标准免责声明,对于PowerShell和Azure远程机器来说是非常新的。 这是我的powershell脚本。 这个命令失败了:
$ setupSession = New-PSSession -ComputerName $ pip -Port 5986 -Credential $ serviceCreds -UseSSL
这是我的脚本。
# Variables for common values $resourceGroup = "rgTest" $location = "East US" $vmName = "vmTest" $SubscriptionName = "subscription test" $StorageAccountName = "sanTest" $NetworkSecurityGroupName = "nsgTest" $myNic = 'nicTest' $MYvNET = 'vnetTest' $myNetworkSecurityGroupRuleHTTP = 'nsgruleHTTPTest' $myNetworkSecurityGroupRuleRDP = 'nsgruleRDPTest' $myNetworkSecurityGroupRuleWWW = 'nsgruleWWWTest' $myNetworkSecurityGroupRulePS = 'nsgrulePSTest' $myNetworkSecurityGroup = 'nsgTest' $rcgTest = 'rcgTest' $secpasswd = ConvertTo-SecureString "password1" -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential("[email protected]", $secpasswd) Add-AzureRmAccount -Credential $cred Login-AzureRmAccount -Credential $cred Select-AzureRmSubscription -SubscriptionName $SubscriptionName Get-AzureRmResourceGroup -Name $resourceGroup -ev notPresent -ea 0 if ($notPresent) { New-AzureRmResourceGroup -Name $resourceGroup -Location $location } $subnetConfig = New-AzureRmVirtualNetworkSubnetConfig ` -Name mySubnet ` -AddressPrefix 192.168.1.0/24 New-AzureRmStorageAccount ` -Location $Location ` -ResourceGroupName $ResourceGroup ` –StorageAccountName $StorageAccountName ` -SkuName Standard_GRS ` -SubscriptionName $SubscriptionName $vnet = New-AzureRmVirtualNetwork ` -ResourceGroupName $resourceGroup ` -Location $location ` -Name $MYvNET ` -AddressPrefix 192.168.0.0/16 ` -Subnet $subnetConfig $pip = New-AzureRmPublicIpAddress ` -ResourceGroupName $resourceGroup ` -Location $location ` -Name "mypublicdns$(Get-Random)" ` -AllocationMethod Static ` -IdleTimeoutInMinutes 4 $nsgRuleHTTP = New-AzureRmNetworkSecurityRuleConfig ` -Name $myNetworkSecurityGroupRuleHTTP ` -Protocol Tcp ` -Direction Inbound ` -Priority 1000 ` -SourceAddressPrefix * ` -SourcePortRange * ` -DestinationAddressPrefix * ` -DestinationPortRange 80 ` -Access Allow $nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig ` -Name $myNetworkSecurityGroupRuleRDP ` -Protocol Tcp ` -Direction Inbound ` -Priority 1100 ` -SourceAddressPrefix * ` -SourcePortRange * ` -DestinationAddressPrefix * ` -DestinationPortRange 3389 ` -Access Allow $nsgRulePS = New-AzureRmNetworkSecurityRuleConfig ` -Name $myNetworkSecurityGroupRulePS ` -Protocol Tcp ` -Direction Inbound ` -Priority 1200 -SourceAddressPrefix * ` -SourcePortRange * ` -DestinationAddressPrefix * ` -DestinationPortRange 5986 ` -Access Allow $nsg = New-AzureRmNetworkSecurityGroup ` -ResourceGroupName $resourceGroup ` -Location $location ` -Name $myNetworkSecurityGroup ` -SecurityRules $nsgRuleHTTP,$nsgRuleRDP $nic = New-AzureRmNetworkInterface ` -Name $myNic ` -ResourceGroupName $resourceGroup -Location $location ` -SubnetId $vnet.Subnets[0].Id ` -PublicIpAddressId $pip.Id ` -NetworkSecurityGroupId $nsg.Id $VMLocalAdminUser = "LocalAdminUser" $VMLocalAdminSecurePassword = ConvertTo-SecureString "password1!" ` -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ($VMLocalAdminUser, $VMLocalAdminSecurePassword); $vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize Standard_DS1_v2 | ` Set-AzureRmVMOperatingSystem -Windows -ComputerName $vmName -Credential $Credential | ` Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2016-Datacenter -Version latest | ` Add-AzureRmVMNetworkInterface -Id $nic.Id New-AzureRmVM ` -ResourceGroupName $resourceGroup ` -Location $location ` -VM $vmConfig Get-AzureRmPublicIpAddress ` -ResourceGroupName $resourceGroup | Select IpAddress $PublicSettings = '{"commandToExecute":"powershell Add-WindowsFeature Web-Server"}' Set-Item WSMan:\localhost\Client\TrustedHosts ` -Value * #$pip.ToString() Enable-PSRemoting –Force $serviceCreds = New-Object ` -TypeName System.Management.Automation.PSCredential ` -ArgumentList $VMLocalAdminUser, $VMLocalAdminSecurePassword $setupSession = New-PSSession ` -ComputerName $pip ` -Port 5986 ` -Credential $serviceCreds ` -UseSSL Remove-PSSession $setupSession 据我所知,在任何时候你都不会把你的NSG与你的子网联系起来。 你需要运行这样的东西
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName TestRG -Name TestVNet Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name FrontEnd ` -AddressPrefix 192.168.1.0/24 -NetworkSecurityGroup $nsg
另外,如果你想看看ARM模板,他们会更简单。
我在我的实验室testing,在你的脚本中,脚本中有一些错误。 您不要将$nsgRulePS规则添加到您的NSG。 你需要修改你的脚本,如下所示:
