我正在尝试使用Azure Runbook脚本中的WINRM HTTP客户端作为工作流模块,在与Azure Active Directory域控制器连接的azure虚拟机中执行远程命令。 这是连接远程会话的代码。
代码:
$uri- kerberoscluster.eastus2.cloudapp.azure.com (WINRM HTTP port 5985 and WINRM HTTPS port 5986 were enabled)
$cred- New-Object -typename System.Management.Automation.PSCredential -argumentlist $vmusername, $vmsecurepassword
New-PSSession -ComputerName $uri -Credential $cred
我需要使用Runbook脚本在远程虚拟机中执行远程命令。但Runbook脚本执行已暂停,但有以下异常。同样的事情在本地网络中工作正常。
The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: [kerberoscluster.eastus2.cloudapp.azure.com] Connecting to remote server kerberoscluster.eastus2.cloudapp.azure.com failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
https://docs.microsoft.com/en-us/azure/automation/automation-troubleshooting-automation-errors#troubleshoot-common-errors-when-working-with-runbooks
此外,我还尝试使用WINRM HTTPS客户端通过引用以下链接来连接远程会话 https://blogs.technet.microsoft.com/rohit-minni/2017/01/18/remoting-into-azure-arm-virtual-machines-using-powershell/
得到以下例外:
New-PSSession : [kerberoscluster.eastus2.cloudapp.azure.com] Connecting to remote server
kerberoscluster.eastus2.cloudapp.azure.com failed with the following error message : WinRM cannot complete the
operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and
that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM
firewall exception for public profiles limits access to remote computers within the same local subnet. For more
information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ComputerName $uri -Credential $cred -UseSSL -SessionOption $sessi ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
gTransportException
+ FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionOpenFailed
非常感谢任何帮助。
答案 0 :(得分:0)
用于运行Runbook的组织用户标识或SPN是否具有包含VM的资源组所需的权限?此错误通常是由于权限问题引起的。