在虚拟机上运行执行PowerShell命令的Azure runbook时出错_Powershell_Azure_Azure Virtual Machine_Powershell Remoting_Runbook

在虚拟机上运行执行PowerShell命令的Azure runbook时出错

powershell azure

在虚拟机上运行执行PowerShell命令的Azure runbook时出错,powershell,azure,azure-virtual-machine,powershell-remoting,runbook,Powershell,Azure,Azure Virtual Machine,Powershell Remoting,Runbook,我试图在runbook中执行这段代码，使用“Invoke命令”连接到VM $connectionName = "AzureRunAsConnection" try { # Get the connection "AzureRunAsConnection " $servicePrincipalConnection=Get-AutomationConnection -Name $connectionName "Logging in to Azure" Add-Azu

我试图在runbook中执行这段代码，使用“Invoke命令”连接到VM

$connectionName = "AzureRunAsConnection"
try
{
    # Get the connection "AzureRunAsConnection "
    $servicePrincipalConnection=Get-AutomationConnection -Name $connectionName

    "Logging in to Azure"
    Add-AzureRmAccount `
        -ServicePrincipal `
        -TenantId $servicePrincipalConnection.TenantId `
        -ApplicationId $servicePrincipalConnection.ApplicationId `
        -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint

    # Use the subscription that this Automation account is in
    $null = Select-AzureRmSubscription -SubscriptionId $servicePrincipalConnection.SubscriptionID
    Get-AzureRmVM | Select Name
    $dcred = Get-AutomationPSCredential -Name 'myvm1creds'
    Write-Output $DomainCred
    $opts = New-PSSessionOption -SkipCACheck
    Invoke-Command -Computername 'myVM1' -Credential $dcred -ScriptBlock {Get-Process} -SessionOption $opts
}
catch {
    if (!$servicePrincipalConnection)
    {
        $ErrorMessage = "Connection $connectionName not found."
        throw $ErrorMessage
    } else{
        Write-Error -Message $_.Exception
        throw $_.Exception
    } 
}

获取以下错误：

[myVM1]连接到远程服务器myVM1失败，错误消息如下：WinRM客户端无法处理要求如果身份验证方案不同于Kerberos，或者如果客户端计算机未加入域，然后必须使用HTTPS传输，或者必须将目标计算机添加到TrustedHosts配置设置中。使用winrm.cmd配置TrustedHosts。请注意，TrustedHosts列表中的计算机可能未经过身份验证。你您可以通过运行以下命令获取更多信息：winrm help config。有关更多信息，请参阅关于远程故障排除帮助主题。 +CategoryInfo:OpenError:（myVM1:String）[]，PSRemotingTransportException +FullyQualifiedErrorId:ServerNotTrusted，PSSessionStateBreaked

在Azure runbook中，我们不能使用传输HTTP连接Azure虚拟机，因为Azure runbook无法添加信任主机，所以我们需要使用HTTPS连接Azure虚拟机

以下是我的步骤：
1.创建自签名证书

使用

makecert.exe

创建它

2.Config Winrm listen onHTTPS，在CMD中运行此脚本：

winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Port="5986" ;Hostname="jasonvm" ;CertificateThumbprint="98941E137CDF9553CCB0C28D5814EB9EDB1AC87D"}

3.在Azure NSG入站规则和windows防火墙入站规则中添加端口5986。 4.我们可以使用此runbook连接Azure VM：

$connectionName = "AzureRunAsConnection"
try
{
    # Get the connection "AzureRunAsConnection "
    $servicePrincipalConnection=Get-AutomationConnection -Name $connectionName         

    "Logging in to Azure..."
    Add-AzureRmAccount `
        -ServicePrincipal `
        -TenantId $servicePrincipalConnection.TenantId `
        -ApplicationId $servicePrincipalConnection.ApplicationId `
        -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint 


    $null = Select-AzureRmSubscription -SubscriptionId $servicePrincipalConnection.SubscriptionID
    Get-AzureRmVM | Select Name
    $dcred = Get-AutomationPSCredential -Name 'jasonvm'
    Write-Output $DomainCred
    $opts = New-PSSession -ConnectionUri 'https://52.185.148.177:5986' -Credential $dcred -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)
    Invoke-Command -Session $opts -ScriptBlock {Get-Process}

}
catch {
    if (!$servicePrincipalConnection)
    {
        $ErrorMessage = "Connection $connectionName not found."
        throw $ErrorMessage
    } else{
        Write-Error -Message $_.Exception
        throw $_.Exception
    }
}

以下是我的结果：

的可能重复。可能重复而不是使用“-ConnectionUri”“”。我们可以使用VM名称获取它吗？我试过了，但没有成功。