问题
For an Azure VM in the classic portal (ASM) I was able to obtain
- the required credentials with
Get-AutomationPSCredentialand - the
-ConnectionURIwith Connect-AzureVM.ps1.
With these two parameters I was able to successfully execute a New-PSSession in an Azure-runbook.
Q What am I supposed to do to open a PS-Session in an Azure-runbook to an Azure-VM (ARM)?
Update
command in runbook (ARM)
$vmSession = New-PSSession -ConnectionUri 'https://xxx.yyy.cloudapp.azure.com:5985' -Credential $creds -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)
error-message
New-PSSession : [xxx.yyy.cloudapp.azure.com] Connecting to remote server xxx.yyy.cloudapp.azure.com failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
回答1:
According to your error, it seems that the port 5985 is blocked by some firewalls. You could use telnet to test connectivity.
telnet xxx.yyy.cloudapp.azure.com 5985
If it fails, you should check additionally:
Open port 5985 on Windows Firewall(Inbound rules).
Open port 5985 on Azure NSG(Inbound rules). Pay attention to NSG could be associated to NIC or subnet, you had better check them all.
On your server VM, execute cmdlet.
winrm quickconfig
Ensure you can access port 5985, then test on your local PC, and then test on an Azure Runbook.
I use the following cmdlets, it works for me.
New-PSSession -ConnectionUri 'http://IP:5985' -Credential $creds -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)
Notes: If you don't configure a certificate on your server, you can not use https and you should use http instead.
PS C:\Users\v-shshui> New-PSSession -ConnectionUri 'http://*.*.*.*:5985' -Credential $creds -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)
Id Name ComputerName ComputerType State ConfigurationName Availability
-- ---- ------------ ------------ ----- ----------------- ------------
7 Session7 *.*.*.* RemoteMachine Opened Microsoft.PowerShell Available
Also, if you want to use https, you need to configure a certificate as in shown in this link.
Update
If you want to winrm to your VM in an Azure Runbook, you should use https. It means that you should open port 5986 (by default) on Azure NSG and Windows Firewall. Also, you need add a new certificate on the Azure VM.
来源:https://stackoverflow.com/questions/43658413/new-pssession-in-an-azure-runbook-arm