I know there are a number of previous posts with issues similar to this but haven’t been able to find an identical one with a solution that works for me.
I’m trying to run a ‘knife bootstrap windows winrm’ command from a windows workstation using ssl and domain authentication to bootstrap a windows node and am getting this error:
ERROR: Failed to authenticate to myhost as mydomain\myusername Response: WinRM::WinRMAuthorizationError Hint: Make sure to profix domain usernames with the correct domain name. Hint: Local user names should be prefixed with computer name or IP address.
Here’s the bootstrap command I’m trying:
knife bootstrap windows winrm --winrm-transport ssl *myhost* --winrm-user 'mydomain\myusername' --winrm-password 'mypassword' --winrm-ssl-verify-mode verify_none
The remote machine is configured with a https winrm listener created using the command:
new-item -address * -force -path wsman:\localhost\listener -port 5986 -hostname myhost -transport https -certificatethumbprint mythumbprint
The certificate thumbprint comes from a self-signed certificate created using the
knife windows cert generate command.
Basic authentication is disabled from a GPO:
I have also tried using the
-f pemfile option for the bootstrap command using the .pem file for the same certificate, but without success.
I have been referencing this extremely helpful resource from Matt Wrock.
I tried using the New-SelfSignedCertificateEx tool suggested there to create a certificate with the IsCA flag set to $true (with the intention of using that cert for the https listener) but the tool doesn’t create a certificate for me…
A bootstrap without ssl (using sspinegotiate and the winrm-s patch) does work, but I want to use ssl.
Windows 7 (Powershell 4)
Windows 2008 R2 Ent
(Note the workstation is in a different domain to the node)
Would appreciate any guidance anyone has.
Thanks in advance,