The WinRM HTTPS connection is unsuccessful.
The following errors can be found in the alarm message:
>> Failure: Cannot establish connection to hostname.example.com: WinRM request to https://hostname.example.com:5986/wsman failed: [Caused by: ConnectException <Connection refused: connect>]
The remote host doesn't have a WinRM HTTPS listener for port 5986
There's firewall interference between the FglAM (Agent Manager) and the target host over port 5986
A valid server authentication certificate must be installed on the target machine in order to enable HTTPS.
To enable HTTPS access:
winrm quickconfig -transport:https
The above command enabled HTTPS access using the certificate installed on the host.
If you want to use a different certificate, you can create a new HTTPS listener and specify the certificate:
winrm create winrm/config/listener?Address=*+Transport=HTTPS @{Hostname="<host>";CertificateThumbprint="<thumbprint>"}
Where:
In environments where an in-house certificate granting authority (CA) is in use, the CA’s certificate must be added to the Agent Manager's truststore.
To add the certificate:
fglam --add-certificate alias=/path/to/saved.ca.certificate
Notes:
For issues releated to firewall intereference, the only possible workaround would be to allow TCP traffic over port 5986 from the FglAM to the target host.
The attached PDF document "Configure Winrm HTTPS.pdf" includes example steps to import a new certificate and to add thumbprint of new certificate to the WinRM HTTPS listener.
After completing the process:
© 2025 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center