Sunday, March 29, 2015

PowerShell : A deep dive into remoting - Part 8

Before you start using Windows PowerShell on an Azure VM, you first need to ensure that Azure PowerShell module is installed on the VM. Azure PowerShell module is the one which provided all the cmdlets to manage the Azure VM infrastructure using PowerShell. You can download and install the Azure PowerShell modules by running the Microsoft Web Platform Installer on the VM. When prompted, click Run and the Web Platform Installer will install the Azure PowerShell modules and all dependencies or you can visit the link at http://azure.microsoft.com/en-us/downloads/#cmd-line-tools and install the Azure command-line interface. 

After the installation is complete, you can verify whether the Azure module is available by using the Get-Module -ListAvailable command.

Before you start working with the cmdlets, you need to authenticate to Windows Azure, you can either use the username and password method or use a certificate to connect to the subscription.
The Windows Azure PowerShell module includes cmdlets that help you download and import the certificate. First you have to use the Get-AzurePublishSettingsFile cmdlet which will open the Azure Management portal for you to download the subscription settings file. After downloading and saving the file to a location on the hard drive, you can use the Import-AzurePublishSettingsFile cmdlet to import the .publishsettings file for use by the module. This file includes a management certificate that has security credentials.

Once you have the subscription settings configured properly, you can now use the remote commands as in any server.  Remoting on Azure machine uses SSL and the port 5986 by default. You can test this by trying to create a PowerShell session like
Enter-PSSession azurevm1.cloudapp.net –Port 5986 –UseSSL –Credential (Get-Credential)

If the certificate from the remote machine is not added to the trusted authority of the local computer, then you’ll get an error saying “The server certificate on the destination computer (.cloudapp.net:) has the following errors: The SSL certificate is signed by an unknown certificate authority.”. If the certificate error is thrown then you need to add the certificate from the remote server to the trusted authority.

If the common name of the certificate does not match the hostname (server you are initiating the remote execution), you may need to use the SkipCACheck and SkipCNCheck options while remoting.

Enter-PSSession -ComputerName azurevm1.cloudapp.net -Credential (Get-Credential) -Port 5986 -UseSSL -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck)