Configures Secure Remote PowerShell Access to Windows Azure Virtual Machines

This script downloads and installs the automatically generated self-signed certificate created by Windows Azure for secure Remote PowerShell access to virtual machines.

4.9 Star
8,946 times
Add to favorites
Windows Azure
E-mail Twitter Digg Facebook
  • SubscriptionID support instead of SubscriptionName for EA users
    2 Posts | Last post February 18, 2016
    • I have an EA and all my subscriptions are named "Microsoft Azure Enterprise". Can you make this script support ID? I tried briefly and got a bunch of errors. I will try again today.
      Get-AzureSubscription | ft -prop subscriptionname
      Microsoft Azure Enterprise
      Microsoft Azure Enterprise
      Windows Azure  MSDN - Visual Studio Premium
      Microsoft Azure Enterprise
    • Woohoo, must have not changed the param when calling the script past time. Got it to work with ID.
      .\InstallWinRMCertAzureVM.ps1 -SubscriptionID "10101010-1010101010-101010-101010" -ServiceName "mycloudservice" -Name "myvm1" 
      Script changes: 
      line 31: param([string] $SubscriptionID, [string] $ServiceName, [string] $Name)
      line 71: #add storage account (maybe optional, but I always do it to be safe)
      $storage = "storageaccountnamehere" 
      Set-AzureSubscription -CurrentStorageAccountName $storage -SubscriptionId $SubscriptionID
      Select-AzureSubscription -SubscriptionId $SubscriptionID -Current
      That's it, script worked with SubscriptionID
  • Getting error "No deployment found in service"
    1 Posts | Last post February 08, 2016
    • I am not sure if this script will work for ARM VMs from the new portal. CReated VMs using PowerShell ARM templates and trying to remote connect to them. BUt the script keep giving below error:
      .\InstallWinRMCertAzureVM.ps1 -SubscriptionName "Visual Studio Enterprise with MSDN" -ServiceName "vm-from-customimage-powershell-93437" -Name "VM93437"
      Installing WinRM Certificate for remote access: vm-from-customimage-powershell-93437 VM93437
      WARNING: No deployment found in service: 'vm-from-customimage-powershell-93437'.
      Get-AzureCertificate : Cannot validate argument on parameter 'Thumbprint'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
      At \InstallWinRMCertAzureVM.ps1:54 char:83
      + ... ificate -ServiceName $CloudServiceName -Thumbprint $WinRMCert -Thumbp ...
      +                                                        ~~~~~~~~~~
          + CategoryInfo          : InvalidData: (:) [Get-AzureCertificate], ParameterBindingValidationException
          + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.WindowsAzure.Commands.ServiceManagement.Certificates.GetAzureCertificate
  • Null DefaultWinRMCertificateThumbprint
    3 Posts | Last post June 22, 2015
    • How can i come accross this? since i have a few VMs with the DefaultWinRMCertificateThumbprint Null?
    • Hello i am encountering the same error since some days, the DefaultWinRMCertificateThumbprint is empty when a request the vm state using (Get-AzureVM -ServiceName $CloudServiceName -Name $Name | select -ExpandProperty vm).DefaultWinRMCertificateThumbprint
      Do you have any idea ? 
      I check several time my subscription name service name and vm name.
    • Hi!
      I'm experiencing similar problem.
      Do You know how to fix it?
  • Help
    2 Posts | Last post June 17, 2014
    • Hi Mike,
      I'm having some issue getting the Thumbprint to take. Here is my input.:
        Write-Host "Installing WinRM Certificate for remote access: $CloudServiceName $Name"
      	$WinRMCert = (Get-AzureVM -ServiceName $CloudServiceName -Name $Name | select -ExpandProperty vm).DefaultWinRMCertificateThumbprint
      	$AzureX509cert = Get-AzureCertificate -ServiceName $CloudServiceName -Thumbprint $WinRMCert -ThumbprintAlgorithm sha1
      	$certTempFile = "C:\temp\test.cer"::GetTempFileName()
      	$AzureX509cert.Data | Out-File $certTempFile
      	# Target The Cert That Needs To Be Imported
      	$CertToImport = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certTempFile
      	$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root", "LocalMachine"
      	Remove-Item $certTempFile
      this is the error I'm getting back.
      Get-AzureCertificate : BadRequest: The certificate's thumbprint parameter is invalid.
      At line:29 char:19
      +     $AzureX509cert = Get-AzureCertificate -ServiceName $CloudServiceName -Thumbprin ...
      +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : CloseError: (:) [Get-AzureCertificate], CloudException
          + FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.Certific 
      Unable to cast object of type 'System.String' to type 'System.Type'.
      At line:31 char:2
      +     $certTempFile = "C:\temp\test.cer"::GetTempFileName()
      +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : OperationStopped: (:) [], InvalidCastException
          + FullyQualifiedErrorId : System.InvalidCastException
      Out-File : Cannot bind argument to parameter 'FilePath' because it is null.
      At line:32 char:33
      +     $AzureX509cert.Data | Out-File $certTempFile
    • I saw the same issue. Then I found I have multiple subscriptions, one from free trial, another from MSDN, after switch to the other subscription, the script succeeded.
  • Does this need to run with Powershell for Widows Azure
    1 Posts | Last post April 22, 2014
    • Does this script need to run in PowerShell for Azure or Windows? I would like to run this from my desktop and have it execute against my Azure VM. It fails under Azure powershell because it is not a signed script, and fails under powershell for Windows with this error:
      Select-AzureSubscription : The subscription named 'MySubscriptionName' cannot be found. Use Set-AzureSubscription to
      initialize the subscription data.
      At D:\Downloads\AzureDownloads\InstallWinRMCertAzureVM.ps1:71 char:1
      + Select-AzureSubscription $SubscriptionName
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : CloseError: (:) [Select-AzureSubscription], Exception
          + FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.Profile.SelectAzureSubscriptionCommand
      I am using the SubscriptionName shown for my Azure VM, the -ServiceName I'm using is "" and the -Name is the Virtual name. 
      I am running as Administrator in both Azure Powershell and Windws powershell.
      Can you tell me what I am missing? Thanks!
  • help
    1 Posts | Last post March 21, 2014
    • I know thats a lot but but im new to powershell and im trying to get an automation script work. The only thing that I'm missing is the SSL Cert part so i can WinRM in to the vm. If you need more, please feel free to email me at
  • Can the solution be extended to PaaS roles?
    1 Posts | Last post December 18, 2013
    • Hi Michael
      thanks a lot for the script, it works great. :) Question: if you specify a 5986 InputEndpoint in the service definition file of a PaaS web\worker role, do you think that this solution can also be used to run remote commands on PaaS roles?