Archive for the ‘remote connections’ Tag

Enabling the IIS Management Service on Server Core 2012   Leave a comment

Install the IIS Management Service (assuming IIS is already installed)

  • Open an elevated Powershell session
  • Run: Install-WindowsFeature -Name Web-Mgmt-Service
  • Run: sc config WMSVC start=auto
  • Run Regedit.exe and navigate to HKLM\Software\Microsoft\WebManagement\Server
  • Change the binary value of EnableRemoteManagement from 0 to 1
  • Run: Start-Service WMSVC

Optional: Enrol a certificate from an internal AD CA

  • Open an elevated Powershell session
  • Launch Notepad
  • Add the following lines to the new file:
    [NewRequest]
    Subject=”cn=yourServer.yourDomain.com”
    Exportable=TRUE
    [RequestAttributes]
    CertificateTemplate=”WebServer”
  • Save the file as something ending in .inf, for example iis.inf
  • Run: certreq -new d:\temp\iis.inf d:\temp\request.txt
  • Run: certreq -submit d:\temp\request.txt d:\temp\iiscert.cer
  • Run: certreq -accept d:\temp\iiscert.cer

Optional: Changing the listener certificate

  • Open an elevated PowerShell session
  • Run: Get-ChildItem -Path “cert:\localmachine\my”
  • Copy the thumbprint for the certificate you enrolled above
  • Run the following
    netsh
    http
    del sslcer ipport=0.0.0.0:8172
    For the next command, replace yourCert with the thumbprint copied from step 3:
    add sslcert ipport=0.0.0.0:8172 certhash=yourCert appid={00000000-0000-0000-0000-000000000000} certstorename=MY verifyrevocationwithcachedclientcertonly=disable usagecheck=enable dsmapperusage=disable clientcertnegotiation=disable
  • Run: show sslcer, just to just to check the binding was successfully applied with the nominated settings (even if the output from the above command was successful)

Assuming you completed the optional steps, you can now bind to the IIS Management Service without receiving the certificate trust warning.

If you elected to skip the optional procedures, you will still be able to connect, you’ll just have to put up with the warnings.

Cheers,
Lain

Advertisements