Hi DanT,
Puppet and Ansible both use Invoke-DscResource to apply the DSC config. I have tried running commands below locally on a machine, and I seem to have the same challenge as you. It only works with a http listener in place. Sorry not much help, but kike you I’d be fascinated to know if there was a way of getting Invoke-DscResource to
a) use an alternative port/protocol.
b) for it to continue to use encrypted HTTP, but for it to be limited to the localhost only (Set-Item WSMan:\localhost\Client\TrustedHosts -Value “localhost” -Force)
Windows PowerShell
Copyright (C) 2016 Microsoft Corporation. All rights reserved.
PS > Get-WSManInstance -Enumerate -ResourceURI winrm/config/listener
cfg : http://schemas.microsoft.com/wbem/wsman/1/config/listener
xsi : http://www.w3.org/2001/XMLSchema-instance
lang : en-US
Address : *
Transport : HTTP
Port : 5985
Hostname :
Enabled : true
URLPrefix : wsman
CertificateThumbprint :
ListeningOn : {10.13.241.147, 127.0.0.1, ::1, fe80::5efe:10.13.241.147%12…}
cfg : http://schemas.microsoft.com/wbem/wsman/1/config/listener
xsi : http://www.w3.org/2001/XMLSchema-instance
lang : en-US
Address : *
Transport : HTTPS
Port : 5986
Hostname :
Enabled : true
URLPrefix : wsman
CertificateThumbprint : 6D372015489A4355B2596AE7FC11F607E9FD6C8C
ListeningOn : {10.13.241.147, 127.0.0.1, ::1, fe80::5efe:10.13.241.147%12…}
PS > winrm delete winrm/config/Listener?Address=*+Transport=HTTP
PS > Get-WSManInstance -Enumerate -ResourceURI winrm/config/listener
cfg : http://schemas.microsoft.com/wbem/wsman/1/config/listener
xsi : http://www.w3.org/2001/XMLSchema-instance
lang : en-US
Address : *
Transport : HTTPS
Port : 5986
Hostname :
Enabled : true
URLPrefix : wsman
CertificateThumbprint : 6D372015489A4355B2596AE7FC11F607E9FD6C8C
ListeningOn : {10.13.241.147, 127.0.0.1, ::1, fe80::5efe:10.13.241.147%12…}
PS > Invoke-DscResource -Name WindowsProcess -Method Test -Property @{Path = ‘C:\Windows\System32\Wind
owsPowerShell\v1.0\powershell.exe’; Arguments = ‘’} -ModuleName PSDesiredStateConfiguration
The client cannot connect to the destination specified in the request. Verify that the service on the destination is
running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the
destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the
destination to analyze and configure the WinRM service: “winrm quickconfig”.
+ CategoryInfo : ConnectionError: (root/Microsoft/…gurationManager:String) , CimException
+ FullyQualifiedErrorId : HRESULT 0x80338012
+ PSComputerName : localhost
PS > winrm quickconfig
WinRM service is already running on this machine.
WinRM is not set up to allow remote access to this machine for management.
The following changes must be made:
Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.
Make these changes [y/n]? y
WinRM has been updated for remote management.
Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.
> Invoke-DscResource -Name WindowsProcess -Method Test -Property @{Path = ‘C:\Windows\System32\Wind
owsPowerShell\v1.0\powershell.exe’; Arguments = ‘’} -ModuleName PSDesiredStateConfiguration
InDesiredState
True