WsManListener: does not overwrite Hostname/CertificateThumbprint

[ttdgcp]

Details of the scenario you tried and the problem that is occurring:

We are using this module in order to configure the WinRM HTTPS listener in an unorthodox manner-- utilizing a self-signed certificate with the same "Hostname" across all machines. This has worked well for us!

What I have discovered is that if we the HTTPS listener is already configured with a different certificate/hostname, the DSC resource will not overwrite the existing listener with the specified hostrname/thumbprint.

The DSC configuration that is using the resource (as detailed as possible):

In this case, we are using DSC within Chef-- but the same action occurs when using vanilla DSC:

  resource :WSManListener
  property :Transport, 'HTTPS'
  property :Ensure, 'Present'
  property :CertificateThumbprint, node['winrm']['certificate']['thumbprint']
  property :Hostname, 'Hostname'
end

---

In order to replicate:

Configure WinRM HTTPS listener with a self-signed certificate:

Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

Set-Item WSMan:\localhost\MaxTimeoutms 1800000
Set-Item WSMan:\localhost\Service\Auth\Basic $true

$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force

# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"

cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm

Then use DSC to try to overwrite those values:

{
    param
    (
        [Parameter()]
        [System.String[]]
        $NodeName = 'localhost'
    )

    Import-DscResource -Module WSManDsc

    Node $NodeName
    {
        WSManListener HTTPS
        {
            Transport             = 'HTTPS'
            Ensure                = 'Present'
            CertificateThumbprint = 'F2BE91E92AF040EF116E1CDC91D75C22F47D7BD6'
            Hostname              = 'Hostname'
        } # End of WSManListener Resource
    } # End of Node
} # End of Configuration

DSC will complete successfully and indicate everything is up to date, but will not overwrite the existing listener with the new values.

Version of the Operating System and PowerShell the DSC Target Node is running:

Server 2016, PowerShell 5.1

Version of the DSC module you're using, or 'dev' if you're using current dev branch:
2.2.0.84

Any help is greatly appreciated-- thanks for your excellent work on this module!

[corydwood]

I have a version that fixes this and will create a PR.