O PC local não pode se conectar à nova VM do Azure recém-criada. Erro-… nome do servidor não pode ser resolvido

1

Renúncia de responsabilidade padrão, muito nova com o powershell e as máquinas remotas do Azure. Aqui está o meu script de powershell. Está falhando neste comando:

$ setupSession = New-PSSession -ComputerName $ pip -Port 5986 -Credential $ serviceCreds -UseSSL

aqui está o meu script.

# Variables for common values
$resourceGroup = "rgTest"
$location = "East US"
$vmName = "vmTest"
$SubscriptionName = "subscription test"
$StorageAccountName = "sanTest"
$NetworkSecurityGroupName  = "nsgTest"
$myNic = 'nicTest'
$MYvNET = 'vnetTest'
$myNetworkSecurityGroupRuleHTTP = 'nsgruleHTTPTest'
$myNetworkSecurityGroupRuleRDP = 'nsgruleRDPTest'
$myNetworkSecurityGroupRuleWWW = 'nsgruleWWWTest'
$myNetworkSecurityGroupRulePS = 'nsgrulePSTest'
$myNetworkSecurityGroup = 'nsgTest'
$rcgTest = 'rcgTest'

$secpasswd = ConvertTo-SecureString "password1" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("[email protected]", $secpasswd)

Add-AzureRmAccount -Credential $cred
Login-AzureRmAccount -Credential $cred

Select-AzureRmSubscription -SubscriptionName $SubscriptionName
Get-AzureRmResourceGroup -Name $resourceGroup -ev notPresent -ea 0
if ($notPresent)
{
    New-AzureRmResourceGroup -Name $resourceGroup -Location $location
}

$subnetConfig = New-AzureRmVirtualNetworkSubnetConfig '
   -Name mySubnet '
   -AddressPrefix 192.168.1.0/24

New-AzureRmStorageAccount '
  -Location $Location '
  -ResourceGroupName $ResourceGroup '
  –StorageAccountName $StorageAccountName '
  -SkuName Standard_GRS '
  -SubscriptionName $SubscriptionName

$vnet = New-AzureRmVirtualNetwork '
  -ResourceGroupName $resourceGroup '
  -Location $location '
  -Name $MYvNET '
  -AddressPrefix 192.168.0.0/16 '
  -Subnet $subnetConfig

$pip = New-AzureRmPublicIpAddress ' 
   -ResourceGroupName $resourceGroup '
   -Location $location '
   -Name "mypublicdns$(Get-Random)" '
   -AllocationMethod Static '
   -IdleTimeoutInMinutes 4

$nsgRuleHTTP = New-AzureRmNetworkSecurityRuleConfig '
  -Name $myNetworkSecurityGroupRuleHTTP  '
  -Protocol Tcp '
  -Direction Inbound '
  -Priority 1000 '
  -SourceAddressPrefix * '
  -SourcePortRange * '
  -DestinationAddressPrefix * '
  -DestinationPortRange 80 '
  -Access Allow

$nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig '
   -Name $myNetworkSecurityGroupRuleRDP  '
   -Protocol Tcp '
   -Direction Inbound '
   -Priority 1100 '
   -SourceAddressPrefix * '
   -SourcePortRange * '
   -DestinationAddressPrefix * '
   -DestinationPortRange 3389 '
   -Access Allow

$nsgRulePS = New-AzureRmNetworkSecurityRuleConfig '
  -Name $myNetworkSecurityGroupRulePS  '
  -Protocol Tcp '
  -Direction Inbound '
  -Priority 1200 -SourceAddressPrefix * '
  -SourcePortRange * '
  -DestinationAddressPrefix * '
  -DestinationPortRange 5986 '
  -Access Allow

$nsg = New-AzureRmNetworkSecurityGroup '
  -ResourceGroupName $resourceGroup '
  -Location $location '
  -Name $myNetworkSecurityGroup '
  -SecurityRules $nsgRuleHTTP,$nsgRuleRDP

$nic = New-AzureRmNetworkInterface '
  -Name $myNic '
  -ResourceGroupName 

$resourceGroup 
   -Location $location '
   -SubnetId $vnet.Subnets[0].Id '
   -PublicIpAddressId $pip.Id '
   -NetworkSecurityGroupId $nsg.Id

