Configure PowerShell remoting for Azure VMs

Hey scripters, in todays article I want to show you how to configure PowerShell remoting for Azure VMs.

Recently I wanted to run the script which will check installed software on all of my Azure VMs.
Unfortunately I received following error from each of the machine.

I thought that it is only the problem with firewall configuration on Azure VM, so I configure additional rulles to allow connection on port 5986, but it didn’t help.

After read few articles I found that to connect remotly to Azure VM, certificate for virtual machine should be created and additionaly PSRemoting should be enabled.

To enable PSRemoting I’ve used below command, which automatically configure WinRM and PS sessions to receive remote commands.

Enable-PSRemoting

Once PSRemoting was configured, I generated self signed certificate (it’s better to create certificate via Certifacte Autohirty but I don’t have any 🙂 ).
DnsName in below command should be adjusted to your machine name.

$Certificate = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName PowershellBros.domain.net

To configure firewall rule on the OS level below commands should be used.

New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Certificate.Thumbprint -Force
New-NetFirewallRule -DisplayName 'WinRM HTTPS-In' -Name 'WinRM HTTPS-In' -Profile Any -LocalPort 5986 -Protocol TCP

First command configure WSMan listener to use newly created certificate, second one set rule for port 5986 in firewall.

If we correctly configure PowerShell remoting for Azure VMs we should be able to connect to each of our VMs.
To verify that adjust IP variable to your Azure VM IP run use below command.

$IP = "xx.xx.xx.xx"
Enter-PSSession -ConnectionUri https://"$IP":5986 -Credential (Get-Credential) -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck) -Authentication Negotiate

I hope it will be usefull for some of you 😉
Enjoy!

Leave a Reply

Your email address will not be published. Required fields are marked *