I have an Azure VM running Windows Server 2016 (64-bit, 14393.1593).
It has some WinRM listeners on it, one for HTTP and one for HTTPS.
When I restart the machine, the HTTPS listener resets itself to an old configuration (hostname and thumbprint). With this, it also re-creates the corresponding server certificate.
I delete the certificate and the HTTPS listener. Using PowerShell, I recreate the listener with the desired hostname and thumbprint. The thumbprint corresponds to a certificate on the server that behaves as expected (the desired certificate isn't deleted on machine restart).
Everything works until the next machine restart, where I find that the old HTTPS listener is back, with the old hostname and thumbprint. The old thumbprint corresponds to the old certificate that I had deleted, but the old certificate came back from the grave.
Why is my HTTPS listener resetting itself?
Steps for Configuring WinRM
In Powershell, I execute the following commands.
winrm e winrm/config/listener; - Enumerates the listeners.
winrm delete winrm/config/listener?Address=*+Transport=HTTPS; - Deletes the HTTPS listener.
I then manually delete the old server certificate using either the MMC or IIS manager. I also get the thumbprint for the correct certificate.
I then execute the following PowerShell.
winrm create winrm/config/listener?Address=*+Transport=HTTPS '@{Hostname="MyIPAddress";CertificateThumbprint="MyThumbprint";port="5986"}'; - Creates a new HTTPS listener.