Adding a DMZ server to the TrustedHosts list

Today I was working with Release Management in an On-Premise TFS 2015 situation where I had to release into server located in the DMZ.

After getting all kinds of things in place, like installing an agent, having shadow accounts setup and having validated i could reach and use the agent to install the required software I came across another issue.

The issue issue was that to be able to run a PowerShell script on the machine, WinRM is used. When running that PowerShell script from the release pipeline it blew up the pipeline with the following error:

“The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config.”

As the error suggests you need to add the server to the local TrustedHosts list. I first checked the current list with the following command:

get-item wsman:\localhost\Client\TrustedHosts

That returned an empty list. And thus I decided to add the current server to the list, which can be done with the following command:

set-item wsman:\localhost\Client\TrustedHosts -value 192.168.XX.XX

The following screen shows the commands in action, actual IP’s are blurred.


When re-running the deployment all was good in the “safe zone”


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s