Forum Discussion
Modernized Gateway - WinRM over HTTPS
Hello Karl,
Thanks for the reply. I'll add some context because I'm not sure I understand the answer. We're already using WAC with WinRM over HTTPS configured on ~100 machines. Each managed machine has its valid certificate and its listener configured to use HTTPS as transport. We're also using firewall restriction so only the WAC gateway can do remote WinRM to these.
We're only allowing 5986 via the firewall and this configuration has been working nicely on the public version of WAC 2311.
However, we want to upgrade to the Modernized Gateway but it seems that WinRM over HTTPS just does not work on the Public Preview. Even though the box "Force WinRM over HTTPS" was ticked during install, the WAC server is not able to connect to any of the hosts which have been configured to listen to HTTPS only. Just like if it tried to query HTTP instead.
I agree with the network isolation being already very secure, I just do not believe switching to plain HTTP is the way to go since it worked great on 2311 and this behaviour rather looks like a bug in the modernized gateway.
3NCORE oh pardon me and thanks for taking the time to outline this.
I cannot tell you why. Potentially the NG has issues with certificates and permissions.
The one discussed is with WAC Web GUI and own certificates vs self-signed works.
Do not say it is related but maybe there is also an issue with your scenario in a similar way when you are saying it is all fine with 2311 + hotfix.
This said, I do not pretend to know as I've stopped my evaluating of NG, except for the setup method on local machine to replace Hyper-V mmc. So very very basic and insecure setup, since it's a lab.
https://techcommunity.microsoft.com/t5/windows-admin-center-blog/windows-admin-center-quot-modernized-gateway-quot-is-now-in/ba-p/4013928