Our Today’s post is out of our series and here we will discuss, how we have fixed, one of our issue we faced during one of our POC for the last blog.
In our last blog, we ware working with Configure Azure DSC with PowerShell and we got a strange error like,
“Connecting to remote server failed with the following error message: The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.”
After googling for around 1 hours, I found few post with different approaches to fix this issue. I have tried couple of them like, configure certificate, change in my DSC config file content and still I was getting the same error. Then I discussed with one of my friend (Gaurav Thakur) about the issue. He said that, some time back, he was also getting the same issue and fixed the issue, with help of one article. As per his suggestions, I did the following configuration as well as little modification in my DSC configuration file and the issue fixed for me. I am not very sure that if the following configuration have fixed the issue or something I did after or before this configuration but, I have found, in many blogs, this configuration has done by PowerShell script. Here we are setting it through UI.
Let’s follow the bellow steps, and see if it helps you to fix the issues.
- In my last POC, we were working with Azure DSC with PowerShell and as per the procedure, first we had published our Azure DSC script. Then we had to set the Azure DSC extension with our required VM. When we run the command, we got the above mentioned error, as shown in the following figure.
Figure 1: Azure – Error From PS for Request
- Now As per my friend’s suggestion, we run the GPEdit.msc to lunch Local Group Policy Editor. Navigate to “Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Client”. Enable Trust the remote machine. On the setting window, add the remote exchange server name in the Trustedhostedlist field and click Ok, as shown in the following figure..
Figure 2: Azure – Enabled Trusted Host
- After configuring Trusted Host, we configured Unencrypted Traffic and Enabled it. Click Ok to finish with the GP Configuration tool, as shown in the following figures.
Figure 3: Azure – Enabled Unencrypted Traffic
- After configuring the Local Group Policy, we did little modification with our DSC script and change the Node name, then rerun the command. As we can see in the following figure, the PowerShell command executed successfully and it configured the IIS on our target VM.
Figure 5: Azure – Issue Fixed and PS script run successfully
Thanks for reading 🙂
Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more. If you have any suggestion / feedback / doubt, you are most welcome.
Stay tuned on Knowledge-Junction, will come up with more such articles.