Forum Discussion
Cluster Update asking to enable CredSSP
Hi galenb,
Any update on this? Got exactly this issue and identical to what others have reported here.
Deploying WAC as the primary admin method for a new Azure Stack HCI deployment for a client and just cannot get past this CredSSP issue... Delegation seems fine other than updates and diagnostics.
Thanks
For us, upgrading to version 1910 (Build 1.2.1910.31005) resolved the CredSSP issue. However, we wanted to use this for the Updates feature, especially cluster-aware updates on our HCI. Now, when we click "Updates" from the Tools side menu in WAC, CredSSP passes and we're prompted with a "Let's get you set up" message. It says,
To continue, we need to set up a few things:
- If Windows Firewall is in use on the cluster nodes, this tool will automatically enable Windows Firewall rules needed on each cluster node to allow remote restarts during updating. This is required to update this cluster.
- If the Cluster-Aware Updating role is not present, it will be added.
When you click "Go for it" it immediate fails with an error notification that reads:
Failed to configure cluster aware update role to the cluster. Error: (1) RemoteException: Unable to validate that the cluster supports the Cluster-Aware Updating role. An unknown validation error occurred on node "corp-hci-01". Additional information: (ClusterUpdateException) Failed to run script "Validation Script": (PSRemotingTransportException) Connecting to remote server corp-hci-01 failed with the following error message : The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support the WS-Management protocol. For more information, see the about_Remote_Troubleshooting Help topic. ==> (PSRemotingTransportException) Connecting to remote server corp-hci-01 failed with the following error message : The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support the WS-Management protocol. For more information, see the about_Remote_Troubleshooting Help topic. (2) RemoteException: Validation failed for adding CAU cluster role.
So I'm pretty much done with caring about it. It's super frustrating that Microsoft's software is so incomplete. I wonder if any of their products go through testing. Our HCI setup is completely standard and out-of-the-box. We purchased it through a certified hardware reseller. And basic features haven't worked.
I was able to capture a .har in Chrome and I sent it to you in a private message. Thanks!
To all using CredSSP with a service mode gateway there is one more thing you must do to make it work -- when making a connection to a server please check the “Use these credentials for all connections” check box on the manage as credential dialog.
The design of CredSSP in service mode relies upon there being cached credentials available in the browser. We will be taking a look at this decision and the subtle behavior of needing to check that check box in the credential dialog to make it work properly.
If you are willing to capture the repro in a .har file I will do my best to get the failure diagnosed and understood.
