Before you add a physical machine to a manual unmanaged desktop pool, you must log in to the machine as an administrator and perform certain configuration tasks.
Prerequisites
- Verify that you have administrator credentials for logging in to the machine. If the machine is joined to a domain, obtain domain administrator credentials.
- Become familiar with the procedure for configuring WinRM to use HTTP. See the vCenter Plug-Ins documentation.
Procedure
- Log in as an administrator and set the Windows Remote Manager service to start automatically.
- Go to the Services applet.
- Right-click the Windows Remote Management (WS-Management) service and select Properties.
- Select the startup type Automatic, click Start, and click OK after the service starts.
- Start PowerShell as an administrator and use the following commands to configure remote execution policies.
- Use the following command to verify that the policy is set to RemoteSigned.
- If the policy is set to Restricted, use the following command:
Set-ExecutionPolicy RemoteSigned
Press Y when prompted.
- Use the following command to enable remote execution for WinRM
Enable-PSRemoting
Press Y when prompted.
- Use a command to add vRealize Orchestrator hosts as trusted servers.
| Option |
Command |
| Add all machines as trusted hosts. |
Set-Item wsman:\localhost\client\trustedhosts * or set-item wsman:\localhost\Client\TrustedHosts -value *
|
| Add all domain machines as trusted hosts. |
set-item wsman:\localhost\Client\TrustedHosts *.domain.com |
| Add a single machine (use the FQDN of the machine). |
set-item wsman:\localhost\Client\TrustedHosts -value hostname.domain.com |
| Add a single machine using the IP address. |
set-item wsman:\localhost\Client\TrustedHosts -value xxx.xxx.xxx.xxx |
Press Y when prompted.
Note: You can use the following command to see the list of trusted hosts:
Get-item wsman:\localhost\Client\TrustedHosts
- Use the following command to restart WinRM Service:
Restart-Service WinRM
- On another Windows machine, test the connection to the machine you just configured by running the following command.
Test-WsMan IP-or-DNS-of-machine
For example:
Test-WsMan 12.34.56.78
The output is similar to the following:
wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor : Microsoft Corporation
ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 2.0
If you use the following command, the output lists the contents of the C drive:
Invoke-Command -ComputerName IP-or-DNS-of-machine -ScriptBlock { Get-ChildItem C:\ }
-credential domain\administrator
- Open a command prompt and configure the physical machine (WinRM host) to enable the communication with the PowerShell plug-in through the HTTP protocol.
If you use PowerShell 2.0, enclose the commands in single quotes, as follows:
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/client '@{AllowUnencrypted="true"}'
If the WinRM host machine is in an external domain, you must also run the following command to specify the trusted hosts:
winrm set winrm/config/client @{TrustedHosts="host1, host2, host3"}
You can use the following command to verify the settings after you finish making changes:
winrm get winrm/config
- For machines that belong to a domain, enable and test Kerberos authentication.
- Open a command prompt and use the following commands to enable Kerberos authentication:
winrm set winrm/config/service/auth '@{Kerberos=”true”}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/client/auth '@{Kerberos=”true”}'
winrm set winrm/config/client '@{AllowUnencrypted="true"}'
- Use the following command to test Kerberos authentication:
winrm id -r:machine.domain.com -auth:Kerberos -u:administrator@domain.com -p:'password'
- Install Horizon Agent in the physical machine.
