1

In Azure AutomationAccounts I'm switching over from "agent based hybrid runbook workers" to "extension based hybrid runbook workers", for the former one being retired next year.

The installation was fairly simple, however when I try to force script signature validation, PowerShell states that the command Set-HybridRunbookWorkerSignatureValidation cannot be found. And indeed, there is no "HybridRunbookWorker"-Module installed, as it was with agent based installation. Neither can I find the module locally to install and load it manually. I also can't find the module to install from other sources either.

Am I on the wrong track and forcing signature validation is not possible yet, or should the module be there? The VM shows up in the Hybrid Runbook Worker group.

Any hints are appreciated, thx.

I tried to force signature validation for Azure Runbook script "Set-HybridRunbookWorkerSignatureValidation". Expected the command to be recognized, but it failed with

"The term 'Set-HybridRunbookWorkerSignatureValidation' is not recognized as the name of a cmdlet, function, script file, or operable program."
Jahnavi
  • 3,076
  • 1
  • 3
  • 10
TacoCat88
  • 21
  • 4

1 Answers1

1

For extension-based hybrid runbook workers, the Set-HybridRunbookWorkerSignatureValidation command is not available. To enable signature validation, you can use the

Set-AutomationHybridRunbookWorkerGroup instead.

Alternatively, You can generate gpg keys and signed in with azure automation accounts and it is clearly detailed in an article by @rakhesh.

You can also go with Set-Azautomationcertificate to enable signature validation for the whole automation account with the generated certificate as shown.

I created a new certificate and followed up the steps given as below:

 New-SelfSignedCertificate -Subject "CN=xxxxxCert" -CertStoreLocation "pathtostore" -KeyExportPolicy Exportable -KeyUsage DigitalSignature

enter image description here

Set-AzAutomationCertificate -AutomationAccountName  <automationaccountname> -Name  "certname" -Path  "pathofthecertificate" -Password  xxxx -ResourceGroupName  <resourcegroup>

enter image description here

Jahnavi
  • 3,076
  • 1
  • 3
  • 10
  • Thanks for confirming the command does not exist for extension based HRWs. I'll have to check how to use Set-AutomationHybridRunbookWorkerGroup; I'm implementing this in an existing (agent based) environment and have to be sure I don't break anything there. – TacoCat88 Apr 13 '23 at 07:49