What exactly is required for BigFix to connect to Hyper-V hosts using PowerShell in order to collect VM Manager data?
Are there specific ports & protocols required?
Does something need to be enabled on the Hyper-V host in order for PowerShell to communicate?
Is there any benefit to using WinRM over PowerShell?
I have a host on my own network, BFI can talk to it without a problem. When I go to https://hyperv-host/wsman I get a 404 page.
For a host on another network, BFI isn’t able to talk to it. There’s a firewall in between so it’s likely something is being blocked. I’ve asked an admin on the other side of the firewall to try to connect to https://other-hyperv-host/wsman and they don’t get anything at all, which leads me to believe nothing is listening on that host.
I’ve looked at the docs for this but they’re not all that clear on what needs to be done.
Yes, the BigFix agent is installed on the Hyper-V host.
But does the VM Manager even use the BigFix agent to collect data from the VM host? I have a number of ESX hosts configured and the agent is not installed on any of them.
I’m not trying to manage any of the VMs on that host, just collect data from the host itself so I can get rid of the “No VM Manager Data” errors being reported in BFI.
Native Bigfix reporting and integration for Hyper-V has been light. To your point, it doesn’t have the deep out of the box integrations that VMware does via the management extender. We do have our own analyses and scripts to monitor and manage these servers.
I’m not asking about the management extender, I’m asking about collecting data from a Hyper-V server that’s been defined in the BigFix Inventory VM Managers configuration.
PowerShell is a framework for managing the automation and configuration of tasks and can use the RPC protocol. In order for BigFix Inventory to use PowerShell for retrieving the information from VM managers, the VM Manager Tool must be installed on a Windows™ computer. The computer must also meet the following requirements:
The VM Manager Tool is installed on a BigFix server (Windows 2012 R2) on “my” side of the network. The Windows firewall is disabled. PowerShell 5.x is installed. .NET 4.8 is installed. So this server meets the requirements.
What I’m concerned with is that from the network on the other side of the firewall, when the admin goes to https://other-hyperv-host/wsman he gets nothing at all. I’m wondering if something that should be enabled on the Hyper-V server has been disabled so there’s nothing listening for inbound PowerShell connections?
I’ve confirmed that the firewall between our networks allows TCP ports 443, 2179, 5985 and 5986 through. From what I can find online these are the ports required to connect to a Hyper-V server with PowerShell or WinRM.
I’m able to connect to port 5985 on the remote server with telnet. But PowerShell fails.
I had the admin run the “Enable-PSRemoting” command but that didn’t change anything. I’ve asked him to now run the “Enable-WSManCredSSP -Role server” command but the server is Win2012R2 so I’m not sure if it’ll even work - the doc you sent shows that command for Win2016.
