I think I may have found the issue.
I'd originally been running into problems with the HTTPS listener. I wanted to use an explicit IP but this is only available when using SSL. Setting up the SSL listener with the following:
Set-WSManQuickConfig -UseSSL -Force
or
winrm quickconfig -transport:https -Force
would configure the listener on the server but would still fail when connecting from the client with the -UseSSL
parameter.
I gave up on the IPs and returned to using machine names. I left the attempts to set HTTPS in the script but ran into the issues you were having with the 500 responses when using Credssp
for authentication.
Finally, I decided to try one thing at a time. As soon as I removed the HTTPS settings, things worked!
My full script looks like this:
# Disable/revoke winrm/remoting
Start-Service winrm
winrm invoke restore winrm/config
Disable-PSRemoting -Force
Disable-WSManCredSSP -Role Client
Disable-WSManCredSSP -Role Server
Stop-Service winrm
# Enable remoting
Enable-PSRemoting -Force
Enable-WSManCredSSP -Role Server -Force
Enable-WSManCredSSP -Role Client -DelegateComputer "*.mydomain.com" -Force
winrm enumerate winrm/config/listener
Set-Item WSMan:\localhost\Client\TrustedHosts "*.mydomain.com" -Force
It's certainly not ideal,, but I hope it helps.
Best Answer
Is it still not working? Time to break out the big guns. First, try to browse to it from the same server, see if you get the expected folder listing. If it fails, you might get a better reason, and if not, fire up OpenSSL instead:
will give you a log of information about each step of the handshake, and the --debug option will show even more detail. It'll complain about having an invalid cert, bad time, or only outdated algorithms.
Of course, make sure you can even ping it and that https isn't firewalled off for some reason.