Ever spun up an Azure virtual machine just to realize it doesn’t have the right ports open? Then, after 30 minutes of rolling your face on the keyboard, updating, restarting, and punching your monitor, it still doesn’t work? Just do it with Azure PowerShell.
$ResourceGroup = "YourResourceGroupName"
$VmName = "YourVirtualMachineName"
$Location = "eastus"
$ImageName = "Win2019Datacenter"
$VmSize = "Standard_B4ms"
$VmUsername = "icanconnectuser"
$VmUserPassword = ConvertTo-SecureString "SuperP@ssW0rd" -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential ($VmUsername, $VmUserPassword)
$NewAzureVmParams = @{
ResourceGroupName = $ResourceGroup
Name = $VmName
Location = $Location
ImageName = $ImageName
Size = $VmSize
Credential = $credential
#OpenPorts = 80, 443, 3389
}
#This creates your VM!
New-AzVM @NewAzureVmParams
Now at this point, you’ve just created the VM and you still can’t connect. Notice I’ve commented out the OpenPorts parameter. I’ve done this because, well… it doesn’t mean it updates the network security group and still won’t work. Updating the network security group will create and update the necessary pieces in Azure for your connections to work.
#Create a VM object to make life easier
$Vm = Get-AzVM -Name $VmName -ResourceGroupName $ResourceGroup
#Get the network security group
$NSG = Get-AzNetworkSecurityGroup -Name $Vm.Name
#Create the rules you want
$RuleRdp = New-AzNetworkSecurityRuleConfig -Name AllowRdp -Description "Allow RDP" `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix `
Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389
#Add it to the network security group
$NSG.SecurityRules.Add($RuleRdp)
$RuleHttp = New-AzNetworkSecurityRuleConfig -Name AllowHttp -Description "Allow HTTP" `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 101 -SourceAddressPrefix `
Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80
$NSG.SecurityRules.Add($RuleHttp)
$RuleHttps = New-AzNetworkSecurityRuleConfig -Name AllowHttps -Description "Allow HTTPS" `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 102 -SourceAddressPrefix `
Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 443
$NSG.SecurityRules.Add($RuleHttps)
#Lastly, update the Network security group
Set-AzNetworkSecurityGroup -NetworkSecurityGroup $NSG
Yes, I could have put this into a pretty function, and you should! If you check your VM’s network section, you should now see the ports. Now when you go to your VM and press “Connect” and download the RDP file, it will actually work right away…. hassle free!
Leave a Reply