• Why to add * to trusted hosts when servers are in domain and RM commands are executed when running manually ?

Release or Environment

  • All


Adding * to the trusted hosts list is a requirement for ServiceNow due to the following:

  1. WinRM Discovery as Discovery, is using all the same APIs and needs the same access as if you were doing remote management of 'another server' from the 'MID Server'.

    2. Microsoft's rules are that the 'another server' has to be listed as trusted in the 'MID server'.

    3. Until Discovery has found the new server, it's not in the CMDB, and ServiceNow doesn't know that it exists, and so nor can the MID Server.

    4. If you don't know it exists yet, you can't list it as trusted, so you have to trust all.

In theory, you could list each server individually, but you would need:

  1. A comprehensive list of all Windows servers and laptops. It may be possible to extract that from Active Directory, or SCCM/SCOM.

  2. Each time a new device is added to the network, it will need adding to the list on every MID Server. That might be daily. That needs doing before the device can be fully discovered for the first time.

  3. Each MID Server will need the list adding. As more MID Servers are added, they will also need adding and the list maintaining.

Since that will become a big job, it would need automating to be feasible.

Additional Information

  • Please refer the article KB0687786¬†for information on adding "*" to the trusted hosts.

Article Information

Last Updated:2020-09-21 07:46:06