Enable and configure winrm in Windows

 Published On February 13, 2019

In general practice we easy configure and use all unix based systems remotely by ssh. But if we try to get access to windows system remotely, We have to enable and configure winrm service.

In this blog I will explain how to enable and configure winrm in windows to access by ansible.

Enable Winrm service in windows

If you want to execute PowerShell commands / scripts remotely you need to enable winrm by following these steps.

  • Open PowerShell for admin user.
  • Run command Enable-PSRemoting -Force

Note This command starts the WinRM service, sets it to start automatically with your system, and creates a firewall rule that allows incoming connections. The -Force part of the cmdlet tells PowerShell to perform these actions without prompting you for each step. For more detail on enabling winrm for PowerShell you can use this link.

Enable and configure winrm for Ansible

If we want to access windows machines through ansible, we need to follow these steps:

Ansible dependencies

Here are the dependencies for ansible to communicate with windows servers.

  • Ansible’s supported Windows versions generally match those under current and extended support from Microsoft. Supported desktop OSs include Windows 7, 8.1, and 10, and supported server OSs are Windows Server 2008, 2008 R2, 2012, 2012 R2, and 2016.
  • Ansible requires PowerShell 3.0 or newer and at least .NET 4.0 to be installed on the Windows host.
  • A WinRM listener should be created and activated. More details for this can be found below.

Upgrading PowerShell and .NET Framework

Ansible requires PowerShell 3.0 and .NET Framework 4.0 or newer. The base image does not meet these requirements. Hence you need to upgrade these things. For ease you can use PowerShell script.

Follow these steps to upgrade by PowerShell script you can run following script on powershell terminal.

$enpoint = "https://raw.githubusercontent.com/jborean93/ansible-windows/master/scripts/Upgrade-PowerShell.ps1"
$script_name = "$env:temp\Upgrade-PowerShell.ps1"
$username = "Administrator"
$password = "Password for Administrator" 

(New-Object -TypeName System.Net.WebClient).DownloadFile($enpoint, $script_name)
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force

# version can be 3.0, 4.0 or 5.1
&$file -Version 5.1 -Username $username -Password $password -Verbose

WinRM Memory Hotfix

When running on PowerShell v3.0, there is a bug with the WinRM service that limits the amount of memory available to WinRM. Without this hotfix installed, Ansible will fail to execute certain commands on the Windows host. You can run following script in PoweShell to apply this memory Hotfix.

$url = "https://raw.githubusercontent.com/jborean93/ansible-windows/master/scripts/Install-WMF3Hotfix.ps1"
$file = "$env:temp\Install-WMF3Hotfix.ps1"

(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)
powershell.exe -ExecutionPolicy ByPass -File $file -Verbose

WinRM Setup

Once Powershell has been upgraded to at least version 3.0, the final step is for the WinRM service to be configured so that Ansible can connect to it. There are two main components of the WinRM service that governs how Ansible can interface with the Windows host: the listener and the service configuration settings.

The script ConfigureRemotingForAnsible.ps1 can be used to set up the basics:

Run the following script in PoweShell:

$url = "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1"
$file = "$env:temp\ConfigureRemotingForAnsible.ps1"

(New-Object -TypeName System.Net.WebClient).DownloadFile($url, $file)

powershell.exe -ExecutionPolicy ByPass -File $file

Setup WinRM Listener

There are three ways to configure Winrm Listener. You can read and get more details on the link.

You can follow these steps to enable and configure winrm to communicate with ansible. For more details on this follow The link.


Tags: winrm, Ansible-winrm, windows winrm

Comments:

comments powered by Disqus