Renúncia de responsabilidade padrão, muito nova com o powershell e as máquinas remotas do Azure. Aqui está o meu script de powershell. Está falhando neste comando:
$ setupSession = New-PSSession -ComputerName $ pip -Port 5986 -Credential $ serviceCreds -UseSSL
aqui está o meu script.
# Variables for common values
$resourceGroup = "rgTest"
$location = "East US"
$vmName = "vmTest"
$SubscriptionName = "subscription test"
$StorageAccountName = "sanTest"
$NetworkSecurityGroupName = "nsgTest"
$myNic = 'nicTest'
$MYvNET = 'vnetTest'
$myNetworkSecurityGroupRuleHTTP = 'nsgruleHTTPTest'
$myNetworkSecurityGroupRuleRDP = 'nsgruleRDPTest'
$myNetworkSecurityGroupRuleWWW = 'nsgruleWWWTest'
$myNetworkSecurityGroupRulePS = 'nsgrulePSTest'
$myNetworkSecurityGroup = 'nsgTest'
$rcgTest = 'rcgTest'
$secpasswd = ConvertTo-SecureString "password1" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("[email protected]", $secpasswd)
Add-AzureRmAccount -Credential $cred
Login-AzureRmAccount -Credential $cred
Select-AzureRmSubscription -SubscriptionName $SubscriptionName
Get-AzureRmResourceGroup -Name $resourceGroup -ev notPresent -ea 0
if ($notPresent)
{
New-AzureRmResourceGroup -Name $resourceGroup -Location $location
}
$subnetConfig = New-AzureRmVirtualNetworkSubnetConfig '
-Name mySubnet '
-AddressPrefix 192.168.1.0/24
New-AzureRmStorageAccount '
-Location $Location '
-ResourceGroupName $ResourceGroup '
–StorageAccountName $StorageAccountName '
-SkuName Standard_GRS '
-SubscriptionName $SubscriptionName
$vnet = New-AzureRmVirtualNetwork '
-ResourceGroupName $resourceGroup '
-Location $location '
-Name $MYvNET '
-AddressPrefix 192.168.0.0/16 '
-Subnet $subnetConfig
$pip = New-AzureRmPublicIpAddress '
-ResourceGroupName $resourceGroup '
-Location $location '
-Name "mypublicdns$(Get-Random)" '
-AllocationMethod Static '
-IdleTimeoutInMinutes 4
$nsgRuleHTTP = New-AzureRmNetworkSecurityRuleConfig '
-Name $myNetworkSecurityGroupRuleHTTP '
-Protocol Tcp '
-Direction Inbound '
-Priority 1000 '
-SourceAddressPrefix * '
-SourcePortRange * '
-DestinationAddressPrefix * '
-DestinationPortRange 80 '
-Access Allow
$nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig '
-Name $myNetworkSecurityGroupRuleRDP '
-Protocol Tcp '
-Direction Inbound '
-Priority 1100 '
-SourceAddressPrefix * '
-SourcePortRange * '
-DestinationAddressPrefix * '
-DestinationPortRange 3389 '
-Access Allow
$nsgRulePS = New-AzureRmNetworkSecurityRuleConfig '
-Name $myNetworkSecurityGroupRulePS '
-Protocol Tcp '
-Direction Inbound '
-Priority 1200 -SourceAddressPrefix * '
-SourcePortRange * '
-DestinationAddressPrefix * '
-DestinationPortRange 5986 '
-Access Allow
$nsg = New-AzureRmNetworkSecurityGroup '
-ResourceGroupName $resourceGroup '
-Location $location '
-Name $myNetworkSecurityGroup '
-SecurityRules $nsgRuleHTTP,$nsgRuleRDP
$nic = New-AzureRmNetworkInterface '
-Name $myNic '
-ResourceGroupName
$resourceGroup
-Location $location '
-SubnetId $vnet.Subnets[0].Id '
-PublicIpAddressId $pip.Id '
-NetworkSecurityGroupId $nsg.Id
$VMLocalAdminUser = "LocalAdminUser"
$VMLocalAdminSecurePassword = ConvertTo-SecureString "password1!" '
-AsPlainText
-Force
$Credential = New-Object System.Management.Automation.PSCredential ($VMLocalAdminUser, $VMLocalAdminSecurePassword);
$vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize Standard_DS1_v2 | '
Set-AzureRmVMOperatingSystem -Windows -ComputerName $vmName -Credential $Credential | '
Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2016-Datacenter -Version latest | '
Add-AzureRmVMNetworkInterface -Id $nic.Id
New-AzureRmVM '
-ResourceGroupName $resourceGroup '
-Location $location '
-VM $vmConfig
Get-AzureRmPublicIpAddress '
-ResourceGroupName $resourceGroup | Select IpAddress
$PublicSettings = '{"commandToExecute":"powershell Add-WindowsFeature Web-Server"}'
Set-Item WSMan:\localhost\Client\TrustedHosts '
-Value * #$pip.ToString()
Enable-PSRemoting –Force
$serviceCreds = New-Object '
-TypeName System.Management.Automation.PSCredential '
-ArgumentList $VMLocalAdminUser, $VMLocalAdminSecurePassword
$setupSession = New-PSSession '
-ComputerName $pip '
-Port 5986 '
-Credential $serviceCreds '
-UseSSL
Remove-PSSession $setupSession
Tanto quanto eu posso ver, em nenhum momento você associa seu NSG com sua sub-rede. Você precisa executar algo assim
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName TestRG -Name TestVNet
Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name FrontEnd '
-AddressPrefix 192.168.1.0/24 -NetworkSecurityGroup $nsg
Além disso, se você quiser dar uma olhada nos modelos ARM, eles tornam isso muito mais simples.
Eu testei no meu laboratório, no seu script, há alguns erros no seu script. Você não adiciona regras $nsgRulePS ao seu NSG. Você precisa modificar seu script como abaixo:
$nsg = New-AzureRmNetworkSecurityGroup '
-ResourceGroupName $resourceGroup '
-Location $location '
-Name $myNetworkSecurityGroup '
-SecurityRules $nsgRuleHTTP,$nsgRuleRDP,$nsgRulePS
Eu modifico o seu script como abaixo, isso funciona para mim.
# Variables for common values
$resourceGroup = "rgTest"
$location = "East US"
$vmName = "vmTest"
$SubscriptionName = "subscription test"
##storage account name is wrong New-AzureRmStorageAccount : sanTest is not a valid storage account name. Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only.
#$StorageAccountName = "sanTest"
$StorageAccountName = "shuitest12"
$NetworkSecurityGroupName = "nsgTest"
$myNic = 'nicTest'
$MYvNET = 'vnetTest'
$myNetworkSecurityGroupRuleHTTP = 'nsgruleHTTPTest'
$myNetworkSecurityGroupRuleRDP = 'nsgruleRDPTest'
$myNetworkSecurityGroupRuleWWW = 'nsgruleWWWTest'
$myNetworkSecurityGroupRulePS = 'nsgrulePSTest'
$myNetworkSecurityGroup = 'nsgTest'
$rcgTest = 'rcgTest'
$secpasswd = ConvertTo-SecureString "password1" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("[email protected]", $secpasswd)
Add-AzureRmAccount -Credential $cred
Login-AzureRmAccount -Credential $cred
Select-AzureRmSubscription -SubscriptionName $SubscriptionName
Get-AzureRmResourceGroup -Name $resourceGroup -ev notPresent -ea 0
if ($notPresent)
{
New-AzureRmResourceGroup -Name $resourceGroup -Location $location
}
$subnetConfig = New-AzureRmVirtualNetworkSubnetConfig '
-Name mySubnet '
-AddressPrefix 192.168.1.0/24
New-AzureRmStorageAccount '
-Location $Location '
-ResourceGroupName $ResourceGroup '
–StorageAccountName $StorageAccountName '
-SkuName Standard_GRS
$vnet = New-AzureRmVirtualNetwork '
-ResourceGroupName $resourceGroup '
