ge-aerospace/powershell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
62c0c7bb06fa5cf497b782979b9a329ef58afcd1
powershell-scripts/winrm-https/deployment-package/QUICK-TEST-GUIDE.txt
cproudlock 62c0c7bb06 Initial commit: Organized PowerShell scripts for ShopDB asset collection 
Structure:
- asset-collection/: Local PC data collection scripts
- remote-execution/: WinRM remote execution scripts
- setup-utilities/: Configuration and testing utilities
- registry-backup/: GE registry backup scripts
- winrm-https/: WinRM HTTPS certificate setup
- docs/: Complete documentation

Each folder includes a README with detailed documentation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-10 10:57:54 -05:00

244 lines
8.8 KiB
Plaintext
Raw Blame History

================================================================================
QUICK TEST GUIDE - WinRM HTTPS Deployment
================================================================================
DEPLOYMENT PACKAGE STATUS: READY FOR TESTING
Certificate Password: XqHuyaLZSyCYEcpsMz6h5
================================================================================
WHAT'S INCLUDED
================================================================================
DEPLOYMENT SCRIPTS (Ready to Use):
✓ Deploy-WinRM-HTTPS.bat - Secure version (prompts for password)
✓ Deploy-WinRM-HTTPS-AutoPassword.bat - Testing version (auto-password)
✓ Setup-WinRM-HTTPS.ps1 - Main PowerShell setup script
✓ Test-WinRM-HTTPS.bat - Test connectivity
✓ Test-WinRM-HTTPS-Setup.ps1 - PowerShell test script
UTILITIES:
✓ View-DeploymentLogs.ps1 - View and analyze deployment logs
DOCUMENTATION:
✓ 0-START-HERE.txt - Quick start guide
✓ README-DEPLOYMENT.txt - Detailed deployment instructions
✓ README-AUTO-PASSWORD.txt - Auto-password version guide
✓ NETWORK_SHARE_DEPLOYMENT.md - Network deployment guide
✓ LOGGING-README.txt - Logging system documentation
✓ CHECKLIST.txt - Deployment tracking checklist
REQUIRED (Must Add):
⚠ wildcard-logon-ds-ge-com-20251017.pfx - CERTIFICATE FILE (MUST COPY!)
================================================================================
BEFORE YOU START
================================================================================
1. ADD CERTIFICATE TO THIS FOLDER
Copy: wildcard-logon-ds-ge-com-20251017.pfx
To: deployment-package folder
Without the certificate, deployment will fail!
2. COPY TO NETWORK SHARE
Copy entire deployment-package folder to network share
Example: \\SERVER\Shares\WinRM-HTTPS
Set permissions: "Domain Computers" - Read access
================================================================================
QUICK TEST (3 STEPS)
================================================================================
STEP 1: Prepare Test PC
- Choose a test PC (e.g., G9KN7PZ3ESF)
- Log in with admin account
- Navigate to network share: \\SERVER\Shares\WinRM-HTTPS
STEP 2: Run Auto-Password Deployment (For Testing)
- Right-click: Deploy-WinRM-HTTPS-AutoPassword.bat
- Select: "Run as Administrator"
- No password prompt - runs automatically!
- Wait for SUCCESS message
STEP 3: Check Results
- Look for SUCCESS message on screen
- Check log file: S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\HOSTNAME-YYYYMMDD-HHMMSS.txt
- Verify HTTPS listener created
================================================================================
TESTING COMMANDS
================================================================================
From Management Server (After Deployment):
# Test WinRM HTTPS Connection
Test-WSMan -ComputerName g9kn7pz3esf.logon.ds.ge.com -Port 5986 -UseSSL
# Create Remote Session
$cred = Get-Credential
New-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com `
-Credential $cred -UseSSL -Port 5986
# Or Interactive Session
Enter-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com `
-Credential $cred -UseSSL -Port 5986
================================================================================
CHECKING DEPLOYMENT LOGS
================================================================================
View Latest Logs:
.\View-DeploymentLogs.ps1 -Latest 10
View Logs for Specific PC:
.\View-DeploymentLogs.ps1 -Hostname "G9KN7PZ3ESF"
View Failed Deployments:
.\View-DeploymentLogs.ps1 -Failed
Generate Summary Report:
.\View-DeploymentLogs.ps1
(Select option 6)
================================================================================
WHAT THE SCRIPT DOES
================================================================================
When you run Deploy-WinRM-HTTPS-AutoPassword.bat:
1. ✓ Checks for Administrator privileges
2. ✓ Verifies Setup-WinRM-HTTPS.ps1 exists
3. ✓ Verifies wildcard-*.pfx certificate exists
4. ✓ Creates log directory if needed
