VOSS-4-UC PowerShell Proxy Configuration¶
VOSS-4-UC utilizes the Web Services-Management protocol (WSMan) to create the PowerShell sessions used to manage Microsoft UC applications. On Windows computers, WSMan is implemented by the Windows Remote Management (WinRM) service.
This section defines how to configure WinRM on a PS Proxy.
Domain Membership¶
All PS Proxy computers must be joined to the Active Directory domain under VOSS-4-UC management.
Enable PowerShell Remoting¶
PowerShell Remoting must be enabled on any computer with the PS Proxy role.
Starting with Windows Server 2012, all server versions of Windows have PowerShell remoting enabled by default.
On older versions of Windows Server, and on Windows client machines, you must enable PowerShell remoting manually. To do this, issue the following command from an elevated PowerShell prompt:
Enable-PsRemoting
Remote Management Service Account¶
Clients, including VOSS-4-UC, that connect to the WinRM service must provide credentials for an account with the characteristics listed below.
Remote Management Service Account
| Account Type | Local Computer Account (Note: Not a domain account) |
| Local Group membership | Administrators Remote Management Users |
WinRM Configuration¶
Configure WinRM with the appropriate settings for VOSS-4-UC by issuing the following commands from an elevated PowerShell session:
Enable-WSManCredSSP -Role Server -Force
Enable-WSManCredSSP -Role Client -DelegateComputer * -Force
Set-Item WSMan:\localhost\Service\AllowUnencrypted $true
Set-Item WSMan:\localhostServiceAuth\Basic $true
Set-Item WSMan:\localhost\Client\AllowUnencrypted $true
Set-Item WSMan:\localhost\Client\Auth\Basic $true
Set-Item WSMan:\localhost\Client\TrustedHosts “localhost” -force
Firewall Settings¶
Any firewalls between VOSS-4-UC and the computer hosting the WinRM service, including Windows Firewall on that computer, must permit the connections listed in the table below.
Note
These firewall exceptions are automatically created by the Enable-PSRemoting cmdlet.
WinRM Firewall Settings
| Service | Protocol | Port |
|---|---|---|
| WinRM 2.0 (HTTP) | TCP | 5985 |
| WinRM 2.0 (HTTPS) | TCP | 5986 |
Software Prerequisites¶
To manage a UC application such as Skype for Business Server, the management software specific to that application must be installed on the PowerShell Proxy. For example, to manage Skype for Business Server, the Skype for Business Server Administrative Tools must be installed on the PS Proxy.
Refer to Required Management Software and Prerequisites for details.
