本地 PC 无法连接到刚创建的新 Azure VM。错误-....无法解析服务器名称

tag-icon tag-icon powershell azure remote-access
本地 PC 无法连接到刚创建的新 Azure VM。错误-....无法解析服务器名称

标准免责声明,对于 powershell 和 Azure 远程计算机来说非常新。这是我的 powershell 脚本。它执行此命令失败:

$setupSession = New-PSSession -计算机名称 $pip -端口 5986 -凭据 $serviceCreds -UseSSL

这是我的脚本。

# Variables for common values
$resourceGroup = "rgTest"
$location = "East US"
$vmName = "vmTest"
$SubscriptionName = "subscription test"
$StorageAccountName = "sanTest"
$NetworkSecurityGroupName  = "nsgTest"
$myNic = 'nicTest'
$MYvNET = 'vnetTest'
$myNetworkSecurityGroupRuleHTTP = 'nsgruleHTTPTest'
$myNetworkSecurityGroupRuleRDP = 'nsgruleRDPTest'
$myNetworkSecurityGroupRuleWWW = 'nsgruleWWWTest'
$myNetworkSecurityGroupRulePS = 'nsgrulePSTest'
$myNetworkSecurityGroup = 'nsgTest'
$rcgTest = 'rcgTest'

$secpasswd = ConvertTo-SecureString "password1" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("[email protected]", $secpasswd)

Add-AzureRmAccount -Credential $cred
Login-AzureRmAccount -Credential $cred

Select-AzureRmSubscription -SubscriptionName $SubscriptionName
Get-AzureRmResourceGroup -Name $resourceGroup -ev notPresent -ea 0
if ($notPresent)
{
    New-AzureRmResourceGroup -Name $resourceGroup -Location $location
}

$subnetConfig = New-AzureRmVirtualNetworkSubnetConfig `
   -Name mySubnet `
   -AddressPrefix 192.168.1.0/24

New-AzureRmStorageAccount `
  -Location $Location `
  -ResourceGroupName $ResourceGroup `
  –StorageAccountName $StorageAccountName `
  -SkuName Standard_GRS `
  -SubscriptionName $SubscriptionName

$vnet = New-AzureRmVirtualNetwork `
  -ResourceGroupName $resourceGroup `
  -Location $location `
  -Name $MYvNET `
  -AddressPrefix 192.168.0.0/16 `
  -Subnet $subnetConfig

$pip = New-AzureRmPublicIpAddress ` 
   -ResourceGroupName $resourceGroup `
   -Location $location `
   -Name "mypublicdns$(Get-Random)" `
   -AllocationMethod Static `
   -IdleTimeoutInMinutes 4

$nsgRuleHTTP = New-AzureRmNetworkSecurityRuleConfig `
  -Name $myNetworkSecurityGroupRuleHTTP  `
  -Protocol Tcp `
  -Direction Inbound `
  -Priority 1000 `
  -SourceAddressPrefix * `
  -SourcePortRange * `
  -DestinationAddressPrefix * `
  -DestinationPortRange 80 `
  -Access Allow

$nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig `
   -Name $myNetworkSecurityGroupRuleRDP  `
   -Protocol Tcp `
   -Direction Inbound `
   -Priority 1100 `
   -SourceAddressPrefix * `
   -SourcePortRange * `
   -DestinationAddressPrefix * `
   -DestinationPortRange 3389 `
   -Access Allow

$nsgRulePS = New-AzureRmNetworkSecurityRuleConfig `
  -Name $myNetworkSecurityGroupRulePS  `
  -Protocol Tcp `
  -Direction Inbound `
  -Priority 1200 -SourceAddressPrefix * `
  -SourcePortRange * `
  -DestinationAddressPrefix * `
  -DestinationPortRange 5986 `
  -Access Allow

$nsg = New-AzureRmNetworkSecurityGroup `
  -ResourceGroupName $resourceGroup `
  -Location $location `
  -Name $myNetworkSecurityGroup `
  -SecurityRules $nsgRuleHTTP,$nsgRuleRDP

$nic = New-AzureRmNetworkInterface `
  -Name $myNic `
  -ResourceGroupName 

$resourceGroup 
   -Location $location `
   -SubnetId $vnet.Subnets[0].Id `
   -PublicIpAddressId $pip.Id `
   -NetworkSecurityGroupId $nsg.Id

$VMLocalAdminUser = "LocalAdminUser"
$VMLocalAdminSecurePassword = ConvertTo-SecureString "password1!" `
   -AsPlainText 
   -Force 

$Credential = New-Object System.Management.Automation.PSCredential ($VMLocalAdminUser, $VMLocalAdminSecurePassword); 

$vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize Standard_DS1_v2 | ` 
   Set-AzureRmVMOperatingSystem -Windows -ComputerName $vmName -Credential $Credential | `
   Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2016-Datacenter -Version latest | `
   Add-AzureRmVMNetworkInterface -Id $nic.Id 

New-AzureRmVM `
     -ResourceGroupName $resourceGroup `
     -Location $location `
     -VM $vmConfig

Get-AzureRmPublicIpAddress `
  -ResourceGroupName $resourceGroup | Select IpAddress

$PublicSettings = '{"commandToExecute":"powershell Add-WindowsFeature Web-Server"}'

Set-Item WSMan:\localhost\Client\TrustedHosts `
    -Value * #$pip.ToString() 

Enable-PSRemoting –Force

$serviceCreds = New-Object `
    -TypeName System.Management.Automation.PSCredential `
    -ArgumentList $VMLocalAdminUser, $VMLocalAdminSecurePassword

$setupSession = New-PSSession `
    -ComputerName $pip `
    -Port 5986 `
    -Credential $serviceCreds `
    -UseSSL

Remove-PSSession $setupSession

答案1

据我所知,您从未将 NSG 与子网关联。您需要运行类似下面的命令

$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName TestRG -Name TestVNet
Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name FrontEnd `
-AddressPrefix 192.168.1.0/24 -NetworkSecurityGroup $nsg

另外,如果您想看一下 ARM 模板,它们会使这一切变得更加简单。

答案2

我在我的实验室中测试过,在你的脚本中,有一些错误。你没有$nsgRulePS向你的 NSG 添加规则。你需要修改你的脚本,如下所示:

$nsg = New-AzureRmNetworkSecurityGroup `
  -ResourceGroupName $resourceGroup `
  -Location $location `
  -Name $myNetworkSecurityGroup `
  -SecurityRules $nsgRuleHTTP,$nsgRuleRDP,$nsgRulePS

我按如下方式修改您的脚本,它对我有用。

# Variables for common values
$resourceGroup = "rgTest"
$location = "East US"
$vmName = "vmTest"
$SubscriptionName = "subscription test"
##storage account name is wrong  New-AzureRmStorageAccount : sanTest is not a valid storage account name. Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only.
#$StorageAccountName = "sanTest"
$StorageAccountName = "shuitest12"
$NetworkSecurityGroupName  = "nsgTest"
$myNic = 'nicTest'
$MYvNET = 'vnetTest'
$myNetworkSecurityGroupRuleHTTP = 'nsgruleHTTPTest'
$myNetworkSecurityGroupRuleRDP = 'nsgruleRDPTest'
$myNetworkSecurityGroupRuleWWW = 'nsgruleWWWTest'
$myNetworkSecurityGroupRulePS = 'nsgrulePSTest'
$myNetworkSecurityGroup = 'nsgTest'
$rcgTest = 'rcgTest'

$secpasswd = ConvertTo-SecureString "password1" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("[email protected]", $secpasswd)

Add-AzureRmAccount -Credential $cred
Login-AzureRmAccount -Credential $cred

Select-AzureRmSubscription -SubscriptionName $SubscriptionName
Get-AzureRmResourceGroup -Name $resourceGroup -ev notPresent -ea 0
if ($notPresent)
{
    New-AzureRmResourceGroup -Name $resourceGroup -Location $location
}

$subnetConfig = New-AzureRmVirtualNetworkSubnetConfig `
   -Name mySubnet `
   -AddressPrefix 192.168.1.0/24

