Friday, June 22, 2012

How to change WInRM 3.0 listener port

Today I encountered an issue with WinRM 3.0 when opening a 1-to-1 shell session against a remote host on a different VLAN. It didn't take me long to find out the the remote port was blocked by a network Firewall, so, instead of asking for an exception in the filtering rules, I preferred to reconfigure WinRM to listen on another allowed port.

The command to retrieve the complete configuration of the Remorting service is: 'winrm enumerate winrm/config/listener'.

The output is the following:

Listener
    Address = *
    Transport = HTTP
    Port = 5985
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = 192.168.155.239, 127.0.0.1


As you can see, port 5985 is the one used by default when launching 'Enter-PSSession -computername remotehost' on PowerShell 3.0 (for your information, port 5986 is the one used when you specify the -UseSSL switch: 'Enter-PSSession -UseSSL -computername remotehost', but you must first create a listener on that port because it isn't done automatically).

To change this port configuration, run these commands:

Winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="1025"}

Listener
    Address = *
    Transport = HTTP
    Port = 1025
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint    ListeningOn = 192.168.155.239, 127.0.0.1

I hope this post helps you if you have found the same issue using WinRM in a firewalled environment. Do not hesitate to comment and tell your experience with PowerShell 3.0/WinRM 3.0.

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...