如何以编程方式在Azure VM上设置Powershell远程处理

Question

My goal is to write a Powershell script that will run New-AzureRmResourceGroup and New-AzureRmResourceGroupDeployment in order to provision a resource group according to an ARM .json template file. Said resource group includes a virtual machine, virtual network, network security group, public IP address, network interface attached to the virtual machine, and two storage accounts. After that, I want the same script to go on and copy a specific program installer to the virtual machine in that resource group and run that installer, automatically without further user interaction. However, I can't seem to begin a remote Powershell session with the virtual machine. I run the command:

$sess = New-PSSession -ComputerName **.***.**.*** -Port XXXX -Credential $cred

where the * s are the IP address of the Virtual Machine; XXXX is the Port that is open for RDP according to the Network Security Group associated with the virtual network that the Virtual Machine is on; and $cred contains the credentials of the admin user on the Virtual Machine.

The command always returns an error:

New-PSSession : [**.***.**.***] Connecting to remote server **.***.**.*** failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.

Note that I did make sure to add the Virtual Machine's IP address to the list of Trusted-Hosts on my local machine. (Until I did that, I got a different error message.) Also, I am able to connect to the Virtual Machine if I click on its Connect button in the Azure portal and then click on the .rdp file that's downloaded. This remote session uses the same IP address, port, and credentials as the one I'm trying and failing to set up in Powershell. This is what I don't understand.

Why does that happen? Is there some additional work I need to do to prepare the VM for accepting remote Powershell sessions? Is there any way to configure it in the ARM template so that the VM will be ready to accept them from the get-go? (It would be difficult if I need to run some commands on the VM to set Powershell remoting up, since I can't Powershell remote in to run them because of this very problem. Maybe I could run them as a custom script extension?)

Final notes: This VM is "new" style, not "classic" style. I know there is lots of documentation out there for "classic" style Azure VMs, but that's not what I'm working with. Also, even after running winrm quickconfig on the VM as the error suggested, and enabling administrative rights remotely to local users, I get the same error when I run New-PSSession .

Answer 1

1. Open up 5985-5986 on your NSG

2. Drop the port part on your command:

   $sess = New-PSSession -ComputerName . . . -Credential $cred

WinRM endpoint is set up automatically for new VM's (if you don't somehow override it). But you need to open 5985 for nonsecure and 5986 for secure remoting