3.1.4.1.29 Server Configuration

  • Article

The wsman:microsoft.com/wsman/2005/06/config resource URI MUST be used to retrieve the complete configuration of Web Services Management Protocol Extensions for Windows Server 2003 servers. The configuration is grouped under separate XML elements; further URIs are exposed to allow easier and more finely grained levels of retrieval and updates.

The wsman:microsoft.com/wsman/2005/06/config/service resource URI MUST be used to configure the server.

The wsman:microsoft.com/wsman/2005/06/config/service/http/unencrypted resource URI MUST be used to configure the authentication mechanisms supported by a server when using HTTP. If a client application tries to use an authentication scheme that is not enabled on the server, the request MUST fail with an error.

Web Services Management Protocol Extensions for Windows Server 2003 servers MUST NOT use wsman:secprofile/http/basic as an authentication scheme if the Basic property in the cfg:ServiceHTTPType is false.<12>

Web Services Management Protocol Extensions for Windows Server 2003 servers MUST NOT use wsman:secprofile/http/spnego-kerberos as an authentication scheme if the Negotiate property in the cfg:ServiceHTTPType is false.

Web Services Management Protocol Extensions for Windows Server 2003 servers MAY use wsman:secprofile/http/digest as an authentication scheme.<13>

The wsman:microsoft.com/wsman/2005/06/config/service/https resource URI MUST be used to configure the authentication mechanisms supported by a server when using HTTPS. If a client application tries to use an authentication scheme that is not enabled on the server, the request MUST fail with an error.

Web Services Management Protocol Extensions for Windows Server 2003 servers MUST NOT use wsman:secprofile/https/basic as an authentication scheme if the Basic property in the cfg:ServiceHTTPSType is false.<14>

Web Services Management Protocol Extensions for Windows Server 2003 servers MUST NOT use wsman:secprofile/https/spnego-kerberos as an authentication scheme if the Negotiate property in the cfg:ServiceHTTPSType is false.

Web Services Management Protocol Extensions for Windows Server 2003 servers MAY use wsman:secprofile/https/digest as an authentication scheme.<15>

The wsman:microsoft.com/wsman/2005/06/config/listener resource URI MUST be used for configuring the server to listen on the network for WS-Management requests. By default, the server is configured with no listeners, resulting in no remote configuration of the machine using WS-Management. This means that no remote configuration can be done initially until some form of configuration is performed locally.

Enumeration can be used to retrieve all listeners configured on the server. The IP and Port properties that are returned with each of the objects can be used as selectors to address the specific configuration item for updates.

To retrieve and modify the configuration of an individual listener, the listener instance MUST be referenced by a selector. The following properties, which are part of cfg:ListenerType, are the selectors.

Selector name

Description

IP

The IP address that the server is configured to listen on.

Port

The Port that the server is configured to listen on.

If and only if the Enabled property is true, Web Services Management Protocol Extensions for Windows Server 2003 servers MUST listen on the network on the port given by the Port property and MUST only process requests sent to a configured destination IP address and addressed to the path given by the URIPrefix property.

When considering destination IP addresses, Web Services Management Protocol Extensions for Windows Server 2003 servers MUST listen on a specific IP address (if the IP address property is a valid IP address) or on all IP addresses associated with the value of the MACAddress property (if the IP address property is "*").

Web Services Management Protocol Extensions for Windows Server 2003 servers MUST return a SOAP fault in response to a Put request if the Transport property is HTTPS and the certificate identified by the CertificateThumbprint property does not exist or the CN attribute of the certificate's Subject field (as specified in [RFC2459] section 4.1.2.6) does not match the Hostname property.