Azure Automation Question...

Is it possible to make a runbook to make a directory? or return get-process?

I’ve been messing with Azure Automation, DSC seems to be nicely integrated with a GUI, and runbooks seem great for gathering info on my VMs, or spinning them up and down, but can you use it the same way you would use it sitting on a computer on your network to return processes, or create a folder, or to look at the registry?

Hi Steven,

If you’re wanting Azure Automation to actually run things locally on your environment, you need to configure a hybrid worker, to which it can pass the script to be executed locally.

Alternatively, if you’ve vms in azure, you can do the same. You’ll need to do the commands in your scripts to connect to your subscription first, but once you have done that, and validated, you can use pretty much what you want.

Thanks Tim, they’re in azure…

Do you just open a PSSession remotely on the machine?

Obviously, with my local environment I can just do

Get-WMIObject -ComputerName PC1.domain.local -class Win32_operatingsystem

I tried something similar using -PSComputerName, however it threw an error, the normal ComputerName parameter wasn’t available for me to use judging from intellisense…

You’ll need to setup your certs configuration to authorise connection from Azure Automation to the virtual machine (it uses HTTPS). Maybe take a look at
Alexandre Brisebois’ article, which will point you in the right direction:

https://alexandrebrisebois.wordpress.com/2015/08/14/azure-automation-remote-powershell-and-a-virtual-machine/

cheers,

tim

Thanks Tim,

Now I gave this a go, and ran into a few errors - I don’t know if you’ve faced this.

I ensured that I ran Enable-PSSRemoting on the VM and got this error:

ERROR: [[MY SERVICE NAME].cloudapp.net] Connecting to remote server .cloudapp.net failed with the following error 
message : The server certificate on the destination computer ([MY SERVICE NAME].cloudapp.net:[PUBLIC VM PORT FOR POWERSHELL]) has the following 
errors:    
The SSL certificate is signed by an unknown certificate authority.  
The SSL certificate contains a common name (CN) that does not match the hostname. For more information, see the 
about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: ([MY SERVICE NAME].cloudapp.net:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : 12175,PSSessionStateBroken

I then did some reading and tried to avoid the SSL checks to see what happened, so I amended the workflow slightly to use PSSSessionOptions:

    InlineScript {         
        Invoke-command -ConnectionUri $Using:uri -credential $Using:admin -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck) -ScriptBlock { 
            
            # This script executes on the remote VM
            New-Item c:\new-file.txt -type file
         
        } 
    } 

I then received this error:

ERROR: [[MY SERVICE NAME].cloudapp.net] Connecting to remote server [MY SERVICE NAME].cloudapp.net failed with the following error 
message : WS-Management cannot process the request. The operation failed because of an HTTP error. The HTTP error 
(12175) is: A security error occurred . For more information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: ([MY SERVICE NAME].cloudapp.net:String) [], PSRemotingTransportException
    + FullyQualifiedErrorId : 12175,PSSessionStateBroken

Cert headache urgh.