================================================================================ QUICK TEST GUIDE - WinRM HTTPS Deployment ================================================================================ DEPLOYMENT PACKAGE STATUS: READY FOR TESTING Certificate Password: XqHuyaLZSyCYEcpsMz6h5 ================================================================================ WHAT'S INCLUDED ================================================================================ DEPLOYMENT SCRIPTS (Ready to Use): ✓ Deploy-WinRM-HTTPS.bat - Secure version (prompts for password) ✓ Deploy-WinRM-HTTPS-AutoPassword.bat - Testing version (auto-password) ✓ Setup-WinRM-HTTPS.ps1 - Main PowerShell setup script ✓ Test-WinRM-HTTPS.bat - Test connectivity ✓ Test-WinRM-HTTPS-Setup.ps1 - PowerShell test script UTILITIES: ✓ View-DeploymentLogs.ps1 - View and analyze deployment logs DOCUMENTATION: ✓ 0-START-HERE.txt - Quick start guide ✓ README-DEPLOYMENT.txt - Detailed deployment instructions ✓ README-AUTO-PASSWORD.txt - Auto-password version guide ✓ NETWORK_SHARE_DEPLOYMENT.md - Network deployment guide ✓ LOGGING-README.txt - Logging system documentation ✓ CHECKLIST.txt - Deployment tracking checklist REQUIRED (Must Add): ⚠ wildcard-logon-ds-ge-com-20251017.pfx - CERTIFICATE FILE (MUST COPY!) ================================================================================ BEFORE YOU START ================================================================================ 1. ADD CERTIFICATE TO THIS FOLDER Copy: wildcard-logon-ds-ge-com-20251017.pfx To: deployment-package folder Without the certificate, deployment will fail! 2. COPY TO NETWORK SHARE Copy entire deployment-package folder to network share Example: \\SERVER\Shares\WinRM-HTTPS Set permissions: "Domain Computers" - Read access ================================================================================ QUICK TEST (3 STEPS) ================================================================================ STEP 1: Prepare Test PC - Choose a test PC (e.g., G9KN7PZ3ESF) - Log in with admin account - Navigate to network share: \\SERVER\Shares\WinRM-HTTPS STEP 2: Run Auto-Password Deployment (For Testing) - Right-click: Deploy-WinRM-HTTPS-AutoPassword.bat - Select: "Run as Administrator" - No password prompt - runs automatically! - Wait for SUCCESS message STEP 3: Check Results - Look for SUCCESS message on screen - Check log file: S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\HOSTNAME-YYYYMMDD-HHMMSS.txt - Verify HTTPS listener created ================================================================================ TESTING COMMANDS ================================================================================ From Management Server (After Deployment): # Test WinRM HTTPS Connection Test-WSMan -ComputerName g9kn7pz3esf.logon.ds.ge.com -Port 5986 -UseSSL # Create Remote Session $cred = Get-Credential New-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com ` -Credential $cred -UseSSL -Port 5986 # Or Interactive Session Enter-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com ` -Credential $cred -UseSSL -Port 5986 ================================================================================ CHECKING DEPLOYMENT LOGS ================================================================================ View Latest Logs: .\View-DeploymentLogs.ps1 -Latest 10 View Logs for Specific PC: .\View-DeploymentLogs.ps1 -Hostname "G9KN7PZ3ESF" View Failed Deployments: .\View-DeploymentLogs.ps1 -Failed Generate Summary Report: .\View-DeploymentLogs.ps1 (Select option 6) ================================================================================ WHAT THE SCRIPT DOES ================================================================================ When you run Deploy-WinRM-HTTPS-AutoPassword.bat: 1. ✓ Checks for Administrator privileges 2. ✓ Verifies Setup-WinRM-HTTPS.ps1 exists 3. ✓ Verifies wildcard-*.pfx certificate exists 4. ✓ Creates log directory if needed 5. ✓ Imports certificate to Local Machine store 6. ✓ Creates WinRM HTTPS listener on port 5986 7. ✓ Configures firewall rule for port 5986 8. ✓ Enables WinRM service 9. ✓ Logs all activity to S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\ ================================================================================ EXPECTED RESULTS ================================================================================ Success Indicators: ✓ Console shows: [SUCCESS] WinRM HTTPS Setup Complete ✓ Log file created in S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\ ✓ Certificate imported (check Cert:\LocalMachine\My) ✓ HTTPS listener active on port 5986 ✓ Firewall rule "WinRM HTTPS-In" created ✓ Test-WSMan works from management server Verify on Target PC: # Check WinRM listeners winrm enumerate winrm/config/listener # Check certificate Get-ChildItem Cert:\LocalMachine\My | Where-Object {$_.Subject -like "*logon.ds.ge.com*"} # Check firewall rule Get-NetFirewallRule -DisplayName "WinRM HTTPS-In" ================================================================================ TROUBLESHOOTING ================================================================================ If Deployment Fails: 1. Check Administrator Privileges - Must right-click and "Run as Administrator" 2. Check Certificate File - Must be in same folder as batch file - Filename: wildcard-logon-ds-ge-com-20251017.pfx - Password: XqHuyaLZSyCYEcpsMz6h5 3. Check Log File - Location: S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\HOSTNAME-*.txt - Look for [ERROR] messages - Check for certificate import errors - Check for listener creation errors 4. Check Network Connectivity - Can the PC reach S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\ ? - Can the PC resolve DNS for *.logon.ds.ge.com ? 5. Check Existing Configuration - Remove old HTTPS listeners: winrm delete winrm/config/Listener?Address=*+Transport=HTTPS ================================================================================ RECENT FIXES APPLIED ================================================================================ ✓ Fixed: WinRM listener creation command (now uses cmd.exe /c) ✓ Fixed: LogFile parameter added to Setup-WinRM-HTTPS.ps1 ✓ Added: Auto-password version for testing convenience ✓ Added: Comprehensive logging to network share ✓ Added: Execution policy bypass in batch files ================================================================================ PRODUCTION DEPLOYMENT (After Testing) ================================================================================ Once testing is successful on 3-5 PCs: 1. DELETE Auto-Password Version - Remove Deploy-WinRM-HTTPS-AutoPassword.bat from network share - Security risk if left accessible! 2. Use Secure Version for Production - Deploy-WinRM-HTTPS.bat (prompts for password) - More secure for 175 PC rollout 3. Track Progress - Use CHECKLIST.txt to track deployments - Review logs regularly - Generate summary reports with View-DeploymentLogs.ps1 4. Batch Deployment - Deploy in groups of 10-20 PCs - Verify each batch before continuing - Monitor log files for issues ================================================================================ TARGET SYSTEMS ================================================================================ Total Shopfloor PCs: 175 Domain: logon.ds.ge.com WinRM Port: 5986 (HTTPS) Certificate: *.logon.ds.ge.com wildcard Hostnames list: ../shopfloor-hostnames.txt ================================================================================ SUPPORT ================================================================================ For issues or questions: - Read NETWORK_SHARE_DEPLOYMENT.md - Read LOGGING-README.txt - Check troubleshooting section in parent folder - Review deployment logs ================================================================================ NEXT STEPS ================================================================================ [ ] 1. Copy wildcard-logon-ds-ge-com-20251017.pfx to this folder [ ] 2. Copy deployment-package to network share [ ] 3. Set "Domain Computers" read permissions on share [ ] 4. Test on 1 PC with Deploy-WinRM-HTTPS-AutoPassword.bat [ ] 5. Verify log file created successfully [ ] 6. Test remote connection from management server [ ] 7. If successful, test on 3-5 more PCs [ ] 8. Switch to secure version for production rollout [ ] 9. Deploy to remaining 170 PCs in batches [ ] 10. Track progress and verify all deployments ================================================================================ READY TO BEGIN TESTING! ================================================================================