DefaultWinRMCertificateThumbprint field in Azure VM setting is empty - powershell

I'm using "http://gallery.technet.microsoft.com/scriptcenter/Configures-Secure-Remote-b137f2fe" for configuring secure remote powershell access to my Azure VM. It works good.
I deleted my machine with keeping attached disks. I've recreated this machine with previous identical parameters, but from "my disk" option.
And after that my secure remote powershell access stop working. Every time I tried to use "http://gallery.technet.microsoft.com/scriptcenter/Configures-Secure-Remote-b137f2fe" for downloading certificate i recieved the following error:
Get-AzureCertificate : Cannot validate argument on parameter 'Thumbprint'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
At C:\Users\username\Desktop\InstallWinRMCertAzureVM.ps1:54 char:83
+ ... me -Thumbprint $WinRMCert -ThumbprintAlgorithm sha1
+ ~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-AzureCertificate], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.WindowsAzure.Commands.ServiceManagement.Certi
ficates.GetAzureCertificate
Actually, the option
(Get-AzureVM -ServiceName $CloudServiceName -Name $Name | select -ExpandProperty vm).DefaultWinRMCertificateThumbprint
is empty.
But in original machine it was a valid thumbprint.
Can someone point me in the right direction, please?

Problem was fixed. Partially :)
So, I connected to my virtual machine via RDP and manually export certificate from LocalMachine store. After that, I've imported certificate to my local machine to the "Trusted Root Certification Authorities" (!) section in Local Machine store. DefaultWinRMCertificateThumbprint field in Azure VM setting is still empty, but now I can connect to machine via Powershell without any problems.

Related

Attempting to run Powershell on Remote Computer - Errors

I am wanting to access another windows device on my local network and run powershell commands. In my mind, it would be similar to SSH into a linux box. I would have an open window on my machine, but would be operating within the remote machine so that I can execute composer install or php artisan migrate type commands on the remote machine.
I have followed the instructions from:
https://www.howtogeek.com/117192/how-to-run-powershell-commands-on-remote-computers/
I am attempting to use
Enter-PSSession -ComputerName <RemoteComputerName> -Credential <RemoteUser>
When I run the command, I get a popup with the username populated and asking for a password. I have entered my MS password for the account. (I have changed the password from within Windows to ensure they are synced)
And I get the following error:
Enter-PSSession : Connecting to remote server <REMOTECOMPUTER> failed with the following error message : The WinRM client
cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not
joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts
configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not
be authenticated. You can get more information about that by running the following command: winrm help config. For
more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession -ComputerName <REMOTECOMPUTER> -Credential <USER>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (<REMOTECOMPUTER>:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
I can't seem to figure out how to do this. And, maybe more importantly, is there a better way/utility to accomplish my goal? The remote computer is hosting WAMP and I just want to be execute development commands remotely so I can move the RemoteComputer into the basement and not have to spin my chair around to type on it.
TIA

How to move .vhd between azure accounts?

Not that long ago I have started using Azure to host some Ubuntu VM's. I have begun with a personal account with a free trial to poke around with it. After a month, my trial had run out of credits. I had to setup another account registered for a company (rather than individual). Therefore, now, I have to move all VM's from the old account to the new one.
I had tried a couple of things, but apparently Azure portal does not support it. So, I have ended up spinning a new virtual machine with Windows and PowerShell with a hope that I can download VHD files from the old account and then create actual storage disks from them. However, I am stuck on Save-AzureRmVhd command as it is just resulting in:
Save-AzureRmVhd : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:1
+ Save-AzureRmVhd -Source $sourceVHD -LocalFilePath $destinationVHD
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Save-AzureRmVhd], ParameterBindingException
+ FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.Azure.Commands.Compute.StorageServices.SaveAzureVhdCommand
It's pretty much my first time using PowerShell, but I think I have used the command correctly, following this: https://msdn.microsoft.com/en-us/library/mt622705.aspx.
The exact command I'm using (with paths specified as variables):
Save-AzureRmVhd -Source $sourceVHD -LocalFilePath $destinationVHD
tl;dr How to move VM's storage disks between Azure accounts when the source has a disabled subscription (ended free trial)?
I managed to solve the problem myself.
First of all, a disk has to be detached from the VM to enable download option. Then there are two ways of doing this.
Use azure portal: go into the storage account > choose desired vhds from the list > choose desired blob from the list > click Download button
Use PowerShell: Save-AzureRmVhd -ResourceGroupName $resourceGroup -Source $sourceVHD -LocalFilePath $destinationVHD
Also from what I see It's impossible to download a blob from a read-only account (e.g. after free-trial expired). So it's essential to upgrade it to pay as you go for the time of download.
Thanks for help everyone!

Azure Powershell - get-AzureVM returning an accountName does not exist error?

I'm at a bit of a loss with where to start with this one.
I have one Azure account with 2 subscriptions (I'm not the full admin just a co-admin so can't edit them) and both are called Pay-As-You-Go with different IDs.
I can connect powershell to the account and log in, list the subscriptions, select the subscription that I want to use.
However when I issue the get-AzureVM command either in a script or from the
command line I get the error below:
Get-AzureVM : Account with name 'Pay-As-You-Go' does not exist.
Parameter name: accountName
At line:1 char:1
+ Get-AzureVM
+ ~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureVM], ArgumentException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.GetAzureVMCommand
I can enter a specific VM name and service name and get the same error back.
My confusion stems from the fact that I haven't specified that account name as far as I'm aware in the command.
I have been playing around on the machine quite a lot this morning with writing wrapper scripts to allow selection of different user name connections via a prompt and selection of the relevant subscription but nothing I'm aware would have affected this command.
I can still run the commands below and get the output I expect:
Get-AzureAccount
Get-AzureSubscription -current
So the session is working for sure.
The VM I am trying to query was created from a custom image this morning and I can RDP to it and it seems to be running normally
Any ideas would be great?
The best way to do that it is to Execute the command Clear-AzureProfile it will require you to login again the problem it is that you account has been logged out. The sam problem happens when you have 2 different subscription for 2 different accounts and you change from one to another after executing some commands on the first one. Using the clear command after the switch solves that.
Well, I'm not sure of the root cause of this one, restarting the machine, opening closing the IDE etc had no effect.
But I did find by running Remove-AzureAccount and then running Add-AzureAccount again that it resolved.
So I just removed my account from powershell and re-added it to solve...

Windows Azure Powershell command Get-AzureWebsite results in error String was not recognized as a valid Boolean

I'm trying to manage some of my Azure Services via Powershell, using http://windowsazurewebsitescheatsheet.info/#powershell as a starting point. I was able to download and import my subscription settings just fine (Import-AzurePublishSettingsFile and Select-AzureSubscription)
After choosing my subscription, I'm attempting to run the Get-AzureWebsite command to view all of my websites, and continue onward from there. When I run that command, however, I get the following:
Import-AzurePublishSettingsFile "C:\AzureCredentials.publishsettings"
Select-AzureSubscription "My Azure Subscription"
Get-AzureWebsite
Get-AzureWebsite : String was not recognized as a valid Boolean.
At line:1 char:1
+ Get-AzureWebsite
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureWebsite], FormatException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.Websites.GetAzureWebsiteCommand
Anyone have similar issues? I get this error if I run the command as stated above, or if I specify the name of my website. TIA for any help!
This might be related to a known issue enumerating a sites with SSL bindings
There was new release of Windows Azure Powershell released on 02/12. Please try with the new version.
Please run the command again with -Debug turned on, this will display request and response messages and make it easier to pinpoint the issue.

How to deploy to Azure with powershell?

I want to deploy my application to azure with powershell. So far I have created a certificate in the localmachine store, I'm not going to run the deploy script as me, uploaded the script to azure. The next step is to get access to the service on azure in powershell but there it fails. The script I have so far is:
$cert = Get-Item Cert:\LocalMachine\deploy\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Set-AzureSubscription -SubscriptionName $subscriptionName -SubscriptionId $subscriptionId -Certificate $cert
Select-AzureSubscription $subscriptionName
$service = Get-AzureService $azureId
It fails on the last row with the following message:
Get-AzureService : Communication could not be established. This could be due to an invalid subscription ID. Note that subscription IDs are case sensitive.
At F:\DeployTest\deploy.ps1:9 char:12
+ $service = Get-AzureService $azureId
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-AzureService], Exception
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Management.ServiceManagement.HostedServices.GetAzureServiceCommand
Get-AzureService : HTTP Status Code: AuthenticationFailed - HTTP Error Message: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
Operation ID:
At F:\DeployTest\deploy.ps1:9 char:12
+ $service = Get-AzureService $azureId
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureService], CommunicationException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Management.ServiceManagement.HostedServices.GetAzureServiceCommand
I really don't know what the problem is, the certificate I'm trying to use is uploaded so it feels like there is something fundamental I've missed.
Update: I did get it to work after downloading the .publishsettings-file and importing that instead of trying to use Set-AzureSubscription. I'm still a little bit confused though, shouldn't it be possible to use the method I tried above?
I finally found the problem, and of course it was a user problem. First when I was in the azure portal I didn't find where to upload the certificate, so I uploaded it to first place I found mentioning certificates. What I did found out was that this area was the wrong one, I uploaded the certificate to the certificate area under the cloud service I wanted to administrate, which is the wrong place.
The correct place to upload the certificate to is under settings in the admin portal of azure. So the code above works if the certificate is uploaded to the correct location.