Error connecting to Azure VM with VS Online Build Server / Release Management

Question

Sometimes I think I'm the only one trying to use this configuration.....

Using Visual Studio Online as my build controller and RM Update 4 as my release manager.

At this point the build itself is working fine and I'm grinding my way through writing a deployment script that RM will fire off after the build is complete.

I can get the script to fire but I'm having problems with what goes in the actual script. For starters the script is just trying to create a directory on the Azure VM before I move to something more useful like actually moving software.

At first I tried

Enter-PSSession -ComputerName fecprocessing.cloudapp.net –UseSSL
Invoke-Command fecprocessing.cloudapp.net {mkdir C:\data\}

That got me

Connecting to remote server thatserver.cloudapp.net failed with the following error message : The server certificate on the destination computer (thatserver.cloudapp.net:5986) has the following errors:

The SSL certificate is signed by an unknown certificate authority.

So after some research I tried this

$so = New-PSSessionOption-SkipCACheck:$true-SkipCNCheck:$true-SkipRevocationCheck:$true
Enter-PSSession-ComputerName thatserver.cloudapp.net-UseSSL-SessionOption$so
Invoke-Command thatserver.cloudapp.net {mkdirC:\data\}

This is returning the dreaded

Connecting to remote server thatserver.cloudapp.net failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.<---

Now I've done a lot of reading and there seem to be two basic paths.

1. Adding the build machine to the trustedhosts list - would be a no go because the build server machine name would change everything time VSO spins one up to do my build (right?). That would also be insecure because that server would not be able to tell it was the right server remoting in beyond the machinename

2. Adding a Certificate on the remote machine. But since the first piece of code seems to indicate there was a certificate I doubt this would make a difference.

Is there anyone out there that’s actually used this configuration (VSO/RM/AZURE VM) and can give me some guidance on what I should be trying next.

Answer 1

You're going about this in the wrong way. When you execute a PowerShell script via a vNext Release Template, it executes on the target machine. You don't need to mess around with Enter-PSSession or worry about credentials -- you enter all of that information in the "Execute PS/DSC Script" action.

Also, your #1 solution has no bearing on the problem you're experiencing: Release happens after build is complete. The build server is no longer involved by the time you're hitting this error.

Answer 2

You should use the vNext templates for Azure. They have built in authentication and you can associate an Azure account with RM to make things easyer.

http://nakedalm.com/create-release-management-pipeline-professional-developers/

You can also use the built in RM server in VSO so you don't have to rub your own.

Note: You also have to flip one of the options from true to false. Can't remember the name of the property but there are only a few options along with environment, component, and PS script... You need to scroll down and it is something to do with authentication.