I have been trying to get an Azure Automation job (RunBook) to run properly on one of my Azure Virtual Machines.
Thanks in advance for your help.
Where I am an so far:
I've successfully created an AzureRunAsConnection and worked through the tutorials successfully having run an Azure job.
I figured I'd try to get an actual task done, in this case a PowerShell script that will kill a running process and the kick of a scheduled task to start it back up again.
我已经成功地从本地工作站上的PowerShell将此脚本运行到我要与Azure联系的同一Azure主机上自动化工作,因此我非常有信心在 权限设置正确.例如,我确信启用了PowerShell远程管理,因为它可以工作.
I've successfully run this script from PowerShell on my local workstation to the same Azure host I'm trying to reach with my Azure Automation job, so I'm pretty confident that it does work when the permissions are setup correctly. For example, I'm confident that PowerShell remote management is enabled because it works.
我怀疑我在尝试连接到我的AzureRunAsConnection所在的安全内容时遇到权限问题Azure VM. 我无法集中精力解决这些连接/凭据如何转换为在Azure VM上实际执行操作的权限.
I suspect that I've got a permissions problem with the security content that the AzureRunAsConnection is running under when it attempts to connect to my Azure VM. I'm having trouble wrapping my brain around how these connections/credentials translate to permissions to actually do something on an Azure VM.
It's failing on the get-process so everything else fails.
Here is the script that I'm running.
连接类型: AzureServicePrincipal名为-> AzureRunAsConnection
Connection type: AzureServicePrincipal named -> AzureRunAsConnection
Runbook类型: PowerShell Runbook
Runbook type: PowerShell Runbook
Connect-AzureRmAccount -ServicePrincipal -Tenant $ Conn.TenantID -ApplicationId $ Conn.ApplicationID -CertificateThumbprint $ Conn.CertificateThumbprint
Connect-AzureRmAccount -ServicePrincipal -Tenant $Conn.TenantID -ApplicationId $Conn.ApplicationID -CertificateThumbprint $Conn.CertificateThumbprint
1. Create a self-signed certificate.
Use makecert.exe 创建它.
Use makecert.exe to create it.
2.Config Winrm收听 HTTPS ,并在CMD中运行此脚本:
2.Config Winrm listen on HTTPS, run this script in CMD:
winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Port="5986" ;Hostname="vm" ;CertificateThumbprint="00000000000000000000000000000000000000000"}
3. 在Azure NSG入站规则和Windows防火墙入站规则中添加端口5986.
3.Add port 5986 in Azure NSG inbound rules and windows firewall inbound rules.