Recently the folks over on the Azure team released a bunch of improvements to Azure. One of them caught my eye. They’ve provided us a way to enable PowerShell remoting when provisioning a machine. As someone who tries to automate all things I was extremely happy to see this. Gone are the days or creating images with startup scripts set, but there is a problem…
After you provision a machine with the above check box checked. You’ll probably try something like this…
And then you’ll see the following exception:
Enter-PSSession : Connecting to remote server psremoter.cloudapp.net failed with the following error message : The server certificate on the destination computer
(psremoter.cloudapp.net:5074) has the following errors:
The SSL certificate is signed by an unknown certificate authority. For more information, see the about_Remote_Troubleshooting Help topic.
At line:11 char:1
+ Enter-PSSession -ComputerName psremoter.cloudapp.net -Port 5074 -Credential $cre …
+ CategoryInfo : InvalidArgument: (psremoter.cloudapp.net:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
Let’s take a step back and look at what I’m talking about. When you enable this feature, PSRemoting is configured for SSL and uses a self signed certificate. This certificate needs to be added to your root certificate store so that you can access the machine. Let’s do this…
This script creates a ServicePoint to get the certificate. Then adds it to your trusted store. Now your free to “Enter-PSSesion” or “Invoke-Command” all you’d like!
A lot of the demos, lab environments, and test I do are in Azure. I try to script everything so that it’s repeatable and I don’t turn into a monkey clicking next. What fun is that? With that said I’ve put together how I setup my environment for communicating with Azure via PowerShell.
First things first you’ll need Microsoft Web Platform Installer. Once this is installed go ahead and open it. You should see a screen that looks like this:
Click add next to Windows Azure PowerShell and click install.
You should see the Prerequisites screen, click I Accept.
This should start the install. Once it’s complete the module for Azure PowerShell should be installed. It also installed some of the Azure SDK libraries, but this is only part of the story. Now that we have the Azure module installed we need to configure it to talk with our Azure Subscription (by the way you should have one for this to work!). Here again this is something I do a little too often, so I keep a script around that handles everything.
Let me explain what’s going on here. First we import the module you just installed. This will need to be done each time you open PowerShell unless you use the Azure PowerShell shell. [*Hint: Put it in your profile.] Next we have a couple of options. If you don’t have a certifiate you’ll need to create one. This is where the “makecert” command comes in. Once you’ve created it you’ll need to add this to you subscription. You can do this by uploading the CER file by browsing to “Settings” in the management portal. If you already have a cert you can just import it into your certificate store using the “import-pfxcertificate” cmdlet. Once the certificate is in your store you need to save it to a variable for use later. Go to the Azure portal and get your Subscription ID. Set “MySubId” to that value. The subscription name can be anything really. Your storage account name is also in the Azure portal. Go to storage an you will see one or more accounts depending on how you’re setup. Grab the name of the one you want and use it as the value of “myStorageSubscription” variable. The last two commands are where the magic happens… “Set-AzureSubscription” creates the subscription on your machine. The “Select-AzureSubscription” makes it active. You can have multiple subscriptions!
Now just run “get-azurevm” and you should see a list of VMs you have running.
Recently a customer reached out to me with a challenge. They’d just purchased a number of Surface Pro devices. Being good stewards they wanted to ensure these devices had BitLocker enabled. We solved this by using a simple PowerShell script that gathered the information then emails a log.
This journey started when I was building a test lab on Windows Azure. The goal was to run two SharePoint instances, one SharePoint 2010 farm and one SharePoint 2013 farm. In keeping with automating this network setup and build… I wanted a good way to lookup my VM’s VIP assigned by Azure and update an A record on DNSimple. It turns out a simple DNS Alias record is really what I needed, but never the less I’ve had a bit of fun and learned a few things along the way.
I’ll come back to working with Azure in a later post, for now let’s focus on DNSimple…
DNSimple.com offers a great service! I first heard about them from Scott Hanselman. I’ve not been disappointed. Not only do they have a robust API, but also 1 click DNS configuration for many popular services (I won’t hold it against them if they don’t have a Office365 configuration yet).
My scripting language of choice is PowerShell. Naturally I turned there first to start automating. Out of this came PowerDNSimple. Drop it in your modules folder and you get a few new functions:
- Get-SMPLDomains – Get a list of domains hosted at DNSimple.
- Get-SMPLDomainRecords – Get a list of records for a given domain.
- Add-SMPLDomainRecord – Create a new record.
- Update-SMPLDomainRecord – Update an existing record.
- Remove-SMPLDomainRecord – Delete an existing record.
Here is a sample script…
A few months back I wrote a “module” for scripting the Kinect with PowerShell. It’s located at: https://github.com/adminian/PowerKinect. Recently a new Kinect SDK was released. I’m going to be testing out the new SDK to make sure everything works as expected.
More info about the new SDK: http://blogs.msdn.com/b/kinectforwindows/archive/2013/03/18/the-latest-kinect-for-windows-sdk-is-here.aspx.
Currently there are only two gestures: right hand swipe and left hand swipe. There is also a function that starts PowerPoint and allows you to control your presentation.
Gary Siepser, a fellow PFE and PowerShell Guru, jumped in and started helping out. He’s written the Audio control functions for the module. We’ll be integrating them into the repo soon! I’ll be posting more about Scripting the Kinect, but for now go clone the repo and give it a try!
I was working with one of my customers today. They asked a question… Can we use Add-Type against DLLs in the GAC? This is what I added to my profile.
USAGE: Add-FromGAC -AssemblyName Microsoft.SqlServer.Smo.dll