Problem scenario
Port 5986 is blocked from your Linux server to your Windows server. You have used the nmap command and see that it is filtered. You believe there are no intermediate firewalls or OS firewalls blocking this port. What should you do?
Solution
This assumes you have no firewall blocking port 5986 for incoming connections to the Windows server. nmap will report 5986 is filtered despite there being nothing blocking this port if wsman's listener has not been properly configured.*
- Run this script on the Windows server:
$hostName = $env:COMPUTERNAME
$serverCert = New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName $hostName
Export-Certificate -Cert $serverCert -FilePath c:\vagrant\PsRemoting-Cert1.cer
Get-ChildItem c:\vagrant\PsRemoting-Cert1.cer
Enable-PSRemoting -Force
New-Item -Path WSMan:\localhost\Listener\ -Transport HTTPS -Address * -CertificateThumbPrint $serverCert.Thumbprint -Force- That is it. SSL termination will not be done unless you configure it. You may need to bypass ssl-verification. But connectivity over port 5986 is not achievable.
* When winrm over HTTPS is not configured, port 5986 can show as filtered in the nmap results. This is contrary to the definition of filtered on the nmap page: "Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed."