Create a public accessable Azure Windows Server VM. In this example I am using Windows Server 2016.
Make sure that the VM:
- has a public IP Address.
- has a valid DNS name ( e.g. xxx.eastus.cloudapp.azure.com)
Configure the Network Security Group to accept HTTPS request from port 443
Make sure your Windows Server firewall does not block inbound request from 443. The default Azure Windows Server 2016 should have this port opened.
Configure the Windwos Server WinRM (PowerShell remote service)
Open a PowerShell console and execute the following commands:
- Enable WinRM remote
enable-psremoting -force
- Set Trusted Hosts. If you do not know your local PC public IP range, you may have to use "*" to allow all ips.
Allow a IP range:
set-item wsman:\localhost\Client\TrustedHosts -value <Your
Local Computer Public IP Address range>
Allow all IPs:
set-item wsman:\localhost\Client\TrustedHosts -value *
- Enable HTTPS via 443 port. (As default the WinRM uses 5986 port for HTTPS requests)
Set-Item
WSMan:\localhost\Service\EnableCompatibilityHttpsListener -Value true
- Restart WinRM
restart-service WinRM
- Create a new self signed certifcate based on your virtual machine DNS name
PS C:\Users\Test > new-selfsignedcertificate -DnsName
<Your VM Name>.eastus.cloudapp.azure.com -CertStoreLocation Cert:\LocalMachine\My
- Configure WinRM to use self signed certificate for HTTPS connection
PS C:\Users\Test> winrm create
winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="<VMName>.eastus.cloudapp.azure.com";CertificateThumbprint="876D6XXXXXXXXX12EXXXXXXXXXXXXXX"}'
-
This complete the Server side configuration.
enable-psremoting -force
Allow a IP range:
set-item wsman:\localhost\Client\TrustedHosts -value <Your Local Computer Public IP Address range>
Allow all IPs:
set-item wsman:\localhost\Client\TrustedHosts -value *
Set-Item
WSMan:\localhost\Service\EnableCompatibilityHttpsListener -Value true
restart-service WinRM
PS C:\Users\Test > new-selfsignedcertificate -DnsName
<Your VM Name>.eastus.cloudapp.azure.com -CertStoreLocation Cert:\LocalMachine\My
PS C:\Users\Test> winrm create
winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="<VMName>.eastus.cloudapp.azure.com";CertificateThumbprint="876D6XXXXXXXXX12EXXXXXXXXXXXXXX"}'
This complete the Server side configuration.
Connect your Azure VM via local PC
Open a powershell command line and execute the following scripts:
$so = New-PSSessionOption -SkipCACheck -SkipCNCheck
Enter-PSSession -ComputerName <Azure VM Public IP
Address> -port 443 -Credential <UserName> -UseSSL -SessionOption $so
No comments:
Post a Comment