$nsg = New-AzureRmNetworkSecurityGroup ` -ResourceGroupName $resourceGroup ` -Location $location ` -Name $myNetworkSecurityGroup ` -SecurityRules $nsgRuleHTTP,$nsgRuleRDP,$nsgRulePS
我修改你的脚本,如下所示,它适用于我。
# Variables for common values $resourceGroup = "rgTest" $location = "East US" $vmName = "vmTest" $SubscriptionName = "subscription test" ##storage account name is wrong New-AzureRmStorageAccount : sanTest is not a valid storage account name. Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only. #$StorageAccountName = "sanTest" $StorageAccountName = "shuitest12" $NetworkSecurityGroupName = "nsgTest" $myNic = 'nicTest' $MYvNET = 'vnetTest' $myNetworkSecurityGroupRuleHTTP = 'nsgruleHTTPTest' $myNetworkSecurityGroupRuleRDP = 'nsgruleRDPTest' $myNetworkSecurityGroupRuleWWW = 'nsgruleWWWTest' $myNetworkSecurityGroupRulePS = 'nsgrulePSTest' $myNetworkSecurityGroup = 'nsgTest' $rcgTest = 'rcgTest' $secpasswd = ConvertTo-SecureString "password1" -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential("[email protected]", $secpasswd) Add-AzureRmAccount -Credential $cred Login-AzureRmAccount -Credential $cred Select-AzureRmSubscription -SubscriptionName $SubscriptionName Get-AzureRmResourceGroup -Name $resourceGroup -ev notPresent -ea 0 if ($notPresent) { New-AzureRmResourceGroup -Name $resourceGroup -Location $location } $subnetConfig = New-AzureRmVirtualNetworkSubnetConfig ` -Name mySubnet ` -AddressPrefix 192.168.1.0/24 New-AzureRmStorageAccount ` -Location $Location ` -ResourceGroupName $ResourceGroup ` –StorageAccountName $StorageAccountName ` -SkuName Standard_GRS $vnet = New-AzureRmVirtualNetwork ` -ResourceGroupName $resourceGroup ` -Location $location ` -Name $MYvNET ` -AddressPrefix 192.168.0.0/16 ` -Subnet $subnetConfig $pip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroup ` -Location $location ` -Name "mypublicdns$(Get-Random)" ` -AllocationMethod Static ` -IdleTimeoutInMinutes 4 $nsgRuleHTTP = New-AzureRmNetworkSecurityRuleConfig ` -Name $myNetworkSecurityGroupRuleHTTP ` -Protocol Tcp ` -Direction Inbound ` -Priority 1000 ` -SourceAddressPrefix * ` -SourcePortRange * ` -DestinationAddressPrefix * ` -DestinationPortRange 80 ` -Access Allow $nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig ` -Name $myNetworkSecurityGroupRuleRDP ` -Protocol Tcp ` -Direction Inbound ` -Priority 1100 ` -SourceAddressPrefix * ` -SourcePortRange * ` -DestinationAddressPrefix * ` -DestinationPortRange 3389 ` -Access Allow $nsgRulePS = New-AzureRmNetworkSecurityRuleConfig ` -Name $myNetworkSecurityGroupRulePS ` -Protocol Tcp ` -Direction Inbound ` -Priority 1200 -SourceAddressPrefix * ` -SourcePortRange * ` -DestinationAddressPrefix * ` -DestinationPortRange 5986 ` -Access Allow $nsg = New-AzureRmNetworkSecurityGroup ` -ResourceGroupName $resourceGroup ` -Location $location ` -Name $myNetworkSecurityGroup ` -SecurityRules $nsgRuleHTTP,$nsgRuleRDP,$nsgRulePS $nic = New-AzureRmNetworkInterface ` -Name $myNic ` -ResourceGroupName $resourceGroup ` -Location $location ` -SubnetId $vnet.Subnets[0].Id ` -PublicIpAddressId $pip.Id ` -NetworkSecurityGroupId $nsg.Id ##use name could not admin $VMLocalAdminUser = "<your user name>" $VMLocalAdminSecurePassword = ConvertTo-SecureString "<your password>" ` -AsPlainText ` -Force $Credential = New-Object System.Management.Automation.PSCredential ($VMLocalAdminUser, $VMLocalAdminSecurePassword); $vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize Standard_DS1_v2 | Set-AzureRmVMOperatingSystem -Windows -ComputerName $vmName -Credential $Credential | ` Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2016-Datacenter -Version latest | ` Add-AzureRmVMNetworkInterface -Id $nic.Id New-AzureRmVM ` -ResourceGroupName $resourceGroup ` -Location $location ` -VM $vmConfig Get-AzureRmPublicIpAddress ` -ResourceGroupName $resourceGroup | Select IpAddress
但是,当虚拟机创build成功时,您将无法直接访问服务器。 您需要执行以下步骤:
1.在Windows VM上打开端口5986,你需要RDP到你的虚拟机并设置它。 Azure PowerShell无法做到这一点。
2.configurationwinrm监听5986,默认监听5985。 您还需要在虚拟机上添加证书。 请参考这个链接 。
更新:
如果要使用WinRM-HTTP而不是HTTP,则不需要在虚拟机上configuration证书,只需要在Windows防火墙上打开端口5985即可。
注意:你应该在Azure NSG上打开5985端口。
你可以使用自定义脚本扩展来完成 ,当虚拟机正在创build时,它会被执行。 只是你的脚本作为一个PS文件。
New-NetFirewallRule -DisplayName "WinRM-HTTP- Allow Port 5985" -Direction Inbound -LocalPort 5985 -Protocol TCP -Action Allow
您可以将脚本上传到Azure存储帐户或github。
更多关于它的信息请参考这个链接 。