We have a VM that has restrictive internet access to the datacenter we host all our Azure Resources on (Say West US for Example) which is trying to run a command (automation) using powershell
The IPs opened were from the Microsoft reference for our particular Datacenter http://www.microsoft.com/en-us/download/details.aspx?id=41653
Because of the restrictive access,I was able to install the Powershell commandlets 0.8.8 from Github https://github.com/Azure/azure-sdk-tools/releases
Whenever I try to run a specific PoSH command it fails
PS C:\Users\ncsa> Get-AzureSubscription | Select-AzureSubscription
Id : Masked
Name : RBXEnv
Environment : AzureCloud
Account : Masked
Properties : {}
PS C:\Users\nsalgar> Get-AzureSqlDatabaseServer
WARNING: Client Session Id: 'b75d4a4a-0964-40d0-b696-4c94992c22e6-2014-09-18 20:53:05Z'
WARNING: Client Request Id: '0305e7d5-7e50-4089-a2f2-3390130cf8b6-2014-09-18 21:01:42Z'
Get-AzureSqlDatabaseServer : **An error occurred while sending the request.**
At line:1 char:1
+ Get-AzureSqlDatabaseServer
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzureSqlDatabaseServer], HttpRequestException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.SqlDatabase.Server.Cmdlet.GetAzureSqlDatabaseServer
When I run the same from my desktop it works just fine coz there are no Internet restrictions
Can some one tell me IP Range / Ports the Windows Azure Powershell uses
You need to ensure that you have set the Azure SQL Database to allow connections from other Azure resources (it's an option on the firewall settings page for Azure SQL Database).
You might want to validate port 1433 is open outbound. My organization was blocking outbound 1433 since 2005 when the slammer worm was going around. There are a couple ways to test. The easiest is to telnet <dbservername> 1433 if you get a blank cmd window you are in. You can also download NMap to do a quick port scan.
Related
I want to run a deployment groups on my virtual machine.
I have run my registration script (PowerShell), but it shows the error:
Exception calling "DownloadFile" with "2" argument(s): "The remote name could not be resolved:
'vstsagentpackage.azureedge.net'"
At line:1 char:1303
+ ... nalString, $True);}; $WebClient.DownloadFile($Uri, $agentZip);Add-Typ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : WebException
I found in Microsoft document that I need to pass --proxyurl, --proxyusername and --proxypassword in the script.
./config.cmd --proxyurl http://127.0.0.1:8888 --proxyusername "myuser" --proxypassword "mypass"
But I don't know what value to fill in, especially the URL.
I tried to copy this script and put it in my registration script, but the same error still occurs.
Any help would be appreciated.
I think if you are using this on your office network or wherever the internet connection requires proxy, and that may have proxy settings, then you can get the proxy url from the Internet proxy settings. Creds has to be supplied if it uses a proxy username/pwd.
The below info may not be ideal for everyone, so don't blame me for this solution but this is what worked for me and for my need.
Note: THIS HAS TO HAVE ATTENTION AND UTMOST CARE IF YOU'RE RUNNING ON A SERVER
you may copy the ps scripts to a notepad,
do the steps manually on the designated server.
Download the agent zip file from web
extract it
copy the contents to the A# folder that you want to setup, mostly A1
run the config.cmd line from the ps script which would expect the appropriate creds that you need to make sure to supply as token
If you have appropriate permissions, it will go forward and install the agent on the respective server and prompt you for further steps like tags etc.
UPDATE:
I didn't have enough permissions to create the Deployment group but rather, just a deployment item (VM)
So I created the Deployment group manually from the deployment target. I had issues when creating it but going backwards by creating a group from the target was successful for me.
Is there a way to run a powershell script from the actual TFS server during a release? I am running the build agent in a docker container and it's not joined to the domain so wmi won't allow the windows agent in the docker container to stop the app pool on the webserver before copying over new artifact files, even though I specify credentials before connecting. If I could run the powershell script from the TFS 2017 server this problem would be solved.
The error I get is:
019-08-30T13:49:44.6542238Z ##[error][<server>.<domain>.com] Connecting to remote server <server>.<domain>.com failed with the following error message
: The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the
client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added
to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the
TrustedHosts list might not be authenticated. You can get more information about that by running the following
command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (<server>.<domain>.com:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : ServerNotTrusted,PSSessionStateBroken
I kept ignoring the docker windows servercore tfs agent container thinking it must have something to do with the server I'm trying to copy files to but it wasn't. For some reason all I had to do was add the following to my tfs agent:
winrm set winrm/config/client #{TrustedHosts="machineA,machineB"}
Now everything works. I removed all trustedhosts from wsam and it still works. I guess because I'm using credentials in my powershell scripts...not sure but I'm happy.
I am running a Minecraft server from my laptop since it has an i7 and more RAM than my desktop. I want to be able to see the server command line on my desktop and be able to enter commands while the server is actually running on my laptop. I was able to see the command line by setting up for remote access and running the command
Invoke-Command -ComputerName 10.0.0.53 -Credential Admin -ScriptBlock { & "RUNSERVER.bat"}
This made it so I am able to see what the server is outputting to the PowerShell window on my desktop and the server is running on the laptop like it should be, but I am still unable to enter any commands. I'm pretty inexperienced with PowerShell so I'm not too sure where to go from here. Anyone out there know how I can edit this so that I can input commands from the PowerShell window on my desktop?
[localhost] Connecting to remote server localhost failed with the following error message : WinRM cannot process the request. The following error with
errorcode 0x8009030d occurred while using Negotiate authentication: A specified logon session does not exist. It may already have been terminated.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting
Help topic.
