Not able to create HTTP listener in windows 7 pc

Tagged: 

This topic contains 8 replies, has 3 voices, and was last updated by  Tulasiramchand Mendu 3 years, 8 months ago.

  • Author
    Posts
  • #12277

    Facing a problem when trying to create a http listener(on windows 7) to connect to a computer( windows 2008 R2) which does not has a domain.

    I am trying to create http listener to connect to a machine which has no domain.
    This is the error that I get when I followed the steps given in the book "Secrets of Powershell Remoting" is "A specified logon session does not exist. It may already have been terminated"

    Trying to use the this command in cmd prompt
    "Winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="IPAddress";CertificateThumbprint=" 1b 45 2b da e5 8b db e8 7b bc 24 b2 43 d0 25 49 ce 0b 74 0f"}

  • #12278

    Don Jones
    Keymaster

    I'm a little confused.

    You create a listener to accept incoming connections. A listener does not "connect to a computer." A listener accepts incoming connections. So if the goal is to connect to a Win2008R2 computer, you would create the listener on that computer.

    Your command is attempting to create an HTTPS listener, but your question indicated you are trying to create an HTTP listener. Which is it? Why do you need to create a listener on the Windows 7 computer?

    Please note that BMP files are very large. We only accept PNG and JPG file attachments, as specified above the attachments button.

  • #12279

    Sorry, And thanks for your prompt reply.
    I would try to put it in brief, what I am trying to achieve.

    We were actually using custom credential provider with our products.Using remote desktop we sign-in using the custom credentials(using challenge response scheme) as shown in credentials.png.
    Now we are trying to do it in a way like SSH.Can you please help as I am new to powershell and wondering that is it(challenge response scheme) possible with powershell.

    Coming to my previous question, should we start the listener at windows 2008 R2 end.Appreciate your help
    Happy New year 2014 🙂

  • #12284

    Dave Wyatt
    Moderator

    I don't think it's possible to customize WinRM's authentication in that way (though I'm not 100% certain of that). You might be able to do something like set up a constrained endpoint which allows you to run a command to perform the challenge / response step, and if successful, unlocks other commands in the session.

  • #12287

    Don Jones
    Keymaster

    It isn't currently possible to do that without extensive custom programming. WinRM can only use its built-in authentication providers; you could write a custom one but I'm not sure the APIs to do so are even public. You certainly can't do it by using a standard listener. As Dave suggests, a constrained endpoint could probably be used to hack something together, but there are some workarounds within a custom endpoint that might make that unsuitable for a commercial product. I don't think it's practical to do what you're trying, given the current state of the technology.

    BeyondTrust does something similar, but what they do requires the client to have an HTTP(S) proxy rule in place. WinRM traffic is then directed to their proxy, where they do additional authentication and authorization before forwarding the request to the desired endpoint. It's a fairly complex infrastructure.

  • #12403

    Dave Wyatt
    Moderator

    I haven't used the AWS cmdlets before, but based on what's in that article, it looks like Amazon implements their own authentication mechanism that has nothing to do with WSMAN / WinRM / PS Remoting. That's not the same as extending WSMAN's authentication behavior.

  • #12501

    Thanks Dave

  • #12282

    [quote=12279]
    Iam trying to connect the windows 2008 R2 from windows 7 machine.
    [/quote]

You must be logged in to reply to this topic.