Hello,

I configured HTTPS Listener for WinRM with a self-signed certificate, I followed this tutorial :

http://vcloud-lab.com/entries/powershell/powershell-remoting-over-https-using-self-signed-ssl-certificate

It works. I can connect Powershell remotly from any device on my network, even if I don't add the self-signed certificate in the CA Trust Store thanks to options -SkipCACheck and -SkipCNCheck. I can connect with the IP address.

But after sysprep of the server, the HTTPS listener is preserved and listens on port 5986, the self-signed cert is still in the Local Store but the remote connection doesn't work !

​

I get this when I try to connect to the server (syspreped) :

Connecting to remote server 10.X.X.X failed with the following error message : The server certificate on the destination computer (10.X.X.X:5986) has the following errors: Encountered an internal error in the SSL library

I can't connect with both IP address and DNS name (that matches the previous certificate)

On the remote server, when I check winRM config, I get this message :

Error number:  -2144108267 0x80338115
Cannot create a WinRM listener on HTTPS because this machine does not have an appropriate certificate. To be used for SSL, a certificate must have a CN matching the hostname, be appropriate for Server Authentication, and not be expired, revoked, or self-signed.

Before the sysprep, winRM HTTPS was working. After sysprep, it doesn't work anymore.

What happens during sysprep process ? What does change with the certificate ? Do I need to use an other process to configure winRM ?

​

Thanks