+ CategoryInfo : OpenError: (localhost:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : 1312,PSSessionStateBroken
[localhost] Connecting to remote server localhost failed with the following error message : The WinRM client cannot process the request. CredSSP authentication
is currently disabled in the client configuration. Change the client configuration and try the request again. CredSSP authentication must also be enabled in
the server configuration. Also, Group Policy must be edited to allow credential delegation to the target computer. Use gpedit.msc and look at the following
policy: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Allow Delegating Fresh Credentials. Verify that it is
enabled and configured with an SPN appropriate for the target computer. For example, for a target computer name "myserver.domain.com", the SPN can be one of
the following: WSMAN/myserver.domain.com or WSMAN/*.domain.com For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (localhost:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : -2144108126,PSSessionStateBroken
2019-04-19 20:00:08,630 main WARN Unable to instantiate org.fusesource.jansi.WindowsAnsiOutputStream
2019-04-19 20:00:08,631 main WARN Unable to instantiate org.fusesource.jansi.WindowsAnsiOutputStream
Enter-PSSession -Computername "Laptop"
You are now in a remote powershell session on the machine you identified via the computer name parameter.
Some things to be aware of. If you're doing this in a workgroup and not a domain you're going to need to contend with passing credentials. You have to pass them as a credentials object in PS. So it looks a bit more like this:
$Creds = Get-Credential
enter-pssession -ComputerName 10.0.0.53 -Credential $Creds
for credentials enter a username and PW that exists on the remote machine.
The Firewall on the remote host also needs to be configured to allow inbound Windows Remote Management Framework traffic from your local host.
EDITED THE ORIGINAL ANSWER TO REFLECT MY LATEST ANSWER:
This is where Windows will fall short on these kind of things. Windows by default does not have Pseudoterminal (PTY) support.
Traditionally, in *NIX type systems, you can run ssh -t option to access screen mode (forces TTY).
You might have better luck using this powershell module and following their instructions here: https://github.com/PowerShell/Win32-OpenSSH/wiki/TTY-PTY-support-in-Windows-OpenSSH
I am writing a script in PowerShell that will automate some actions within an application which is running on my localhost port 81. I need to access this application's content via PowerShell so I can edit and save it.
I learnt a lot about PSSession, but the app I'm trying to reach is on my own machine, not remote. Is there a way to do this?
Edit:
The application I'm trying to reach is TeamCity. I set its port to 81 and to access the application I just need to type http://localhost:81 in my web browser to open TeamCity's UI.
I learnt the process of creating a new project and its builds through the application itself, but by doing so some files are created somewhere and that's what I'm trying to do programmatically:
nsn -ComputerName localhost -port 81 -Credential Get-Credential
I get this error :
nsn : [localhost] Connecting to remote server localhost failed with
the following error message: The WinRM client cannot process the
request. It cannot determine the content type of the HTTP response
from the destination computer. The content type is absent or invalid.
For more information, see the about_Remote_Troubleshooting Help
topic.At line:1 char: 1
+ nsn -ComputerName localhost -Port 81 -Credential Get-Credential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession],
PSRemotingTransportE xception
+ FullyQualifiedErrorId : -2144108297,PSSessionOpenFailed
I also tried in vain set-location http://localhost:81 but got the error saying the path is not a drive (knew it already).
even though the context of what you're trying to do is lacking, you should be able to just use "http://localhost:81" as your url vs an actual web address. PSSession's wouldn't apply here, since you're (likely) not remoting (completely unable to tell though due to lack of details)
edit: thanks for updating your answer. I haven't used TeamCity before, but I'm pretty familiar with Git and TFS, and neither of those would have you connect over WinRM. Also, you wouldn't be able to connect over WinRM to your localhost, as that negates the purpose of Windows Remote Management. If you know what commands you are trying to run after entering the New-PSSession (nsn), just run those and skip starting the PSSession.
I am pretty sure the only commands you'd need to do with TeamCity are git or git-like, which would be outside of Powershell. Otherwise, you'd be going through some sort of API call over http/https and not through WinRM. If you're trying to manage the server that TeamCity is on, that's a different story that brings me back to my point about not needing WinRM because you don't need to remotely manage a server that you're already on, you just manage it directly.
I am trying to take backup of my server from client machine using powershell.
i am trying to execute a batch file which is on my server, but i am not able to make connection with my server. I searched a lot and tried
Test-WSMan : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or i
f the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be a
dded to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the Tru
stedHosts list might not be authenticated. You can get more information about that by running the following command: wi
nrm help config.
At line:1 char:11
+ Test-WsMan <<<< 182.50.121.100 -credential $cred -authentication default
+ CategoryInfo : InvalidOperation: (182.50.121.100:String) [Test-WSMan], InvalidOperationException
+ FullyQualifiedErrorId : WsManError,Microsoft.WSMan.Management.TestWSManCommand
can any one tell me how can i execute the bat file step by step
Have you added your host name or IP in "GPEDIT" i.e.Group Policy and enabled to use fresh credentials?
Please follow the step if you might have missed something.
(http://www.ifunky.net/Blog/post/How-To-Enable-PowerShell-Remoting-(WinRM).aspx ,
http://blog.crayon.no/blogs/janegil/archive/2010/03/04/enable_2D00_and_2D00_configure_2D00_windows_2D00_powershell_2D00_remoting_2D00_using_2D00_group_2D00_policy.aspx)
They have enough information to get started. Sometimes if everything is enabled its a best idea to restart remote management services.