แชร์ผ่าน


Taking advantange of Windows PowerShell Remoting and VMM cmdlets

Even though VMM does not officially support the Windows PowerShell Remoting feature of PowerShell v2, you can get this to work by following the guidelines in this blog post. Officially, to execute the VMM cmdlets you need to install the VMM Administrator Console on all client computers that need to use the cmdlets, but by following the steps in this post, you can run VMM cmdlets on a machine that has no VMM components installed at all!

To illustrate how to use PowerShell remoting with the VMM cmdlets, i have set up a simple architecture that is also illustrated in the picture below. I will be using the computer names in that picture throughout this blog post. Make sure that you are using Windows PowerShell v2 on both simpleclient and adminconsole computers. PowerShell v2 is installed by default on Win2k8 R2 computers.

To get started, first enable WinRm on the the computer simpleclient and the computer adminconsole. PowerShell remoting depends on WinRM. To enable WinRm on each of the two computers, run "winrm quickconfig" from a command prompt to create a WinRM listener on https://* and to add the necessary firewall exceptions for WinRM.

Next, because your credentials need to double-hop from the simpleclient to the adminconsole and then to the vmmserver, we need to use CredSSP. CredSSP can be used to delegate the credentials to the remote computer so that the VMM server can authenticate the cmdlet requests. Failure to enable CredSSP on the simpleclient and the adminconsole computers will most likely result in this error when you try to get a connection to the VMM server using the get-vmmserver cmdlet.

<<
You cannot access Virtual Machine Manager server vmmserver.contoso.com.
Contact the Virtual Machine Manager administrator to verify that your account is a member of a valid user role and then
 try the operation again.
    + CategoryInfo          :
    + FullyQualifiedErrorId : 1604,Microsoft.SystemCenter.VirtualMachineManager.Cmdlets.ConnectServerCmdlet
>>

To enable CredSSP, from an elevated Windows PowerShell Window do the following:

-On the simpleclient computer, execute: "Enable-WSManCredSSP -Role client -DelegateComputer adminconsole.contoso.com"

-On the adminconsole computer, execute: "Enable-WSManCredSSP -Role server"

You can read more about CredSSP and the double-hop issue at https://blogs.msdn.com/clustering/archive/2009/06/25/9803001.aspx and at https://blogs.msdn.com/powershell/archive/2008/06/05/credssp-for-second-hop-remoting-part-i-domain-account.aspx.

Now that CredSSP and WinRM are configured, open a Windows PowerShell window on the simpleclient computer and execute the following cmdlets. This example shows you how to execute VMM cmdlets using the SSH/Telnet experience (meaning everything happens on the remote computer adminconsole).

<<

# get credentials that are also a VMM Administrator
$cred = get-credential

# show the computer name we are on right now, namely simpleclient
$env:COMPUTERNAME

# create a PS session using CredSSP to the adminconsole computer
New-PSSession adminconsole.contoso.com -Authentication CredSSP -credential $cred | Enter-PSSession

# show the computer name we are on right now. It should have changed to adminconsole
$env:COMPUTERNAME

# add the VMM Windows PowerShell snapin
add-pssnapin Microsoft.SystemCenter.VirtualMachineManager

# start executing VMM cmdlets. First get a connection to the VMM server and then
# get a listing of all VMs in the system and some of their properties
get-vmmserver vmmserver.contoso.com
get-vm | select name, id, status, hostname | format-list
>>

 Now, the following example will show you how you can call the VMM cmdlets locally on the simpleclient computer without any binaries being installed on that computer :) (the no-bits on the client scenario is super powerful)

<<

# get credentials that are also a VMM Administrator
$cred = get-credential

# show the computer name we are on right now, namely simpleclient
$env:COMPUTERNAME

# create a new session to the target machine where the VMM Administrator Console (the snapin/module) is installed
$session = New-PSSession adminconsole.contoso.com -Authentication CredSSP -credential $cred

# load the VMM cmdlets in the PS Session
Invoke-command $session {add-pssnapin Microsoft.SystemCenter.VirtualMachineManager}

# import the get-vmmserver and the get-vm cmdlets from the remote pssession into the current session
$vmmcmdletstoimport = @("get-vmmserver", "get-vm")
Import-PSSession $session –CommandName $vmmcmdletstoimport

# now you can call these VMM cmdlets locally as if those commands are present on the client machine
# this allows for mixing of remote and imported cmdlets

# prove that we are still on the simpleclient computer
$env:COMPUTERNAME

# start executing VMM cmdlets. First get a connection to the VMM server and then
# get a listing of all VMs in the system and some of their properties
get-vmmserver vmmserver.contoso.com
get-vm | select name, id, status, hostname | format-list

# Magic :)
>>

Once you are done, you can disable CredSSP using the following commands:

-"Disable-WSManCredSSP -Role client" on the simpleclient computer

-"Disable-WSManCredSSP -Role server" on the adminconsole computer