Reputation: 834
Resizing my Azure VM changed my IP and now WinRm wont work
I have a VM that i am manipulating using an azure devops pipeline. Previously, using WinRM to transfer files to the VM worked fine. However the vm's ram was not suitable for our needs, so i re-sized the VM to add more ram. Since resizing the VM, the VM's ip address has changed. This has caused WinRM to stop working. I tried to use winrm quickconfig -force in the console, and get this error:
Unable to enable the firewall for WinRM.
I removed the HTTPS listener from 5986 who's host was the old IP address, however i cannot add a new listener that points at the correct IP.
Start-RemotePSSession does not fail, or if it does, then it does so silently
I have looked at the certs and only can see one for the old ip address:
How can i add a cert for my new ip address? Or is there a different/better way to accomplish what i am trying to do (get winrm working again)
Upvotes: 1
Views: 376
Answers (1)
Reputation: 28224
Since you have an old cert issued to the old Public IP address, you can generate a new cert issued to the new public IP address.
For example,
1. Go to the VM console and generate a self-signed cert for a test.
$certificateName = "51.x.x.x"
$thumbprint = (New-SelfSignedCertificate -DnsName $certificateName -CertStoreLocation Cert:\LocalMachine\My -KeySpec KeyExchange).Thumbprint
Delete the old https listener and bind a new cert for the https listener.
winrm delete winrm/config/listener?Address=*+Transport=HTTPS
$thumbprint="7AD714C2AA0EF690EEFxxxxxxD"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $thumbprint –Force
Enumerate the listeners.
winrm e winrm/config/listener
Note: the winrm quickconfig does not work for self-signed certs based on my validation. You could follow the above steps to manage it. If you have not allowed port 5986 in the windows firewall inside the Azure VM, you can enable it with PowerShell. If there is a network security group in your Azure VM subnet or associated NIC, you also need to enable it for HTTPS port. Read this blog for more details.
New-NetFirewallRule -DisplayName "winrmhttps" -Direction Inbound -LocalPort 5986 -Protocol TCP -Action Allow -RemoteAddress Any
Upvotes: 2
Related Questions
- Unable to do WinRM from Domain machine to Standalone machine (both are Azure VM)
- Unable to connect to Azure VM after changing RDP Port to 443
- How do I resize an Azure DevTest Lab VM that uses shared IP configuration
- Azure Virtual Machine not accessible after RDP port changed
- The IP address of my Azure Windows VM changed without waning
- Not able to Spin a VM in Azure from image
- Update-AzureRmVmss command is not working
- Azure's DNS issue after creating snapshot and redeploying the VM with a new IP
- AzureRm get IP from created virtual machine
- Is there a way to rescue an Azure VM with a changed IP?