ChefDK -提供域凭据时切换到基本身份验证的WinRM。

Question

我在64位的Windows7上使用ChefDK 0.3.5。我在尝试使用Chef和WinRM在远程服务器上执行chef-client命令时遇到了一点问题。我发出的命令如下：

C:\U\user1> knife winrm "fqdn:testserver.*" "netstat" -x 'domain\user1' -P 'password'
WARNING: Switching to Negotiate authentication, Basic does not support Domain Authentication
ERROR: RuntimeError: Error: Unencrypted communication not supported. Please check winrm configuration winrm/config/service AllowUnencrypted flag.

我得到的结果不会让我做我想做的事。所以我在谷歌上搜索了一下，发现了一些关于不验证SSL或使用:verify_peer的问题，这也没什么用。因此，我在命令提示符中再次执行了WinRM配置命令，因为PowerShell告诉我它们是错误的。

C:\Users\user1>C:\WIndows\System32\cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB="300"}
Winrs
    AllowRemoteShellAccess = true
    IdleTimeout = 7200000
    MaxConcurrentUsers = 10
    MaxShellRunTime = 2147483647
    MaxProcessesPerShell = 25
    MaxMemoryPerShellMB = 300
    MaxShellsPerUser = 30


C:\Users\user1>C:\WIndows\System32\cmd.exe /c winrm set winrm/config @{MaxTimeoutms="1800000"}
Config
    MaxEnvelopeSizekb = 500
    MaxTimeoutms = 1800000
    MaxBatchItems = 32000
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = false
        Auth
            Basic = true
            Digest = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = false
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts
    Service
        RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;G
XGW;;;WD)
        MaxConcurrentOperations = 4294967295
        MaxConcurrentOperationsPerUser = 1500
        EnumerationTimeoutms = 240000
        MaxConnections = 300
        MaxPacketRetrievalTimeSeconds = 120
        AllowUnencrypted = true
        Auth
            Basic = false
            Kerberos = true
            Negotiate = true
            Certificate = false
            CredSSP = false
            CbtHardeningLevel = Relaxed
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        IPv4Filter = *
        IPv6Filter = *
        EnableCompatibilityHttpListener = false
        EnableCompatibilityHttpsListener = false
        CertificateThumbprint
        AllowRemoteAccess = true
    Winrs
        AllowRemoteShellAccess = true
        IdleTimeout = 7200000
        MaxConcurrentUsers = 10
        MaxShellRunTime = 2147483647
        MaxProcessesPerShell = 25
        MaxMemoryPerShellMB = 300
        MaxShellsPerUser = 30


C:\Users\user1>C:\WIndows\System32\cmd.exe /c winrm set winrm/config/service@{AllowUnencrypted="true"}
Service 
  RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;
;;WD)
    MaxConcurrentOperations = 4294967295
    MaxConcurrentOperationsPerUser = 1500
    EnumerationTimeoutms = 240000
    MaxConnections = 300
    MaxPacketRetrievalTimeSeconds = 120
    AllowUnencrypted = true
    Auth
        Basic = false
        Kerberos = true
        Negotiate = true
        Certificate = false
        CredSSP = false
        CbtHardeningLevel = Relaxed
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    IPv4Filter = *
    IPv6Filter = *
    EnableCompatibilityHttpListener = false
    EnableCompatibilityHttpsListener = false
    CertificateThumbprint
    AllowRemoteAccess = true

执行完这些命令后，我再试一次，ChefDK看着我，好像我是个笨蛋。我不确定为什么Chef要尝试使用基本身份验证，然后我给它提供了域凭据。这在以前也是有效的，但我不得不买一台新的电脑和我的笔记，安装丢失了。有什么想法是我可能会错过的吗？如果我遗漏了任何信息，请让我知道，我会更新我的问题。

Answer 1

客户端命令告诉您：

Unencrypted communication not supported. Please check winrm configuration winrm/config/service AllowUnencrypted flag.

从timeout命令的结果打印出来的配置告诉您：

Config
    MaxEnvelopeSizekb = 500
    MaxTimeoutms = 1800000
    MaxBatchItems = 32000
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = false

您需要通过运行以下命令将AllowUnencrypted标志设置为true：

winrm set winrm/config/service @{AllowUnencrypted="true"}

最新版本的github刀子窗口添加了创建ssl证书和加强连接的命令，当你准备好的时候，希望你会想要这样做。