Automate Certificate Configuration to establish secure Remote PowerShell to Azure VM
What better way to remotely manage Azure VMs than through the Powershell? Once PSRemoting is enabled on your VM you may try to launch an Enter-PSSession only to encounter the following error:
Enter-PSSession : Connecting to remote server jakesnewservice.cloudapp.net failed with the
following error message : The server certificate on the destination computer (jakesnewservice.cloudapp.net:54355) has the following errors: The SSL certificate is signed by an unknown certificate authority. For more information, see the about_Remote_Troubleshooting Help topic.
This is because Remote Powershell utilizes HTTPS (this is a good thing), but necessitates that the automatically generated self-signed certificate created by Windows Azure be downloaded and installed on your management device.
Sandrino Di Mattia has a fantastic write-up on how to accomplish this manually in his article:
Using Remote Powershell with Windows Azure Virtual Machines
There is a way to accomplish this in an automated fashion by leveraging a script written by michaelwasham available in the Technet Script Center:
Configures Secure Remote PowerShell Access to Windows Azure Virtual Machines
This script should be used in conjunction with the Windows Azure PowerShell cmdlets to enable secure Remote PowerShell connectivity to a virtual machine created in Windows Azure.
Here is a full working example of how to leverage this script to establish a secure Remote PowerShell to Azure VM connection:
$subName = "Visual Studio Professional with MSDN" $cloudService = "jakesNewService" $vmName = "jakesfirstVM" .\InstallWinRMCertAzureVM.ps1 -SubscriptionName $subName -ServiceName $cloudService -Name $vmName # Return back the correct URI for Remote PowerShell $uri = Get-AzureWinRMUri -ServiceName $cloudService -Name $vmName # Credentials for the VM $cred = Get-Credential # Open a New Remote PowerShell Session Enter-PSSession -ConnectionUri $uri -Credential $cred
You should then see your cloud PSSession prompt:
[jakesnewservice.cloudapp.net]: PS C:\Users\jake\Documents>
Note: Once the certificate is installed on your management device you will no longer require this line in your script:
.\InstallWinRMCertAzureVM.ps1 -SubscriptionName $subName -ServiceName $cloudService -Name $vmName