Periodic Remote Session issue with Azure VMs

Gauf 1 Reputation point
2020-02-25T21:32:06.083+00:00

Hello all,

I'm running a PowerShell script with the Az Module locally that creates a Resource Group (with all the bells & whistles), deploys a Windows Server 2016 image, and runs a remote session to start prepping the machine after spinning it up.

However I'm getting an intermittent issue where remote connection to the server fails : 

[<pip>] Connecting to remote server <pip> failed with the following error message : The SSL connection cannot be established.   
Verify that the service on the remote host is properly configured to listen for HTTPS requests.   
Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM.   
If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service:   
"winrm quickconfig -transport:https".   
For more information, see the about_Remote_Troubleshooting  
Help topic.  
    + CategoryInfo          : OpenError: (<pip>:  
   String) [], PSRemotingTransportException  
    + FullyQualifiedErrorId : -2144108102,PSSessionState  
   Broken  
Copy Files Failure : Aborting Deployment.

I haven't found anything directly useful in

about_Remote_Troubleshooting

TCP tests are good for port 5986 (NSG is configured to allow it), and I'm instantiating the VM with

Set-AzVMOperatingSystem

Options :

-ProvisionVMAgent -WinRMHttp -WinRMHttps -WinRMCertificateUrl <secretURL>

The secret is a Self-Signed .pfx Certificate from my machine uploaded in the RG's keyvault in a secureString json object.
I'm trying to enter a remote session with

(New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)

RDC works, Web port 80 works, and the Win Remote Management service is found to be running.

Running 'winrm quickconfig' to create a listener doesn't help because the server doesn't have valid certificate.

WinRM events do not update when I try a remote session so clearly something is blocking the request or it's just not listening despite everything I know being set up for it.

The issue seems to keep occurring no matter how many deployment I start, and stays for a period of time, but then clears up later.

I feel that it's significant to mention, but I don't know precisely why it's happening.

I don't know what to try next, what am I missing ?

Your thoughts & time is appreciated,

Thank you.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,196 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gauf 1 Reputation point
    2020-02-28T18:43:47.34+00:00

    udpate : The only thing I have done so far that seems to have helped was to stop creating new certificates at each deployment and simply re-use the same one.
    This seems to have made the amount of times I encounter the WinRM https listener error go down to a more bearable 20% but it's pure conjecture on my part and could be unrelated.

    I believe one way to bypass this issue would be to manually go in RDC to remove the listener and create a new one but then 1: I'm not sure I can create a valid listener 2: the script wouldn't really be 'automated' anymore....

    0 comments