The OS is Windows Server 2019 build 9600 with the latest version of WAC.
Thats right I have also tested with WAC on a Windows 10. There I Was able to create the configuration package.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I have setup Windows Admin Center in Gateway mode. Also a commercial certificate is installed.
The problem is that I have setup RBAC and added a user to the Hyper-V Administrators group, but I cannot login unless I add this test user to the local administrators group.
I was thinking it has to do something with RBAC and tried to download the configuration package using this command
$WindowsAdminCenterGateway = 'https://windowsadmincenter.contoso.com'
Invoke-RestMethod -Uri "$WindowsAdminCenterGateway/api/nodes/all/features/jea/endpoint/export" -Method POST -UseDefaultCredentials -OutFile "~\Desktop\WindowsAdminCenter_RBAC.zip"
But I cannot get this to work and it has to do something with the SSL. When I run the command on my W10 machine it runs fine.
Any ideas?
The OS is Windows Server 2019 build 9600 with the latest version of WAC.
Thats right I have also tested with WAC on a Windows 10. There I Was able to create the configuration package.
The error I get when running the command is “could not establish trust relationship for the ssl/tls secure channel
I found some sort of a solution by ignoring the certificate (see script below), but only by using localhost. I also cannot login to WAC using the fqdn (not authorised)
This works: Invoke-RestMethod -Uri "https://localhost:443/api/nodes/all/features/jea/endpoint/export"
This doesn't: Invoke-RestMethod -Uri "https://fqdn:443/api/nodes/all/features/jea/endpoint/export"
Ignore certificate
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback = @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class ServerCertificateValidationCallback
{
public static void Ignore()
{
if(ServicePointManager.ServerCertificateValidationCallback ==null)
{
ServicePointManager.ServerCertificateValidationCallback +=
delegate
(
Object obj,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors errors
)
{
return true;
};
}
}
}
"@
Add-Type $certCallback
}
Issue is resolved. I had to run the command from a remote host.
Thanks!
Robin
There is still an issue that has somthing to do with RBAC.
I have added a test user to the Windows Admin Center Hyper-V Administrators group, but when I click on Virtual machines in WAC, there is an error.
This operation was blocked by role based access control settings.