This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 45%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hello,
I have setup Windows Admin Center in Gateway mode. Also a commercial certificate is installed.
The problem is that I have setup RBAC and added a user to the Hyper-V Administrators group, but I cannot login unless I add this test user to the local administrators group.
I was thinking it has to do something with RBAC and tried to download the configuration package using this command
$WindowsAdminCenterGateway = 'https://windowsadmincenter.contoso.com'
Invoke-RestMethod -Uri "$WindowsAdminCenterGateway/api/nodes/all/features/jea/endpoint/export" -Method POST -UseDefaultCredentials -OutFile "~\Desktop\WindowsAdminCenter_RBAC.zip"
But I cannot get this to work and it has to do something with the SSL. When I run the command on my W10 machine it runs fine.
Any ideas?
HI
0.can you enter winver in command prompt on WAC server and hyper-v server
look the os version ?[for example windows 10 enterprise 1809 (os build 17763.316)]
1.when the user account is in Hyper-V Administrators group on hyper-v server,if you don't use RBAC in your environment ,we can use this user account login and manage hyper-v server from WAC portal ?
2."But I cannot get this to work and it has to do something with the SSL. When I run the command on my W10 machine it runs fine."
what's this meaning? do you mean that if we install WAC on win10,we can run configuration package command ?
The OS is Windows Server 2019 build 9600 with the latest version of WAC.
Thats right I have also tested with WAC on a Windows 10. There I Was able to create the configuration package.
The error I get when running the command is “could not establish trust relationship for the ssl/tls secure channel
I found some sort of a solution by ignoring the certificate (see script below), but only by using localhost. I also cannot login to WAC using the fqdn (not authorised)
This works: Invoke-RestMethod -Uri "https://localhost:443/api/nodes/all/features/jea/endpoint/export"
This doesn't: Invoke-RestMethod -Uri "https://fqdn:443/api/nodes/all/features/jea/endpoint/export"
Ignore certificate
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback = @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class ServerCertificateValidationCallback
{
public static void Ignore()
{
if(ServicePointManager.ServerCertificateValidationCallback ==null)
{
ServicePointManager.ServerCertificateValidationCallback +=
delegate
(
Object obj,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors errors
)
{
return true;
};
}
}
}
"@
Add-Type $certCallback
}
Issue is resolved. I had to run the command from a remote host.
Thanks!
Robin
There is still an issue that has somthing to do with RBAC.
I have added a test user to the Windows Admin Center Hyper-V Administrators group, but when I click on Virtual machines in WAC, there is an error.
This operation was blocked by role based access control settings.