$VMLocalAdminUser = "LocalAdminUser"
$VMLocalAdminSecurePassword = ConvertTo-SecureString "password1!" '
   -AsPlainText 
   -Force 

$Credential = New-Object System.Management.Automation.PSCredential ($VMLocalAdminUser, $VMLocalAdminSecurePassword); 

$vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize Standard_DS1_v2 | ' 
   Set-AzureRmVMOperatingSystem -Windows -ComputerName $vmName -Credential $Credential | '
   Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2016-Datacenter -Version latest | '
   Add-AzureRmVMNetworkInterface -Id $nic.Id 

New-AzureRmVM '
     -ResourceGroupName $resourceGroup '
     -Location $location '
     -VM $vmConfig

Get-AzureRmPublicIpAddress '
  -ResourceGroupName $resourceGroup | Select IpAddress

$PublicSettings = '{"commandToExecute":"powershell Add-WindowsFeature Web-Server"}'

Set-Item WSMan:\localhost\Client\TrustedHosts '
    -Value * #$pip.ToString() 

Enable-PSRemoting –Force

$serviceCreds = New-Object '
    -TypeName System.Management.Automation.PSCredential '
    -ArgumentList $VMLocalAdminUser, $VMLocalAdminSecurePassword

$setupSession = New-PSSession '
    -ComputerName $pip '
    -Port 5986 '
    -Credential $serviceCreds '
    -UseSSL

Remove-PSSession $setupSession
    
por Greg P 19.05.2017 / 17:08

2 respostas

0

Tanto quanto eu posso ver, em nenhum momento você associa seu NSG com sua sub-rede. Você precisa executar algo assim

$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName TestRG -Name TestVNet
Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name FrontEnd '
-AddressPrefix 192.168.1.0/24 -NetworkSecurityGroup $nsg

Além disso, se você quiser dar uma olhada nos modelos ARM, eles tornam isso muito mais simples.

    
por 19.05.2017 / 20:19
0

Eu testei no meu laboratório, no seu script, há alguns erros no seu script. Você não adiciona regras $nsgRulePS ao seu NSG. Você precisa modificar seu script como abaixo:

$nsg = New-AzureRmNetworkSecurityGroup '
  -ResourceGroupName $resourceGroup '
  -Location $location '
  -Name $myNetworkSecurityGroup '
  -SecurityRules $nsgRuleHTTP,$nsgRuleRDP,$nsgRulePS

Eu modifico o seu script como abaixo, isso funciona para mim.

# Variables for common values
$resourceGroup = "rgTest"
$location = "East US"
$vmName = "vmTest"
$SubscriptionName = "subscription test"
##storage account name is wrong  New-AzureRmStorageAccount : sanTest is not a valid storage account name. Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only.
#$StorageAccountName = "sanTest"
$StorageAccountName = "shuitest12"
$NetworkSecurityGroupName  = "nsgTest"
$myNic = 'nicTest'
$MYvNET = 'vnetTest'
$myNetworkSecurityGroupRuleHTTP = 'nsgruleHTTPTest'
$myNetworkSecurityGroupRuleRDP = 'nsgruleRDPTest'
$myNetworkSecurityGroupRuleWWW = 'nsgruleWWWTest'
$myNetworkSecurityGroupRulePS = 'nsgrulePSTest'
$myNetworkSecurityGroup = 'nsgTest'
$rcgTest = 'rcgTest'

$secpasswd = ConvertTo-SecureString "password1" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("[email protected]", $secpasswd)

Add-AzureRmAccount -Credential $cred
Login-AzureRmAccount -Credential $cred

Select-AzureRmSubscription -SubscriptionName $SubscriptionName
Get-AzureRmResourceGroup -Name $resourceGroup -ev notPresent -ea 0
if ($notPresent)
{
    New-AzureRmResourceGroup -Name $resourceGroup -Location $location
}

$subnetConfig = New-AzureRmVirtualNetworkSubnetConfig '
   -Name mySubnet '
   -AddressPrefix 192.168.1.0/24

New-AzureRmStorageAccount '
  -Location $Location '
  -ResourceGroupName $ResourceGroup '
  –StorageAccountName $StorageAccountName '
  -SkuName Standard_GRS 

