[英]Error while running Azure runbook which executes PowerShell command on Virtual Machine
I am trying to execute this code in runbook, using "Invoke-Command" to connect to VM. 我正在尝试使用“ Invoke-Command”连接到VM在Runbook中执行此代码。
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure"
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
# Use the subscription that this Automation account is in
$null = Select-AzureRmSubscription -SubscriptionId $servicePrincipalConnection.SubscriptionID
Get-AzureRmVM | Select Name
$dcred = Get-AutomationPSCredential -Name 'myvm1creds'
Write-Output $DomainCred
$opts = New-PSSessionOption -SkipCACheck
Invoke-Command -Computername 'myVM1' -Credential $dcred -ScriptBlock {Get-Process} -SessionOption $opts
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
Getting the below error: 得到以下错误:
[myVM1] Connecting to remote server myVM1 failed with the following error message : The WinRM client cannot process the request. [myVM1]连接到远程服务器myVM1失败,并显示以下错误消息:WinRM客户端无法处理该请求。 If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting.
如果身份验证方案不同于Kerberos,或者如果客户端计算机未加入域,则必须使用HTTPS传输,或者必须将目标计算机添加到TrustedHosts配置设置中。 Use winrm.cmd to configure TrustedHosts.
使用winrm.cmd配置TrustedHosts。 Note that computers in the TrustedHosts list might not be authenticated.
请注意,TrustedHosts列表中的计算机可能未经身份验证。 You can get more information about that by running the following command: winrm help config.
您可以通过运行以下命令来获取有关此信息的更多信息:winrm help config。 For more information, see the about_Remote_Troubleshooting Help topic.
有关更多信息,请参见about_Remote_Troubleshooting帮助主题。 + CategoryInfo : OpenError: (myVM1:String) [], PSRemotingTransportException + FullyQualifiedErrorId : ServerNotTrusted,PSSessionStateBroken
+ CategoryInfo:OpenError:(myVM1:String)[],PSRemotingTransportException + FullyQualifiedErrorId:ServerNotTrusted,PSSessionStateBroken
Any idea what have to be done to run powershell script via runbook on Azure Virtual Machines 知道要通过Azure虚拟机上的Runbook运行Powershell脚本需要做什么
In Azure runbook, we can't use transport HTTP to connect Azure VMs, because Azure runbook can't add trust host, so we need use HTTPS to connect Azure VMs. 在Azure Runbook中,我们无法使用传输HTTP连接Azure VM,因为Azure Runbook无法添加信任主机,因此我们需要使用HTTPS连接Azure VM。
Here are my steps: 这是我的步骤:
1.Create a self-signed certificate. 1.创建一个自签名证书。
Use makecert.exe
to create it. 使用
makecert.exe
创建它。
2.Config Winrm listen on HTTPS , run this script in CMD: 2.Config Winrm监听HTTPS ,在CMD中运行此脚本:
winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Port="5986" ;Hostname="jasonvm" ;CertificateThumbprint="98941E137CDF9553CCB0C28D5814EB9EDB1AC87D"}
3.Add port 5986 in Azure NSG inbound rules and windows firewall inbound rules. 3.在Azure NSG入站规则和Windows防火墙入站规则中添加端口5986 。 4.we can use this runbook to connect Azure VM:
4.我们可以使用此运行手册来连接Azure VM:
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
$null = Select-AzureRmSubscription -SubscriptionId $servicePrincipalConnection.SubscriptionID
Get-AzureRmVM | Select Name
$dcred = Get-AutomationPSCredential -Name 'jasonvm'
Write-Output $DomainCred
$opts = New-PSSession -ConnectionUri 'https://52.185.148.177:5986' -Credential $dcred -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)
Invoke-Command -Session $opts -ScriptBlock {Get-Process}
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
Here is my result: 这是我的结果:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.