search

cloudsoft / winrm4j

Apache License 2.0
94 stars 53 forks source link

Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response '403: Forbidden' when communicating with https://myserver.com:5985/wsman #115

Open techdinesh opened 4 years ago

techdinesh commented 4 years ago

Hi, I am working below the snippet of code, which is working in both the local windows machine and LINUX VM. When I am deploying the same code giving below error in the console. The deployed code is running on the top of the Linux server machine, So the same code snippet is not working.

Please help to resolve this issue.

WinRmTool.Builder builder = WinRmTool.Builder.builder(
                "myserver.com", "NAME_OF_MY_DOMAIN", "NAME_OF_MY_USER",
                "MY_PASSWORD");

        builder.disableCertificateChecks(true);
        builder.setAuthenticationScheme(AuthSchemes.NTLM);
        builder.port(WinRmTool.DEFAULT_WINRM_HTTPS_PORT);
        builder.useHttps(false);
        WinRmTool tool = builder.build();
        WinRmToolResponse result = tool.executeCommand("echo aaa");

Error Message

java.lang.RuntimeException: failed task create at io.cloudsoft.winrm4j.client.RetryingProxyHandler.invokeWithRetry(RetryingProxyHandler.java:67)

Caused by: javax.xml.ws.WebServiceException: Could not send Message.

org.apache.cxf.transport.http.HTTPException: HTTP response '404: Not Found' when communicating with http://myserver.com:5985/wsman

Ex 2: Even we tried builder.useHttps(true);

Error Message 

Caused by: javax.xml.ws.WebServiceException: Could not send Message.
    at org.apache.cxf.jaxws.JaxWsClientProxy.mapException(JaxWsClientProxy.java:183)
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
    at com.sun.proxy.$Proxy136.create(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at io.cloudsoft.winrm4j.client.RetryingProxyHandler.invokeWithRetry(RetryingProxyHandler.java:44)
    ... 58 more
Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response '403: Forbidden' when communicating with https://myserver.com:5985/wsman

As suggested by @neykov I have tried by using this below command. getting Negotiate = true

Is it required to enable both the below Httplistener =true?

```EnableCompatibilityHttpListener = false```
```EnableCompatibilityHttpsListener = false```
C:\Users\dp>winrm get winrm/config/service
Service
    RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;
;;WD)
    MaxConcurrentOperations = 4294967295
    MaxConcurrentOperationsPerUser = 1500
    EnumerationTimeoutms = 240000
    MaxConnections = 300
    MaxPacketRetrievalTimeSeconds = 120
    AllowUnencrypted = true [Source="GPO"]
    Auth
        Basic = true [Source="GPO"]
        Kerberos = true
        Negotiate = true
        Certificate = false
        CredSSP = true [Source="GPO"]
        CbtHardeningLevel = Relaxed
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    IPv4Filter = * [Source="GPO"]
    IPv6Filter = * [Source="GPO"]
    EnableCompatibilityHttpListener = false
    EnableCompatibilityHttpsListener = false
    CertificateThumbprint = fa cc e3 1e 45 36 a6 2c  2c 03 d6 82 72 e5 1d e3b1 d
f 85 87
    AllowRemoteAccess = true [Source="GPO"]

please help and advice.

Thanks

techdinesh commented 4 years ago

Even I tried enabling 

winrm set winrm/config/service @{EnableCompatibilityHttpListener="true"}

winrm set winrm/config/service @{EnableCompatibilityHttpsListener="true"}

still getting same error message.

Caused by: javax.xml.ws.WebServiceException: Could not send Message.
    at org.apache.cxf.jaxws.JaxWsClientProxy.mapException(JaxWsClientProxy.java:183)
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
    at com.sun.proxy.$Proxy214.create(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at io.cloudsoft.winrm4j.client.RetryingProxyHandler.invokeWithRetry(RetryingProxyHandler.java:44)
    ... 54 more
Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response '403: Forbidden' when communicating with https://server.com:5985/wsman

Now If you entered this command

winrm get winrm/config/service

C:\Users\name>winrm get winrm/config/service
Service
    RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;
;;WD)
    MaxConcurrentOperations = 4294967295
    MaxConcurrentOperationsPerUser = 1500
    EnumerationTimeoutms = 240000
    MaxConnections = 300
    MaxPacketRetrievalTimeSeconds = 120
    AllowUnencrypted = true [Source="GPO"]
    Auth
        Basic = true [Source="GPO"]
        Kerberos = true
        Negotiate = true
        Certificate = false
        CredSSP = true [Source="GPO"]
        CbtHardeningLevel = Relaxed
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    IPv4Filter = * [Source="GPO"]
    IPv6Filter = * [Source="GPO"]
    EnableCompatibilityHttpListener = true
    EnableCompatibilityHttpsListener = true
    CertificateThumbprint = fa cc e3 1e 45 36 a6 2c  2c 03 d6 82 72 e5 1d e3b1 d
f 85 87
    AllowRemoteAccess = true [Source="GPO"]
neykov commented 4 years ago

Since you are able to login from the local machine it seems you are missing some extra configuration to allow external access. One thing I noticed is that while you are trying to connect using https you are still using the http port (5985). One thing you could try is testing the connection from another windows machine using:

winrs -r:<address>  -u:<user> -p:<pass> echo aaa

Also make sure you have enabled the https listener on the host machine, configured the firewall to let traffic trough and possibly add the client machine to winrm's TrustedHosts.

techdinesh commented 4 years ago

Yes, I have rectified this issue and tried WinRmTool.DEFAULT_WINRM_HTTPS_PORT).useHttps(true) still getting same error message.

techdinesh commented 4 years ago

@neykov, Addressed your comments, can you please advise little more to troubleshoot this issue.

Thanks!

neykov commented 4 years ago

@techdinesh have you tried connecting to the machine using the winrs command I included above (from external machine)? Also have you checked you have the TrustedHosts configured properly?

techdinesh commented 4 years ago

Hi @neykov , I have tried this command

winrs -r:<address> -u:<user> -p:<pass> echo aaa

getting below error message

Winrs error:The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig".

And this command is working wirm quickconfigin host machine as well

WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.

Please advise

techdinesh commented 4 years ago

I have used the correct hostname and user credentials. still, same error is occuring winrs -r:http//servername.com -u:username -p:password echo hello

neykov commented 4 years ago

This means that you are getting the error because the target machine is configured incorrectly. Once you fix the configuration and get the winrs command working properly you can try connecting with the winrm4j library. There could be a number of problems leading to this, as I mentioned in my previous post:

Also make sure you have enabled the https listener on the host machine, configured the firewall to let traffic trough and possibly add the client machine to winrm's TrustedHosts.

With the last one most likely to be the cause of the issue.

techdinesh commented 4 years ago

@neykov , Thank you so much for your help, however, we were able to ping the host in both local and remote machines, tried the curl command in both is giving expected output. I believe need to report the network engineer team to resolve the firewall issues.

can you please elaborate on what is doing exactly achieve this command especially winrs? > winrs -r:http//servername.com -u:username -p:password echo hello

neykov commented 4 years ago

This command will use the same protocol and execute similar steps to winrm4j so it's important to get it working first.

techdinesh commented 4 years ago

Hi @neykov , Thank you so much for your input. I have tested using below command and getting success response from my machine

winrs -r:http//servername.com -u:username -p:password echo hello

however, how can test the same command in linux box ?

techdinesh commented 4 years ago

Because my local Linux machine to the target server is working fine. I have tested by using curl command and ping command from remote Linux to destination server all are working. But the problem is occurring after deployment my code in remote Linux server to the destination machine.