I started installing Dell OpenManage on my companies servers and quickly ran into the below issue which bar one server, I have not been able to resolve:
The installer has detected that the HTTPS listener is not configured for Windows Remote
Management. You can either configure the HTTPS listener before installing Remote Enablement,
or install Remote Enablement now by selecting the "Custom" installation screen and configure
the HTTPS listener later. See the "Remote Enablement Requirements" section in the Server
Administrator Installation Guide for information on configuring the HTTPS listener. Note:
Remote Enablement is required to manage this system from a remote Server Administrator Web
Server and is applicable only for those systems that support Server Instrumentation. Click
here to configure HTTPS Listener for Windows Remote Management.
Through googling I came across a number of examples of instructions to setup an WinRM HTTPS listener like Dell fumbles OpenManage installation process, forgets to write documentation?, however I have at least managed to figure out they assume that one has a server in one's domain that is setup as a Active Directory Certificate Services, Certificate Authority, and have created a Computer (Machine) cert within it.
However, with that done, the request a [local computer] certificate used on all the other servers (mmc.exe -> Add/Remove Snap-in -> Certificates), and winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="<FQDN to Certificate Services server>";CertificateThumbprint="<thumbprint>"} used to setup the HTTPS listener, which produces:
ResourceCreated
Address = http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
ReferenceParameters
ResourceURI = http://schemas.microsoft.com/wbem/wsman/1/config/listener
SelectorSet
Selector: Address = *, Transport = HTTPS
...only one of them removes the above Dell OpenManage pre-req check error. I have tried to click the link Click here to configure HTTPS Listener for Windows Remote Management. in the error above, but it doesn't resolve the issue on any of the servers.
One difference I have noticed is the server which does remove the above pre-req check error upon rescanning, has 3 lines when quering winrm enum winrm/config/Listener, like below:
C:\Windows\system32>winrm enum winrm/config/Listener
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 127.0.0.1, 192.168.<rest of IP>, ::1, fe80::<rest of IP>
Listener
Address = *
Transport = HTTPS
Port = 5986
Hostname = <FQDN of local server>
Enabled = true
URLPrefix = wsman
CertificateThumbprint = <thumbprint without spaces>
ListeningOn = 127.0.0.1, 192.168.<rest of IP>, ::1, fe80::<rest of IP>
Listener [Source="Compatibility"]
Address = *
Transport = HTTPS
Port = 443
Hostname = <FQDN of local server>
Enabled = true
URLPrefix = wsman
CertificateThumbprint = <thumbprint without spaces i.e., ab 32 ft... etc>
ListeningOn = 127.0.0.1, 192.168.<rest of IP>, ::1, fe80::<rest of IP>
And the rest that have the pre-req check error have only two sections:
C:\Windows\system32>winrm enum winrm/config/Listener
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 127.0.0.1, 192.168.<rest of IP>, ::1, fe80::<rest of IP>, fe80::<rest of IP>
Listener
Address = *
Transport = HTTPS
Port = 5986
Hostname = <FQDN of local server>
Enabled = true
URLPrefix = wsman
CertificateThumbprint = <thumbprint without spaces>
ListeningOn = 127.0.0.1, 192.168.<rest of IP>, ::1, fe80::<rest of IP>, fe80::<rest of IP>, fe80::<rest of IP>
Is the extra Listener [Source="Compatibility"] section in the winrm output the solution (and if so, how does one add it, especially with spaces in the thumbprint that winrm won't accept), or is something else the solution?
