PowerShell Remote from VSTS Pipeline

2
votes

I'd like to invoke PowerShell commands on my VM remotely. I added "Run PowerShell on Target Machines" task in my pipeline. I provided: IP, username and password of my remote VM. Here's the error that I'm getting:

Unable to create pssession. Error: 'Connecting to remote server failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.'

On my remote VM, I did:

Enable-PSRemoting
Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP-PUBLIC" -RemoteAddress Any

These commands were mentioned here: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_remote_troubleshooting?view=powershell-6

What else can I do?

1
azurepowershellazure-devopsazure-pipelines
Not only the firewall rule in the VM, but you should also add the rule in the NSG associated with the VM.Charles Xu
@CharlesXu Sorry, forgot to mention - I added "Allow" rule for both 5985 and 5986, so this shouldn't be the problem. IP that I use is of course public and accessible (I can RDP to that VM without issue)Loreno
Do you also enable the WinRM in the VM? And you add the NSG rule both in the subnet and nic for the VM? Can you remote connect through WinRM locally?Charles Xu
@CharlesXu WinRM is enabled already by Enable-PSRemoting. My subnet does not have any NSG assigned, I added my rules on my NIC's NSGLoreno
Do you follow the steps in PowerShell on Target Machines task?Charles Xu

1 Answers

2
votes

To run the PowerShell scripts on the Target Machine Task through WinRM, the Windows Machine, you need to configure the WinRM in the target machine first. There are two protocols for you: HTTP and HTTPS. The HTTPS is more safe and recommended. If you use the HTTPS, then you need to open port 5986 in the firewall and install a self-signed certificate. You can follow the steps in PowerShell on Target Machines task.

For your issue in the comment, you can find the description in Test Certificate and I think the reason is that you use a self-certificate which you create.