Github user cloudsoftreleaser commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/36#discussion_r57519906
--- Diff: guide/yaml/winrm/index.md ---
@@ -289,11 +289,24 @@ When a script is run over WinRM, the credentials
under which the script are run
solution is to obtain a new set of credentials within the script and use
those credentials to
required commands.
-Certain Windows registry keys must be reconfigured in order to support
re-authentication. For
-clouds that support an init script, Brooklyn can take care of this at
instance boot time, as part
-of the setup script. For clouds where an init script is not (currently)
supported, such as Azure,
-it is assumed that the VM is already correctly configured. Please ensure
that Brooklyn's changes
-are compatible with your organisation's security policy.
+The WinRM client uses Negotiate+NTLM to authenticate against the machine.
+This mechanism applies certain restrictions to executing commands on the
windows host.
+
+For this reason you should enable CredSSP on the windows host which grants
all privileges available to the user.
+ https://technet.microsoft.com/en-us/library/hh849719.aspx#sectionSection4
+
+To use `Invoke-Command -Authentication CredSSP` the Windows Machine has to
have:
+- Up and running WinRM over http
--- End diff --
@bostko I thought we were using https with winrm4j now. Are we using http
just for this? So do we enable both? Or just one of them?
In separate communication, you said about an error for MSSQL@Azure:
`NoSuchElementException: could not connect to any socket in [40.68.36.154:5986,
100.89.232.98:5986]`. That is the https port, so I assumed we were using https.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
