@CUrti300
Hi,
I don't use the Windows Admin Center, so I'm coming from a position of ignorance here, but I'm comfortable with WinRM and certificates.
If you're getting an error message or number, drop it in here so we know what we're dealing with.
But for the sake of offering some initial guesses:
- Perhaps WinRM has been configured to listen on the explicit cluster resource IPv4/IPv6 address rather than the default of all addresses;
- You could be running into certificate subject (i.e. subject name or subject alternative name) issues, since WinRM by default expects name compliance.
You can check if the first point is an issue by running the following via PowerShell on each host (I've assumed the default WinRM TLS port is being used):
Get-NetTCPConnection -LocalPort 5986
For the second, there's multiple ways you can check the certificate, so I'll leave it up to you to choose one, but you'd want to see either:
- The cluster host's DNS name plus the DNS names for each of the members in the SAN; - or -
- A wildcard specification in the subject or SAN.
On point 2, if you have more than one eligible certificate, you may need to double-check which one ended up being bound, which you can do so using the following command to pull the thumbprint (assumes you're either on the host or checking remotely via Invoke-Command):
(Get-ChildItem -Path WSMan:\localhost\Service\CertificateThumbprint).Value
Anyhow, if you have any specific errors you can drop in here, that'd help a lot in getting us to focus on the right area(s).
Cheers,
Lain
