VMware Cloud Community
gbeke
Enthusiast
Enthusiast
Jump to solution

Adding powershell host workflow fails

Hi,

I'm using vRA 8.6.2 with the embedded vRO and try to add a powershell host. I've followed the documentation on how to configure Kerberos and WinRM for HTTPS in the VMware documentation. 
https://docs.vmware.com/en/vRealize-Orchestrator/8.6/com.vmware.vrealize.orchestrator-use-plugins.do...
https://docs.vmware.com/en/vRealize-Orchestrator/8.6/com.vmware.vrealize.orchestrator-use-plugins.do...

I'm able to connect to the powershell host using this command from a Windows server in the same domain: Test-WSMan -Authentication Kerberos -ComputerName server.domain.com -Port 5986 -UseSSL

I've verified by using curl that the appliance are able to connect to the powershell host on port 5986 and the dc's in the domain on port 88 and 636. When I run the add powershell host workflow I specify 5986 as port, winrm as host type, https as transport protocol and kerberos as authentication. I use a shared session with a user that is member of the local administrator group on the powershell host. When running the workflow it fails and displays this: 

send message on https://server.domain.com:5986/wsman error , document in <?xml version="1.0" encoding="UTF-8"?> <env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope"> <env:Header> <a:To xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing">https://server.domain.com:5986/wsman</a:To> <a:ReplyTo xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing"> <a:Address mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address> </a:ReplyTo> <w:MaxEnvelopeSize xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" mustUnderstand="true">153600</w:MaxEnvelopeSize> <a:MessageID xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing">uuid:190CA470-3279-4185-B5AF-39D462AC3EC9</a:MessageID> <w:Locale xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" mustUnderstand="false" xml:lang="en-US"/> <p:DataLocale xmlns:p="http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd" mustUnderstand="false" xml:lang="en-US"/> <w:OperationTimeout xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd">PT180.000S</w:OperationTimeout> <a:Action xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/Receive</a:Action> <w:SelectorSet xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd"> <w:Selector Name="ShellId">A2DDFA3C-668C-4CA4-9A66-45D2F0787C28</w:Selector> </w:SelectorSet> <w:ResourceURI xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/cmd</w:ResourceURI> </env:Header> <env:Body> <rsp:Receive xmlns:rsp="http://schemas.microsoft.com/wbem/wsman/1/windows/shell"> <rsp:DesiredStream CommandId="8F29A350-2DEF-48CF-8AF1-F62FDC216C0C">stdout stderr</rsp:DesiredStream> </rsp:Receive> </env:Body> </env:Envelope> , document out [EMPTY], (Dynamic Script Module name : addPowerShellHost#30)

Extensiv googling has not yielded any results that has helped me solve this issue. This may of course be due to lack of searching skills. 

Any help with this will be greatly appreciated.

Tags (2)
Reply
0 Kudos
1 Solution

Accepted Solutions
gbeke
Enthusiast
Enthusiast
Jump to solution

Thanks for the suggestion. I've already looked at that without finding any solution. 

But it is working now. When I ran the workflow I added, for some unknown reason, a value for "Idle Timeout" and "Read Timeout" under Advanced options. When removing that the workflow succeeded.

gbeke_0-1646822510034.png

 

View solution in original post

3 Replies
eoinbyrne
Expert
Expert
Jump to solution

When I had to do this previously (for 7.x mind) I found Spas Kaloferov's posts extermely helpful

 

http://kaloferov.com/blog/troubleshooting-tips-orchestrator-powershell-plug-in-skkb1028/

 

 

Reply
0 Kudos
gbeke
Enthusiast
Enthusiast
Jump to solution

Thanks for the suggestion. I've already looked at that without finding any solution. 

But it is working now. When I ran the workflow I added, for some unknown reason, a value for "Idle Timeout" and "Read Timeout" under Advanced options. When removing that the workflow succeeded.

gbeke_0-1646822510034.png

 

Sha_man
Contributor
Contributor
Jump to solution

Just as an FYI, there is a KB to fix this (Adding a PowerShell host using Kerberos fails with the error: send message on http://host name or ip...). I tested this on a vRA/vRO 8.8 instance.

In my case I needed to allow transfer of unencrypted data on the powershell host. I ran the below on the powershell host:

winrm set winrm/config/service '@{AllowUnencrypted="true"}'

 

Hope this helps 

Reply
0 Kudos