One of the most common problems I come across at Chef is diagnosing whether or not WinRM is actually listening or accessible on a remote node. This can be a problem with

knife bootstrap windows winrm

or

knife winrm

or in Test-Kitchen or Chef Provisioning.

Testing from Windows

From Windows, there is a PowerShell command - Test-WSMan.

Checks that the WinRM service is listening

  • Replace 192.168.1.82 with the IP or hostname of the target node

test-wsman 192.168.1.82

Checks that the local account can log in via WinRM using Basic Auth

  • Replace 192.168.1.82 with the IP or hostname of the target node
  • Replace user with the local or domain user account to authenticate

$Credential = Get-Credential user

test-wsman 192.168.1.82 -Authentication Basic -Credential $Credential

Checks that the local account can log in via WinRM using Negotiate Auth (either NTLM or Kerberos)

  • Replace 192.168.1.82 with the IP or hostname of the target node
  • Replace user with the local or domain user account to authenticate with

$Credential = Get-Credential

test-wsman 192.168.1.82 -Authentication Negotiate -Credential $Credential

Testing from Linux or Mac OSX

There is no Test-WSMan on these platforms, so we’ve got to improvise.

Checks that the WinRM service is listening

  • Replace 192.168.1.82 with the IP or hostname of the target node
curl --header "Content-Type: application/soap+xml;charset=UTF-8" --header "WSMANIDENTIFY: unauthenticated" http://192.168.1.82:5985/wsman --data '<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsmid="http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd"><s:Header/><s:Body><wsmid:Identify/></s:Body></s:Envelope>'

Checks that the local account can log in via WinRM using Basic Auth

  • Replace user:password with the appropriate local user account and password
  • Replace 192.168.1.82 with the IP or hostname of the target node
curl --header "Content-Type: application/soap+xml;charset=UTF-8" http://192.168.1.82:5985/wsman --basic  -u user:password --data '<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsmid="http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd"><s:Header/><s:Body><wsmid:Identify/></s:Body></s:Envelope>'