Azure Runbook(ARM)中的New-PSSession [英] New-PSSession in an Azure-runbook (ARM)
问题描述
对于经典门户(ASM)中的Azure VM,我能够获得
For an Azure VM in the classic portal (ASM) I was able to obtain
- 具有
Get-AutomationPSCredential和 的必需凭据
- 带有
Connect-AzureVM.ps1.
- the required credentials with
Get-AutomationPSCredentialand - the
-ConnectionURIwithConnect-AzureVM.ps1.
使用这两个参数,我能够在Azure运行手册中成功执行New-PSSession.
With these two parameters I was able to successfully execute a New-PSSession in an Azure-runbook.
问,我应该怎么做才能在Azure运行簿中打开到Azure VM(ARM)的PS会话?
Q What am I supposed to do to open a PS-Session in an Azure-runbook to an Azure-VM (ARM)?
更新
Runbook(ARM)中的命令
command in runbook (ARM)
$vmSession = New-PSSession -ConnectionUri 'https://xxx.yyy.cloudapp.azure.com:5985' -Credential $creds -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)
错误消息
New-PSSession:[xxx.yyy.cloudapp.azure.com]正在连接到 远程服务器xxx.yyy.cloudapp.azure.com 失败并显示以下错误消息:WinRM无法完成 手术.验证指定的计算机名称有效,并且 可以通过网络访问计算机,并且该防火墙 启用了WinRM服务的例外情况,并允许从此访问 电脑.默认情况下,公共的WinRM防火墙例外 配置文件限制对同一本地内的远程计算机的访问 子网.有关更多信息,请参见about_Remote_Troubleshooting 帮助主题.
New-PSSession : [xxx.yyy.cloudapp.azure.com] Connecting to remote server xxx.yyy.cloudapp.azure.com failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
推荐答案
根据您的错误,似乎端口5985被某些防火墙阻止了.您可以使用telnet来测试连通性.
According to your error, it seems that the port 5985 is blocked by some firewalls. You could use telnet to test connectivity.
telnet xxx.yyy.cloudapp.azure.com 5985
如果失败,则应另外检查:
If it fails, you should check additionally:
-
在Windows防火墙上打开端口5985(入站规则).
Open port 5985 on Windows Firewall(Inbound rules).
在Azure NSG上打开端口5985(入站规则).注意NSG可能与NIC或子网相关联,最好检查所有它们.
Open port 5985 on Azure NSG(Inbound rules). Pay attention to NSG could be associated to NIC or subnet, you had better check them all.
-
在服务器VM上,执行cmdlet.
On your server VM, execute cmdlet.
winrm quickconfig
winrm quickconfig
确保您可以访问端口5985,然后在本地PC上进行测试,然后在Azure Runbook上进行测试.
Ensure you can access port 5985, then test on your local PC, and then test on an Azure Runbook.
我使用以下cmdlet,它对我有用.
I use the following cmdlets, it works for me.
New-PSSession -ConnectionUri 'http://IP:5985' -Credential $creds -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)
注意:如果未在服务器上配置证书,则不能使用https,而应使用http.
Notes: If you don't configure a certificate on your server, you can not use https and you should use http instead.
PS C:\Users\v-shshui> New-PSSession -ConnectionUri 'http://*.*.*.*:5985' -Credential $creds -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)
Id Name ComputerName ComputerType State ConfigurationName Availability
-- ---- ------------ ------------ ----- ----------------- ------------
7 Session7 *.*.*.* RemoteMachine Opened Microsoft.PowerShell Available
Also, if you want to use https, you need to configure a certificate as in shown in this link.
更新
如果要winrm到Azure Runbook中的VM,则应使用https.这意味着您应该在Azure NSG和Windows防火墙上打开端口5986(默认情况下).另外,您需要在Azure VM上添加新证书.
If you want to winrm to your VM in an Azure Runbook, you should use https. It means that you should open port 5986 (by default) on Azure NSG and Windows Firewall. Also, you need add a new certificate on the Azure VM.
这篇关于Azure Runbook(ARM)中的New-PSSession的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