$vnet = New-AzureRmVirtualNetwork '
  -ResourceGroupName $resourceGroup '
  -Location $location '
  -Name $MYvNET '
  -AddressPrefix 192.168.0.0/16 '
  -Subnet $subnetConfig

$pip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroup '
   -Location $location '
   -Name "mypublicdns$(Get-Random)" '
   -AllocationMethod Static '
   -IdleTimeoutInMinutes 4

$nsgRuleHTTP = New-AzureRmNetworkSecurityRuleConfig '
  -Name $myNetworkSecurityGroupRuleHTTP  '
  -Protocol Tcp '
  -Direction Inbound '
  -Priority 1000 '
  -SourceAddressPrefix * '
  -SourcePortRange * '
  -DestinationAddressPrefix * '
  -DestinationPortRange 80 '
  -Access Allow

$nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig '
   -Name $myNetworkSecurityGroupRuleRDP  '
   -Protocol Tcp '
   -Direction Inbound '
   -Priority 1100 '
   -SourceAddressPrefix * '
   -SourcePortRange * '
   -DestinationAddressPrefix * '
   -DestinationPortRange 3389 '
   -Access Allow

$nsgRulePS = New-AzureRmNetworkSecurityRuleConfig '
  -Name $myNetworkSecurityGroupRulePS  '
  -Protocol Tcp '
  -Direction Inbound '
  -Priority 1200 -SourceAddressPrefix * '
  -SourcePortRange * '
  -DestinationAddressPrefix * '
  -DestinationPortRange 5986 '
  -Access Allow

$nsg = New-AzureRmNetworkSecurityGroup '
  -ResourceGroupName $resourceGroup '
  -Location $location '
  -Name $myNetworkSecurityGroup '
  -SecurityRules $nsgRuleHTTP,$nsgRuleRDP,$nsgRulePS

$nic = New-AzureRmNetworkInterface '
  -Name $myNic '
  -ResourceGroupName $resourceGroup '
   -Location $location '
   -SubnetId $vnet.Subnets[0].Id '
   -PublicIpAddressId $pip.Id '
   -NetworkSecurityGroupId $nsg.Id

##use name could not admin
$VMLocalAdminUser = "<your user name>"
$VMLocalAdminSecurePassword = ConvertTo-SecureString "<your password>" '
   -AsPlainText '
   -Force 

$Credential = New-Object System.Management.Automation.PSCredential ($VMLocalAdminUser, $VMLocalAdminSecurePassword); 

$vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize Standard_DS1_v2 | Set-AzureRmVMOperatingSystem -Windows -ComputerName $vmName -Credential $Credential | '
   Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2016-Datacenter -Version latest | '
   Add-AzureRmVMNetworkInterface -Id $nic.Id 

New-AzureRmVM '
     -ResourceGroupName $resourceGroup '
     -Location $location '
     -VM $vmConfig

Get-AzureRmPublicIpAddress '
  -ResourceGroupName $resourceGroup | Select IpAddress

No entanto, quando a VM for criada com êxito, você não poderá winrm o servidor diretamente. Você precisa seguir os seguintes passos:

1.Abra a porta 5986 na sua VM do Windows, você precisa do RDP na sua VM e defina-a. O Azure PowerShell não pôde fazer isso.

2.Configure o winrm escuta no 5986, ele está escutando em 5985 por padrão. Você também precisa adicionar certificado em sua VM. Consulte este link .

Atualização:

Se você quiser usar o WinRM-HTTP e não HTTPs, não precisa configurar o certificado na VM, basta abrir a porta 5985 no Firewall do Windows.

Observações: você deve abrir a porta 5985 no NSG do Azure.

Você pode fazer isso com Extensão de script personalizada . executado quando a VM está criando. Apenas o seu script como um arquivo ps.

New-NetFirewallRule -DisplayName "WinRM-HTTP- Allow Port 5985" -Direction Inbound -LocalPort 5985 -Protocol TCP -Action Allow

Você pode fazer upload do script para a conta de armazenamento do Azure ou github.

Para mais informações, consulte este link .

    
por 22.05.2017 / 08:10