1

I have VMs in Resource Manager and I want to do remote PowerShell scripting from runbook these VMs. I already know how to do it in classic virtual machines and use with success.

Now, is remote PowerShell over SSL with a certificate enabled by default on Azure VMs created with the Azure Resource Manager? How do I connect with Enter-PSSession or Invoke-Command?

I tried this code without success.

Enter-PSSession -ComputerName <public-IP> -Credential $cred -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)

And I got this error

Enter-PSSession : Connecting to remote server <public-IP> failed with the following error message : The WinRM client 
cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not 
joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts 
configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not 
be authenticated. You can get more information about that by running the following command: winrm help config. For more 
information, see the about_Remote_Troubleshooting Help topic.

Note: That I am running this with Powershell Runbook in Azure Automation. and tried the suggested answer here

Community
  • 1
  • 1
do_Ob
  • 709
  • 1
  • 6
  • 24

1 Answers1

1

You need to put a cert in Azure Key Vault (plus some other steps) to enable WinRM to ARM VMs. Then you need to do the same thing as in the Connect-AzureVM runbook, but using this cert instead of the Azure Classic VM's cert, to set up trust between the hosts.

See this thread for more details on the steps required. This may be useful as well.

Joe
  • 2,500
  • 1
  • 14
  • 12
  • I can't still connect ='( I followed the step here too -> https://blogs.technet.microsoft.com/uktechnet/2016/02/11/configuring-winrm-over-https-to-enable-powershell-remoting/ – do_Ob Apr 07 '16 at 02:29
  • I tried to Enter-PSSession using Powershell in my local computer and it works fine I just put the public_ip of remote server to trustedhost. So now, how I will do this in azure portal? Do you have any idea? – do_Ob Apr 07 '16 at 03:25
  • I don't think Enter-PSSession can be used in unattended sessions like those that Azure Automation runs. Once the code entered the session, there's no user present to specify the next commands to run. What about Invoke-Command? – Joe Apr 07 '16 at 17:34
  • Also, the way to trust the host from PowerShell is to add its certificate to the trusted store, which is what the Connect-AzureVM runbook is for, except you need to do this with the VM's certificate in Azure Key Vault since this is an ARM VM not a Classic VM. – Joe Apr 07 '16 at 17:38
  • If you are ok bypassing the trust validation of the VM's certificate, that can bypassed using New-PSSessionOption -SkipCACheck, and passing that PSSessionOption to Invoke-Command via the -SessionOption parameter. See https://technet.microsoft.com/en-us/library/hh849703.aspx?f=255&MSPPError=-2147217396 for more details. – Joe Apr 07 '16 at 17:41
  • Yes I already tried `Invoke-command -ComputerName -Credential $Credential -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck) -ScriptBlock { HOSTNAME }` but I got the same error. – do_Ob Apr 08 '16 at 03:55