Blog

Adding a DMZ server to the TrustedHosts list

10 Oct, 2016
Xebia Background Header Wave

Today I was working with Release Management in an On-Premise TFS 2015 situation where I had to release into server located in the DMZ.

After getting all kinds of things in place, like installing an agent, having shadow accounts setup and having validated i could reach and use the agent to install the required software I came across another issue.

The issue issue was that to be able to run a PowerShell script on the machine, WinRM is used. When running that PowerShell script from the release pipeline it blew up the pipeline with the following error:

“The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config.”

As the error suggests you need to add the server to the local TrustedHosts list. I first checked the current list with the following command:

get-item wsman:localhostClientTrustedHosts

That returned an empty list. And thus I decided to add the current server to the list, which can be done with the following command:

set-item wsman:localhostClientTrustedHosts -value 192.168.XX.XX

The following screen shows the commands in action, actual IP’s are blurred.

dmz_powershell_trustedhosts

When re-running the deployment all was good in the “safe zone”

Questions?

Get in touch with us to learn more about the subject and related solutions

Explore related posts