WinRM Prerequisites

• WinRM Service
• WinRM Listener configuration for HTTP
• WinRM Listener configuration for HTTPS
• Trusted Hosts
• Group Policy Setting for WinRM (Optional setting)

WinRM Service

Check if the Windows Remote Management Service is running in Services.msc on both the AppManager-installed server and the remote server. Start the service if it is stopped.

WinRM Listener configuration for HTTP

1. Open PowerShell in administrator mode in the target server and use the following command to configure WinRM for HTTP in the default port 5985.
   winrm quickconfig
2. If the WinRM listener is already listening on the default HTTP port (i.e., 5985), PowerShell will display the following message:

   

3. Once the listener is created, allow the firewall rule for WinRM service by opening the Firewall settings → Inbound rules → Windows Remote Management (HTTP-In).

WinRM Listener configuration for HTTPS

1. Create a valid SSL/TLS certificate signed by a certification authority and import it into the Microsoft Management Console (MMC). Consult this page to understand the process of generating a self-signed certificate.
2. Open PowerShell in administrator mode in the target server and run the below command to configure WinRM for HTTPS:
   winrm create winrm/config/listener?Address=*+Transport=HTTPS '@{Hostname="<hostname>";CertificateThumbprint="<ssl certificate thumbprint>";Port="<port number>"}

   <hostname> - The CN on the SSL certificate.
   <ssl certificate thumbprint> - The thumbprint from the SSL certificate.
   <port number> - The port number with which we need to access WinRM for HTTPS. (Default HTTPS port: 5986)

3. By default, a firewall rule for WinRM HTTPS is not present in Firewall settings. Open Firewall settings → Inbound rules and create a new rule to allow the port used for WinRM HTTPS.
4. Verify the created listener using the follwong command in the admin Powershell on the target server
   winrm enumerate winrm/config/listener

Trusted Hosts

Configure the TrustedHosts setting on both computers so that they will trust each other:

• On Remote Monitored Servers:
  Set-Item wsman:\localhost\client\trustedhosts <Applications Manager hostname>
• On Applications Manager Servers:
  Set-Item wsman:\localhost\client\trustedhosts *

Group Policy Setting for WinRM (Optional setting)

• This is an optional setting which can be enabled if any issues are faced while connecting to the target server using WinRM.
• In the target server, go to Edit Group Policy → Computer Configuration → Administrative Templates → Windows Components → Windows Remote Management (WinRM) → WinRM service → Enable Allow remote server management through WinRM setting.