Skip to content

A Step by Step Guide to Connecting to an Azure Virtual Machine with PowerShell Remoting

Howard van Rooijen By Howard van Rooijen Co-Founder
A Step by Step Guide to Connecting to an Azure Virtual Machine with PowerShell Remoting

Any person tasked with looking after a number of Windows Servers knows that Remote Desktop will only scale so far and that at some point you will need to turn to scripting to manage a server estate of any reasonable size. Two years ago I blogged "An Omega Geek's Guide to Learning PowerShell", so it should be pretty obvious what my weapon of choice is.

Theoretically, connecting to an Azure Virtual Machine via PowerShell Remoting should be relatively straight forward, as Windows Server 2012 R2 enables PowerShell Remoting by default and Azure exposes a remoting endpoint by default.  I wanted to script some changes to a TeamCity based Continuous Integration Environment (see my whitepaper for JetBrains "From Chaos, through Fear, to Confidence" for more information), and found that in practice it was actually a tad more involved.

Azure Weekly is a summary of the week's top Microsoft Azure news from AI to Availability Zones. Keep on top of all the latest Azure developments!

Firstly, you need to know where your public PowerShell Remoting endpoint is. To find this, log in to the Azure Management Portal, select your Virtual Machine and click the "Endpoints" tab:

Armed with this information the following command should work (you will be prompted to enter your password via a standard Windows Authentication dialog):

Enter-PSSession -ComputerName <machinename>.cloudapp.net -Port <remoting-endpoint> -Credential <username> -UseSSL

But instead received the following error message:

The server certificate on the destination computer (<machinename>.cloudapp.net:<remoting-endpoint>) has the following errors: The SSL certificate is signed by an unknown certificate authority.

00-connection-error

This is actually quite a self-explanatory error message for a change. When the WSMAN:// endpoint is created, a self-signed SSL certificate is generated (I'm not sure why the Azure team doesn't just have a wildcard *.cloudapp.net SSL certificate). You can test this by navigating to the HTTPS PowerShell Remoting Endpoint in Chrome, which gives you the following warning message:

02-navigate-to-remoting-endpoint-in-chrome

To view the certificate details, right click on the padlock icon in the address bar and click the "Certificate information" link:

03-view-certificate

and you'll be shown a dialog containing the certificate information:

04-view-certificate-details

Click the "details" tab and then click the "Copy to File…" button:

05-copy-to-file

This invokes the Certificate Export Wizard. Click "Next":

06-welcome-to-certificate-export-wizard

The default DER format should be sufficient, so click "Next":

07-export-file-format

Next, chose a location and file name to save the certificate to, and click "Next":

07a-export-file-format

Click "Finish" on the confirmation screen:

08-completing-the-certificate-export-wizard

Navigate to where you saved the certificate file, right click and select the "Install Certificate" option from the context menu:

09-install-certificate

This should invoke the Certificate Import Wizard. Choose "Current User" store location option:

06-0-welcome-to-certificate-export-wizard

Select the "Place all certificates in the following store" option:

10-certificate-import-wizard

Choose the "Trusted Root Certification Authorities" folder from the dialog:

11-select-trusted-root-certification-authorities

Click "Next":

12-confirm-certificate-store

Next you'll be shown a security confirmation dialog, click the "Yes" button:

13-security-warning

If the import was successful, you should see the following dialog:

14-import-sucessful

Now with the certificate installed locally, you can try to create a new PowerShell Remoting session:

15-enter-pssession

and you should successfully connect:

16-connected

Work Smarter, Not Harder.

@HowardvRooijen | @endjin

Also worth reading:

Gotchas when installing an Elasticsearch cluster on Microsoft Azure

Gotchas when installing an Elasticsearch cluster on Microsoft Azure

Richard Kerslake

We've built a number of Elasticsearch clusters on Microsoft Azure. This blog post contains some of our top tips and gotchas.
Using Azure Automation to run VMs during office hours only

Using Azure Automation to run VMs during office hours only

Richard Kerslake

Discover cloud computing's pay-as-you-use model and how turning off VMs outside office hours can save costs.
Generating and using a certificate to authorise Azure Automation

Generating and using a certificate to authorise Azure Automation

Alice Waddicor

Explore how to use Azure Automation for running VMs during office hours. Learn to create runbooks for automated tasks at pre-defined times.

Howard van Rooijen

Co-Founder

Howard van Rooijen

Howard spent 10 years as a technology consultant helping some of the UK's best known organisations work smarter, before founding endjin in 2010. He's a Microsoft ScaleUp Mentor, and a Microsoft MVP for Azure and Developer Technologies, and helps small teams achieve big things using data, AI and Microsoft Azure.