WinRM https and Clusters

Occasional Contributor



How do people add clusters to windows admin center with winrm https enabled? Seems like if I used the FQDN of the cluster on the certificate it works but then I cannot connect to the servers themselves.


2 Replies
best response confirmed by CUrti300 (Occasional Contributor)





I don't use the Windows Admin Center, so I'm coming from a position of ignorance here, but I'm comfortable with WinRM and certificates.


If you're getting an error message or number, drop it in here so we know what we're dealing with.


But for the sake of offering some initial guesses:


  1. Perhaps WinRM has been configured to listen on the explicit cluster resource IPv4/IPv6 address rather than the default of all addresses;
  2. You could be running into certificate subject (i.e. subject name or subject alternative name) issues, since WinRM by default expects name compliance.


You can check if the first point is an issue by running the following via PowerShell on each host (I've assumed the default WinRM TLS port is being used):


Get-NetTCPConnection -LocalPort 5986


For the second, there's multiple ways you can check the certificate, so I'll leave it up to you to choose one, but you'd want to see either:


  1. The cluster host's DNS name plus the DNS names for each of the members in the SAN; - or -
  2. A wildcard specification in the subject or SAN.


On point 2, if you have more than one eligible certificate, you may need to double-check which one ended up being bound, which you can do so using the following command to pull the thumbprint (assumes you're either on the host or checking remotely via Invoke-Command):


(Get-ChildItem -Path WSMan:\localhost\Service\CertificateThumbprint).Value


Anyhow, if you have any specific errors you can drop in here, that'd help a lot in getting us to focus on the right area(s).




Ah I bet it's the Certificate I just need to add to the SAN. I deal with certificates all the time I can't believe I forgot about that ha. Thank you for the reminder.