-Location $location '
-Name $MYvNET '
-AddressPrefix 192.168.0.0/16 '
-Subnet $subnetConfig
$pip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroup '
-Location $location '
-Name "mypublicdns$(Get-Random)" '
-AllocationMethod Static '
-IdleTimeoutInMinutes 4
$nsgRuleHTTP = New-AzureRmNetworkSecurityRuleConfig '
-Name $myNetworkSecurityGroupRuleHTTP '
-Protocol Tcp '
-Direction Inbound '
-Priority 1000 '
-SourceAddressPrefix * '
-SourcePortRange * '
-DestinationAddressPrefix * '
-DestinationPortRange 80 '
-Access Allow
$nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig '
-Name $myNetworkSecurityGroupRuleRDP '
-Protocol Tcp '
-Direction Inbound '
-Priority 1100 '
-SourceAddressPrefix * '
-SourcePortRange * '
-DestinationAddressPrefix * '
-DestinationPortRange 3389 '
-Access Allow
$nsgRulePS = New-AzureRmNetworkSecurityRuleConfig '
-Name $myNetworkSecurityGroupRulePS '
-Protocol Tcp '
-Direction Inbound '
-Priority 1200 -SourceAddressPrefix * '
-SourcePortRange * '
-DestinationAddressPrefix * '
-DestinationPortRange 5986 '
-Access Allow
$nsg = New-AzureRmNetworkSecurityGroup '
-ResourceGroupName $resourceGroup '
-Location $location '
-Name $myNetworkSecurityGroup '
-SecurityRules $nsgRuleHTTP,$nsgRuleRDP,$nsgRulePS
$nic = New-AzureRmNetworkInterface '
-Name $myNic '
-ResourceGroupName $resourceGroup '
-Location $location '
-SubnetId $vnet.Subnets[0].Id '
-PublicIpAddressId $pip.Id '
-NetworkSecurityGroupId $nsg.Id
##use name could not admin
$VMLocalAdminUser = "<your user name>"
$VMLocalAdminSecurePassword = ConvertTo-SecureString "<your password>" '
-AsPlainText '
-Force
$Credential = New-Object System.Management.Automation.PSCredential ($VMLocalAdminUser, $VMLocalAdminSecurePassword);
$vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize Standard_DS1_v2 | Set-AzureRmVMOperatingSystem -Windows -ComputerName $vmName -Credential $Credential | '
Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2016-Datacenter -Version latest | '
Add-AzureRmVMNetworkInterface -Id $nic.Id
New-AzureRmVM '
-ResourceGroupName $resourceGroup '
-Location $location '
-VM $vmConfig
Get-AzureRmPublicIpAddress '
-ResourceGroupName $resourceGroup | Select IpAddress
No entanto, quando a VM for criada com êxito, você não poderá winrm o servidor diretamente. Você precisa seguir os seguintes passos:
1.Abra a porta 5986 na sua VM do Windows, você precisa do RDP na sua VM e defina-a. O Azure PowerShell não pôde fazer isso.
2.Configure o winrm escuta no 5986, ele está escutando em 5985 por padrão. Você também precisa adicionar certificado em sua VM. Consulte este link .
Atualização:
Se você quiser usar o WinRM-HTTP e não HTTPs, não precisa configurar o certificado na VM, basta abrir a porta 5985 no Firewall do Windows.
Observações: você deve abrir a porta 5985 no NSG do Azure.
Você pode fazer isso com Extensão de script personalizada . executado quando a VM está criando. Apenas o seu script como um arquivo ps.
New-NetFirewallRule -DisplayName "WinRM-HTTP- Allow Port 5985" -Direction Inbound -LocalPort 5985 -Protocol TCP -Action Allow
Você pode fazer upload do script para a conta de armazenamento do Azure ou github.
Para mais informações, consulte este link .
Tags remote-access powershell azure