5. ✓ Imports certificate to Local Machine store
6. ✓ Creates WinRM HTTPS listener on port 5986
7. ✓ Configures firewall rule for port 5986
8. ✓ Enables WinRM service
9. ✓ Logs all activity to S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\
================================================================================
EXPECTED RESULTS
================================================================================
Success Indicators:
✓ Console shows: [SUCCESS] WinRM HTTPS Setup Complete
✓ Log file created in S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\
✓ Certificate imported (check Cert:\LocalMachine\My)
✓ HTTPS listener active on port 5986
✓ Firewall rule "WinRM HTTPS-In" created
✓ Test-WSMan works from management server
Verify on Target PC:
# Check WinRM listeners
winrm enumerate winrm/config/listener
# Check certificate
Get-ChildItem Cert:\LocalMachine\My | Where-Object {$_.Subject -like "*logon.ds.ge.com*"}
# Check firewall rule
Get-NetFirewallRule -DisplayName "WinRM HTTPS-In"
================================================================================
TROUBLESHOOTING
================================================================================
If Deployment Fails:
1. Check Administrator Privileges
- Must right-click and "Run as Administrator"
2. Check Certificate File
- Must be in same folder as batch file
- Filename: wildcard-logon-ds-ge-com-20251017.pfx
- Password: XqHuyaLZSyCYEcpsMz6h5
3. Check Log File
- Location: S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\HOSTNAME-*.txt
- Look for [ERROR] messages
- Check for certificate import errors
- Check for listener creation errors
4. Check Network Connectivity
- Can the PC reach S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\ ?
- Can the PC resolve DNS for *.logon.ds.ge.com ?
5. Check Existing Configuration
- Remove old HTTPS listeners:
winrm delete winrm/config/Listener?Address=*+Transport=HTTPS
================================================================================
RECENT FIXES APPLIED
================================================================================
✓ Fixed: WinRM listener creation command (now uses cmd.exe /c)
✓ Fixed: LogFile parameter added to Setup-WinRM-HTTPS.ps1
✓ Added: Auto-password version for testing convenience
✓ Added: Comprehensive logging to network share
✓ Added: Execution policy bypass in batch files
================================================================================
PRODUCTION DEPLOYMENT (After Testing)
================================================================================
Once testing is successful on 3-5 PCs:
1. DELETE Auto-Password Version
- Remove Deploy-WinRM-HTTPS-AutoPassword.bat from network share
- Security risk if left accessible!
2. Use Secure Version for Production
- Deploy-WinRM-HTTPS.bat (prompts for password)
- More secure for 175 PC rollout
3. Track Progress
- Use CHECKLIST.txt to track deployments
- Review logs regularly
- Generate summary reports with View-DeploymentLogs.ps1
4. Batch Deployment
- Deploy in groups of 10-20 PCs
- Verify each batch before continuing
- Monitor log files for issues
================================================================================
TARGET SYSTEMS
================================================================================
Total Shopfloor PCs: 175
Domain: logon.ds.ge.com
WinRM Port: 5986 (HTTPS)
Certificate: *.logon.ds.ge.com wildcard
Hostnames list: ../shopfloor-hostnames.txt
================================================================================
SUPPORT
================================================================================
For issues or questions:
- Read NETWORK_SHARE_DEPLOYMENT.md
- Read LOGGING-README.txt
- Check troubleshooting section in parent folder
- Review deployment logs
================================================================================
NEXT STEPS
================================================================================
[ ] 1. Copy wildcard-logon-ds-ge-com-20251017.pfx to this folder
[ ] 2. Copy deployment-package to network share
[ ] 3. Set "Domain Computers" read permissions on share
[ ] 4. Test on 1 PC with Deploy-WinRM-HTTPS-AutoPassword.bat
[ ] 5. Verify log file created successfully
[ ] 6. Test remote connection from management server
[ ] 7. If successful, test on 3-5 more PCs
[ ] 8. Switch to secure version for production rollout
[ ] 9. Deploy to remaining 170 PCs in batches
[ ] 10. Track progress and verify all deployments
================================================================================
READY TO BEGIN TESTING!
================================================================================
Reference in New Issue View Git Blame Copy Permalink