Share via


WS-Man Ping Test

WS-Man (Windows Remote Management) is a new protocol and framework first delivered in Windows 2003 R2 and is more prevalent in Windows Vista and beyond. 

There's an easy way to test WS-Man reachability that is similar to the network ping concept by testing both the network connectivity as well as the end-point service. The main component that is not tested by 'winrm id...' is security (authentication). The following examples use an end-point system called 'wsman.msft.net' which may or may not exist. At the time of this posting, it was active.

Consider the 2 basic network configurations.

1 - Direct connectivity:

Direct connectivity implies that there are no intermediate network proxies or that the intermediate network devices attempt to be transparent. Transparent devices include Network Address Translators (NATs), routers, etc. In the direct connectivity model, the following WS-Man Id command should work as is, therefore successfully testing the end point's WS-Man service availability.

winrm id -auth:none -remote:wsman.msft.net

2- Indirect connectivity:

When there is a non-transparent network device like a proxy between both end points, WinRM uses the proxy identified in the winhttp agent configuration (this is different than the proxy defined in IE). Much like IE needs to be aware of proxies in the environment for Internet or external connectivity, so does WinRM. This can be accomplished by using Net Shell to configure winhttp to route through a proxy as follows (run from an elevated command prompt).

netsh winhttp set proxy proxy-server= https://someproxy/

Now the following WS-Man ping should work.

winrm id -auth:none -remote:wsman.msft.net

Comments

  • Anonymous
    January 01, 2003
    good stuff.  you should do a blog post on the wincat team blog introducing yourself