-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Details about using CredSSP in Windows #36
Conversation
https://technet.microsoft.com/en-us/library/hh849719.aspx#sectionSection4 | ||
|
||
To use `Invoke-Command -Authentication CredSSP` the Windows Machine has to have: | ||
- Up and running WinRM over http |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
or https?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
http as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So can you change the wording so that it does not imply that it must be http?
Or are you saying that it must have http enabled?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am saying that it must have http enabled.
The custom-enable-credssp script does everything needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bostko I thought we were using https with winrm4j now. Are we using http just for this? So do we enable both? Or just one of them?
In separate communication, you said about an error for MSSQL@Azure: NoSuchElementException: could not connect to any socket in [40.68.36.154:5986, 100.89.232.98:5986]
. That is the https port, so I assumed we were using https.
6657953
to
9214ca9
Compare
9214ca9
to
6db8984
Compare
@neykov any comments from you about the need for http and https when we're using |
script which enables executing commands with CredSSP in the general case. | ||
The script works for most of the Windows images out there version 2008 and later. | ||
|
||
Please ensure that Brooklyn's changes are compatible with your organisation's security policy. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[nit] US English s/s/z/
useful. @neykov if you have any comments on http(s) (re aled's comment above) it can be a new PR |
@aledsage Invoke-Command will default to http transport (the authentication protocol doesn't matter). The script can override it, but then needs to know what settings to use (what's available on the machine). @bostko can you confirm Also the self signed certificate might be a problem for |
@neykov indeed. The script does what you wrote. |
@aledsage can you review.