使用PowerShell在Azure中

Question

我寫了一系列的自動化腳本，讓我們的開發者在Azure中站起來，一個簡單的開發環境，遠程調用命令。這個環境有3個主要屬性：

1. 有一個客戶端機器（Windows 10），其開發工具（如IDE和代碼）將存在。
2. 有一個服務器計算機（在Windows Server 2016）在那裏，他們的腳本將目標。
3. 這兩種機器都住在同一個域，1個域管理員的用戶已經可以使用。

我有步驟1和步驟2腳本，但3目前是一團糟。由於腳本的設計，從開發者的本地工作站的工作，我需要有遠程到Windows服務器的腳本並運行一些命令來設置的域控制器。

這是目前我的代碼：

Invoke-Command -ComputerName "$RGName-$VMPurpose" -ScriptBlock 
{ 
    $ADFeature = Install-WindowsFeature AD-Domain-Services 
    If ($ADFeature.Success -eq $true) 
    { 
     Import-Module ADDSDeployment 
     Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath 
"C:\Windows\NTDS" -DomainMode "Win2016R2" -DomainName "$project.com" - 
DomainNetbiosName "$project" -ForestMode "Win2016R2" -InstallDns:$true - 
LogPath "C:\Windows\NTDS" -NoRebootOnCompletion $false -sysvolpath 
"C:\Windows\SYSVOL" -force $true 
     $domUserPassword = ConvertTo-SecureString "Th1s is a bad password" - 
AsPlainText -Force 
     New-ADUser -Name "$VMPurpose-DomAdm" -AccountPassword 
$domUserPassword 
     Add-ADGroupMember -Name "Administrators" -Member {Get-ADUser 
"$VMPurpose-DomAdm"} 
    } 
} -Credential $Cred 

當我試圖運行此我得到顯示，WinRM的無法連接，特別是這種錯誤的錯誤：

[Foo] Connecting to remote server Foo failed with the following error 
message : WinRM cannot process the request. The following error with 
errorcode 0x80090311 
occurred while using Kerberos authentication: There are currently no logon 
servers available to service the logon request. 
Possible causes are: 
    -The user name or password specified are invalid. 
    -Kerberos is used when no authentication method and no user name are 
specified. 
    -Kerberos accepts domain user names, but not local user names. 
    -The Service Principal Name (SPN) for the remote computer name and port 
does not exist. 
    -The client and remote computers are in different domains and there is no 
trust between the two domains. 
After checking for the above issues, try the following: 
    -Check the Event Viewer for events related to authentication. 
    -Change the authentication method; add the destination computer to the 
WinRM TrustedHosts configuration setting or use HTTPS transport. 
Note that computers in the TrustedHosts list might not be authenticated. 
    -For more information about WinRM configuration, run the following 
command: winrm help config. For more information, see the 
about_Remote_Troubleshooting Help topic. 
    + CategoryInfo   : OpenError: (Foo:String) [], 
PSRemotingTransportException 
    + FullyQualifiedErrorId : AuthenticationFailed,PSSessionStateBroken 

我添加了目標機（富）到TrustedHosts配置WinRM的設置（其實我添加的IP地址，以確保有沒有發生任何DNS問題），然後我得到這個錯誤：

[Foo's IP] Connecting to remote server <Foo's IP> failed with the following 
error message : WinRM cannot complete the operation. Verify that the 
specified computer name is valid, that the 
computer is accessible over the network, and that a firewall exception for 
the WinRM service is enabled and allows access from this computer. By 
default, the WinRM firewall exception for public 
profiles limits access to remote computers within the same local subnet. For 
more information, see the about_Remote_Troubleshooting Help topic. 
    + CategoryInfo   : OpenError: (Foo's Ip[:String) [], 
PSRemotingTransportException 
    + FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken 

有什麼想法嗎？我是不是通過Powershell工作？

Answer 1

根據您的錯誤信息，我們可以利用這個PowerShell腳本調用命令天青：

$username = 'jason' 
$pass = ConvertTo-SecureString -string 'password' -AsPlainText -Force 
$cred = New-Object -typename System.Management.Automation.PSCredential -argumentlist $username, $pass 
$s = New-PSSession -ConnectionUri 'http://23.99.82.2:5985' -Credential $cred -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck) 
Invoke-Command -Session $s -ScriptBlock {Get-Process PowerShell} 

PowerShell的結果是這樣的：

更多信息有關調用命令，請請參閱answer。