New-PSSession in an Azure-runbook (ARM)

For an Azure VM in the classic portal (ASM) I was able to obtain

<ol> <li>the required credentials with Get-AutomationPSCredential and</li> <li>the -ConnectionURI with Connect-AzureVM.ps1.</li> </ol>

With these two parameters I was able to successfully execute a New-PSSession in an Azure-runbook.

<strong>Q</strong> What am I supposed to do to open a PS-Session in an Azure-runbook to an Azure-VM (ARM)?


command in runbook (ARM)

$vmSession = New-PSSession -ConnectionUri 'https://xxx.yyy.cloudapp.azure.com:5985' -Credential $creds -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)


New-PSSession : [xxx.yyy.cloudapp.azure.com] Connecting to remote server xxx.yyy.cloudapp.azure.com failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.


According to your error, it seems that the port 5985 is blocked by some firewalls. You could use telnet to test connectivity.

telnet xxx.yyy.cloudapp.azure.com 5985

If it fails, you should check additionally:

<ol> <li>

Open port 5985 on Windows Firewall(Inbound rules).

</li> <li>

Open port 5985 on Azure NSG(Inbound rules). Pay attention to NSG could be associated to NIC or subnet, you had better check them all.

</li> </ol>

<img src=https://www.e-learn.cn/content/wangluowenzhang/"https://i.stack.imgur.com/3AqBZ.gif" alt="enter image description here">

<ol start="3"> <li>

On your server VM, execute cmdlet.

winrm quickconfig

</li> </ol>

Ensure you can access port 5985, then test on your local PC, and then test on an Azure Runbook.

I use the following cmdlets, it works for me.

New-PSSession -ConnectionUri 'http://IP:5985' -Credential $creds -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)

Notes: If you don't configure a certificate on your server, you can not use https and you should use http instead.

PS C:\Users\v-shshui> New-PSSession -ConnectionUri 'http://*.*.*.*:5985' -Credential $creds -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck) Id Name ComputerName ComputerType State ConfigurationName Availability -- ---- ------------ ------------ ----- ----------------- ------------ 7 Session7 *.*.*.* RemoteMachine Opened Microsoft.PowerShell Available

Also, if you want to use https, you need to configure a certificate as in shown in this link.


If you want to winrm to your VM in an Azure Runbook, you should use https. It means that you should open port 5986 (by default) on Azure NSG and Windows Firewall. Also, you need add a new certificate on the Azure VM.


  • iOS: how to respond to up/down/left/right arrow event from physical keyboard?
  • Configuring connection support for spring social in XML
  • Wget compressed tip from Bitbucket (mercurial)
  • How to implement TCP connection pooling in java?
  • commons-net FTPSClient error in Java code
  • getInputStream blocks?
  • HBase: /hbase/meta-region-server node does not exist
  • How to update bower.json with installed packages from bower_components
  • Starting application pool concurrently causes error related to maximum number of concurrent shells
  • horizontal-vertical only lines
  • Appium (v1.4.16.1), Switch to WebView fails when i try a second time
  • Docker nginx reverse proxy gives “502 Bad Gateway”
  • Connection made to Google Cloud SQL drops intermittently
  • Installing Informix Client SDK on Raspberry pi
  • Specify source IP address for TCP socket when using Linux network device aliases
  • SQL Server Integrated Security from an Azure Web Site
  • detecting connection lost in spark streaming
  • New-PSSession in an Azure-runbook (ARM)
  • Gerrit will not push. Error: No common ancestry
  • qt how to know that a pushbutton is clicked?
  • Showing spinner for Rails 3 UJS gets Type error
  • Can my app be notified when another application starts/stops playing audio?
  • Does Mobilefirst provide a provision to access web services directly?
  • Retrieve list of sent friend requests from friend_request FQL table
  • NHibernate Validation Localization with S#arp Architecture
  • SignalR .NET Client Invoke throws an exception
  • How can I send an e-mail from a vbs script
  • Is there any way to access browser form field suggestions from JavaScript?
  • Azure Cloud Service Web Role web pages do not load
  • Accessing IRQ description array within a module and displaying action names
  • Resize panoramic image to fixed size
  • Volusion's generic SQL folder, functionality
  • Is there a mandatory requirement to switch app.yaml?
  • Hits per day in Google Big Query
  • How do you join a server to an Active Directory (domain)?
  • coudnt use logback because of log4j
  • FormattedException instead of throw new Exception(string.Format(…)) in .NET
  • Getting Messege Twice Using IMvxMessenger
  • Linking SubReports Without LinkChild/LinkMaster
  • XCode 8, some methods disappeared ? ex: layoutAttributesClass() -> AnyClass