PowerShell remoting is useful to manage virtual machines using PowerShell. When you create a virtual machine in the classic azure model, a winrm endpoint is automatically configured and can be used to manage virtual machines. You’ll just need to import ssl on your local machine and connect to the remoting session. However, same is not created if you create a virtual machine in the resource manager model. So if you try to connect using PowerShell remoting for azure rm vm, you’ll see this error:

enter-pssession : Connecting to remote server mailserver02.metavrs.in failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is
different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration
setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following
command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ enter-pssession -ComputerName mailserver02.metavrs.in
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 + CategoryInfo : InvalidArgument: (mailserver02.metavrs.in:String) [Enter-PSSession], PSRemotingTransportException
 + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

In this post, we’ll see how to configure azure rm virtual machine for remoting purposes. For this, login into azure rm portal using your credentials. Then navigate to Virtual Machines ->  -> Settings -> Network Interfaces -> :

As shown in snap, click on inbound security rules icon and then click add to add a new rule:

Then, define a new rule by defining a name, priority, and source as any. Select service name as winrm from list of services and then select allow:

After this, login into the virtual machine. Open windows firewall snap-in and then add incoming rule to allow traffic on port 5986. Alternatively, you can use below command:

New-NetFirewallRule -Name "winrm_https" -DisplayName "winrm_https" -Enabled True -Profile Any -Action Allow -Direction Inbound -LocalPort 5986 -Protocol TCP

The rule will look something like this:

After this, you’ll need to create a certificate for secure connection inside virtual machine. You may choose to use a publically trusted certificate, but for our purposes we are using a self signed certificate as I just wanted to get up and running as quickly as possible. You need to provide a DNS name, later in the post we will sconnect via IP address and skip the DNS name check so it doesn’t actually mattter what you set this to. However best practice would be to ensure you have a DNS name resolving to your Azure VM’s public IP address and use that DNS name.

For creating certificate, we can use a PowerShell command as below:

New-SelfSignedCertificate -DnsName mailserver01.metavrs.in -CertStoreLocation Cert:\LocalMachine\My

This will create and add a self signed certificate to personal store for local machine:

Notice the thumbprint id created by using above command. To enable winrm on port 5986, we need to run below command (on a command prompt) inside virtual machine:

winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="mailserver01.metavrs.in"; CertificateThumbprint="B843517858DC200F338AA096EBE69E2F140E3F47"}

In the above command, replace hostname by your virtual machine DNS name and the thumbprint generated. This is what it should look like when you run it:

Now, we are all done. To connect from a client machine, we can use below set of commands on PowerShell prompt:

$so = New-PsSessionOption –SkipCACheck -SkipCNCheck
$creds = Get-Credential
Enter-PSSession -ComputerName  -Credential $creds -UseSSL -SessionOption $so

This is what it should look like:

Happy remoting.