 2008 R2 SP1
Powershell 5.1
TFS 2017 is also installed on the server.
Any ideas ?
You know... I could point you to some links that would help, but that always aggravates me when I'm looking for an answer. Try this from an elevated powershell prompt:
Set-NetConnectionProfile -NetworkCategory Private <-- This assumes you're not in a domain
Enable-PSRemoting -SkipNetworkProfileCheck -Force <- Yes, a bit redundant
set-service -ServiceName WinRm -StartupType Automatic
start-service winrm
If you continue to have trouble, add this:
winrm set winrm/config/client '#{TrustedHosts="NameOfYourComputer"}'