New-AzureRmStorageAccount `
  -Location $Location `
  -ResourceGroupName $ResourceGroup `
  –StorageAccountName $StorageAccountName `
  -SkuName Standard_GRS 

$vnet = New-AzureRmVirtualNetwork `
  -ResourceGroupName $resourceGroup `
  -Location $location `
  -Name $MYvNET `
  -AddressPrefix 192.168.0.0/16 `
  -Subnet $subnetConfig

$pip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroup `
   -Location $location `
   -Name "mypublicdns$(Get-Random)" `
   -AllocationMethod Static `
   -IdleTimeoutInMinutes 4

$nsgRuleHTTP = New-AzureRmNetworkSecurityRuleConfig `
  -Name $myNetworkSecurityGroupRuleHTTP  `
  -Protocol Tcp `
  -Direction Inbound `
  -Priority 1000 `
  -SourceAddressPrefix * `
  -SourcePortRange * `
  -DestinationAddressPrefix * `
  -DestinationPortRange 80 `
  -Access Allow

$nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig `
   -Name $myNetworkSecurityGroupRuleRDP  `
   -Protocol Tcp `
   -Direction Inbound `
   -Priority 1100 `
   -SourceAddressPrefix * `
   -SourcePortRange * `
   -DestinationAddressPrefix * `
   -DestinationPortRange 3389 `
   -Access Allow

$nsgRulePS = New-AzureRmNetworkSecurityRuleConfig `
  -Name $myNetworkSecurityGroupRulePS  `
  -Protocol Tcp `
  -Direction Inbound `
  -Priority 1200 -SourceAddressPrefix * `
  -SourcePortRange * `
  -DestinationAddressPrefix * `
  -DestinationPortRange 5986 `
  -Access Allow

$nsg = New-AzureRmNetworkSecurityGroup `
  -ResourceGroupName $resourceGroup `
  -Location $location `
  -Name $myNetworkSecurityGroup `
  -SecurityRules $nsgRuleHTTP,$nsgRuleRDP,$nsgRulePS

$nic = New-AzureRmNetworkInterface `
  -Name $myNic `
  -ResourceGroupName $resourceGroup `
   -Location $location `
   -SubnetId $vnet.Subnets[0].Id `
   -PublicIpAddressId $pip.Id `
   -NetworkSecurityGroupId $nsg.Id

##use name could not admin
$VMLocalAdminUser = "<your user name>"
$VMLocalAdminSecurePassword = ConvertTo-SecureString "<your password>" `
   -AsPlainText `
   -Force 

$Credential = New-Object System.Management.Automation.PSCredential ($VMLocalAdminUser, $VMLocalAdminSecurePassword); 

$vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize Standard_DS1_v2 | Set-AzureRmVMOperatingSystem -Windows -ComputerName $vmName -Credential $Credential | `
   Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2016-Datacenter -Version latest | `
   Add-AzureRmVMNetworkInterface -Id $nic.Id 

New-AzureRmVM `
     -ResourceGroupName $resourceGroup `
     -Location $location `
     -VM $vmConfig

Get-AzureRmPublicIpAddress `
  -ResourceGroupName $resourceGroup | Select IpAddress

但是虚拟机创建成功后,你还不能winrm直接连接服务器,需要进行如下操作:

1.在 Windows VM 上打开端口 5986,您需要 RDP 连接到 VM 并进行设置。Azure PowerShell 无法执行此操作。

2.配置 winrm 监听 5986,默认情况下它监听 5985。您还需要在虚拟机上添加证书。请参考此关联

更新:

如果您想使用 WinRM-HTTP 而不是 HTTPs,则不需要在虚拟机上配置证书,只需要在 Windows 防火墙上打开端口 5985。

注意:您应该在 Azure NSG 上打开端口 5985。

你可以这样做自定义脚本扩展,它在创建虚拟机时执行。只需将您的脚本作为 ps 文件即可。

New-NetFirewallRule -DisplayName "WinRM-HTTP- Allow Port 5985" -Direction Inbound -LocalPort 5985 -Protocol TCP -Action Allow

您可以将脚本上传到 Azure 存储帐户或 github。

有关它的更多信息,请参阅关联

相关内容