运行在虚拟机上执行PowerShell命令的Azure Runbook时出现错误
我试图在Runbook中使用“Invoke-Command”连接到VM来执行此代码。运行在虚拟机上执行PowerShell命令的Azure Runbook时出现错误
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure"
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
# Use the subscription that this Automation account is in
$null = Select-AzureRmSubscription -SubscriptionId $servicePrincipalConnection.SubscriptionID
Get-AzureRmVM | Select Name
$dcred = Get-AutomationPSCredential -Name 'myvm1creds'
Write-Output $DomainCred
$opts = New-PSSessionOption -SkipCACheck
Invoke-Command -Computername 'myVM1' -Credential $dcred -ScriptBlock {Get-Process} -SessionOption $opts
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
获得下面的错误:
[myVM1]连接到远程服务器myVM1失败,出现以下错误消息:WinRM的客户端无法处理该 请求。如果身份验证方案与Kerberos不同,或者客户端计算机未加入域,则必须使用HTTPS传输,或者必须将目标计算机添加到TrustedHosts配置设置。 使用winrm.cmd配置TrustedHosts。请注意,TrustedHosts列表中的计算机可能未经过身份验证。您可以通过运行以下命令来获得有关该更多信息:winrm help config。有关更多信息,请参阅 about_Remote_Troubleshooting帮助主题。 + CategoryInfo:OpenError:(myVM1:字符串)[],PSRemotingTransportException + FullyQualifiedErrorId:ServerNotTrusted,PSSessionStateBroken
任何想法什么都要做,以通过运行手册在Azure上运行PowerShell脚本虚拟机
在Azure Runbook中,我们无法使用传输HTTP来连接Azure虚拟机,因为Azure Runbook无法添加信任主机,所以我们需要使用HTTPS来连接Azure虚拟机。
以下是我的步骤:
1.创建一个自签名证书。使用makecert.exe
来创建它。
2.Config WinRM的监听HTTPS,在CMD运行此脚本:
winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Port="5986" ;Hostname="jasonvm" ;CertificateThumbprint="98941E137CDF9553CCB0C28D5814EB9EDB1AC87D"}
3.添加端口5986在Azure中NSG入站规则和Windows防火墙入站规则。 4,我们可以用这个运行手册来连接Azure的VM:
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
$null = Select-AzureRmSubscription -SubscriptionId $servicePrincipalConnection.SubscriptionID
Get-AzureRmVM | Select Name
$dcred = Get-AutomationPSCredential -Name 'jasonvm'
Write-Output $DomainCred
$opts = New-PSSession -ConnectionUri 'https://52.185.148.177:5986' -Credential $dcred -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)
Invoke-Command -Session $opts -ScriptBlock {Get-Process}
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
这里是我的结果:
[连接到远程服务器中使用WinRM的从PowerShell的失败(HTTPS的可能重复: //*.com/questions/16010091/connecting-to-remote-server-failed-using-winrm-from-powershell)。 – Persistent13
可能重复[连接到远程服务器失败使用WinRM从PowerShell](https://*.com/questions/16010091/connecting-to-remote-server-failed-using-winrm-from-powershell) – Persistent13