Forum Discussion

Asea2022's avatar
Asea2022
Copper Contributor
Jun 15, 2026

Certificate Error Connecting to only to some of the Cluster's resources

Latest version of WAC, winrm configured to connect over HTTPS.  No issues connecting to the servers that are members of the cluster, or clients and other servers in our AD.  No issues connecting to the cluster Dashboard (I can see health, CPU usage, etc.) and some of the resources (such as Drives, Volumes, Servers).  Configuration -> Settings or Security works fine.

It's only when I go to some resources, such as virtual switches, GPU's or a handful of others that I get errors connecting to member servers;  Specifically, the error will state that for each server:

Connecting to remote server servername.local failed with the following error message : The server certificate on the destination computer (servername.local:5986) has the following errors: The SSL certificate contains a common name (CN) that does not match the hostname.

The one oddity I see is that .local is being added to the end of the server name.  Also, servername will not contain the domain extension, just the name.  Here's what I've checked so far:

  • DNS is correct for the member servers and the cluster, both with Host (A) and PTR entries, can be pinged and resolved.
  • As far as I can tell the certificates are setup correctly, no issues connecting to the member servers individually, or the cluster at first.
  • The AD entry for the cluster is in place with the correct permissions for the cluster's service account

I've read that .local is appended if the server/cluster is not part of AD, but that's not the case.  We have two additional clusters and this issue does not appear on them.  I also have not been able to identify any obvious differences between the setup of the two fully functioning clusters and this one.

In the Event Viewer on the WAC server, under Applications and Service Logs _> WindowsAdminCenter, I can see Error Entries ID 304 for each member server with a similar message as above:

Unable to create PowerShell session on node, status: 400, error code:PSRemotingTransportException, error message:Connecting to remote server server.local failed with the following error message : The server certificate on the destination computer (server.local:5986) has the following errors:     
The SSL certificate contains a common name (CN) that does not match the hostname. For more information, see the about_Remote_Troubleshooting Help topic..

As a side note, opening a remote Powershell session to each member server via WAC works fine and by contrast, in the WAC Event viewer there will be corresponding Information entries list the server's FQDN.  Here's an example

Category: Microsoft.AspNetCore.Hosting.Diagnostics
EventId: 2
SpanId: 50d2635d1f6eb737
TraceId: b8c8e1de80ac2f84f1230c5ec3305b38
ParentId: 3e0619ce2c5decca
ConnectionId: 0HNMB39BE0AS7
RequestId: 0HNMB39BE0AS7:0000009F
RequestPath: /api/PowerShell/nodes/serverFQDN/invokeCommand

Request finished HTTP/2 POST https://WACserverFQDN:6601/api/PowerShell/nodes/serverFQDN/invokeCommand - 200 - application/json;+charset=utf-8 230.3283ms

 

It seems that when it comes to accessing only some of the cluster's resources WAC no longer has the member servers FQDNs, and I'm not sure where to look for changing that.  Anyway, any guidance would be appreciated.

 

 

No RepliesBe the first to reply