Manage Microsoft Azure with PowerShell

Today I finally activated my free trial subscription on Microsoft Azure. This gives me the possibility to play around with all the nice Azure features. After playing around in the GUI I wanted to start looking at the PowerShell commands to manage my Azure subscription with PowerShell locally.

There is a difference between the old and the new PowerShell module, the old module is the “Azure” module with is based on the old portal and Azure Service Manager (ASM) model. The new module “AzureRM” is based on the Azure Resource Manager (ARM) technology. Don’t like old stuff so I use the new AzureRM commands.

Fist we need to Install the Resource Manager module, start PowerShell as Administrator.

Then login to your subscription with the command.

Now you are connected to the Azure Resource manager.
Some sample commands:


The WinRM client cannot process the request. If the authentication scheme is different from Kerberos

When a computer is not a domain member and there are no SSL Certificates available for HTTPS. You must change the trusted hosts on the client side.

Run: gpedit.msc
Then: Computer Configuration -> Administrative Templates -> Windows Components ->  Windows Remote Management (WinRM) -> WinRM Client
Last: Enable “Trust the remote machine” and add the server to the trustedhost field.

Or with PowerShell:


How to: Create Nano server image

With Server 2016 TP5 available today, we want to test it by ourselves.
First; how-to deploy a Nano server image.

Download the server 2016 ISO and mount it.

  1. Launch PowerShell as Administrator.
  2. Copy Nano server folder with the following command:
  3. Import the PowerShell module for building the the image with the following command:
  1. Run command

Gives a GUI where you can give the parameters for deploying the nano server VHD.
* Note: When you select other roles you must use the -Mediapath variable to the ISO.
** Note: AdministratorPassword must be a secure string. In the GUI Password field: (ConvertTo-SecureString -String “YourPassword” -AsPlainText -Force)

In order to automate things you can also do it by hand:


Get PowerShell version

Sometimes you need to check the PowerShell version of your Windows System, to get the PowerShell version you need to open a PowerShell prompt (taskbar type PowerShell).

This information is contained in the following variable:

Will give you the exact version.
Other commands which can be used are:


Get external IP Address using PowerShell

In some cases it can be useful to check your external IP Address within a PowerShell script.
So I created this little script:

Create PowerShell monitor SCOM

With scripts you can monitor almost everything in SCOM. Out of the box SCOM uses mostly VBScript instead of PowerShell, because it works on all Windows versions. I prefer PowerShell above VBScript, so I created some PowerShell performance collection rules and PowerShell monitors.

Silect created an awesome tool called MP Author to build management packs wizard driven.

The steps:

– Create new management pack, give it a name, choose a folder, locate the references and select Empty Management pack.
– Create a custom application class. In MPAuthor this called Targets, create a new target. I used WMI to locate the custom application service (Select * From Win32_Service Where Name Like “%Service name%”). We are working with a Windows local application, with Windows Computer as target.
– Next, create a custom PowerShell performance rule or a PowerShell monitor (works the same). New “Script performance rule”. Give the script a name and paste the code in the script area. In the next page provide the parameters:

Counter: Pagespeed
Instance: Someinstance
Value:  $Data/Property[@Name=’Pageloadtime’]$

Select the target we created the above and finish the wizard.

Example script to explain the used SCOM variables:


Access to the registry key ‘HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication’ is denied.

There are two ways to solve this:

1. Run VEEAM PowerShell always as Administrator
2. Change the permissions of the following registry key: \\HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication\ -> Users full control.

Monitor JEE Java applications with SCOM

It’s possible to monitor the mbeams provided by the java engines with SCOM. Out of the box SCOM Doesn’t discover these applications automatically. There are some more steps needed to complete this.

The steps I followed:

– Download and import the SCOM JEE Management packs from: Download
– Install a SCOM Monitoring agent on the application server.
– Enable agent proxy on the SCOM agent (SCOM Console -> Administration -> Agent Managed -> Right click -> Allow this agent to act as proxy).
– Open port 8080 from the SCOM Management server to the application server.
– Search for the “beanspy.war” files on the SCOM Management server. Usually located in a subfolder of: “C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server\Health Service State\Resources”
– In my case i used an application server without authentication so i need the beanspy.notauth.war.
– Rename the beanspy.notauth.war to beanspy.war.
– Deploy beanspy.war to youre application web server, in my case tomcat-7.0.
– Restart the application web server services to load beanspy.war.
– Check if the beanspy module is loaded: browse http://URL:8080/BeanSpy/MBeans?JMXQuery=*:*
– Add the application server with the .\NewJEEAppServer.ps1 powershell script.
– .\NewJEEAppServer.ps1 -ManagementServer FQDN -JEEAppServerType Tomcat -JEEAppServerVersion 7 -Target http://FQDN:8080
– In my situation the standard query defined in the JEE Management packs discovered nothing. (http://FQDN:8080/BeanSpy/MBeans?JMXQuery=Catalina:j2eeType=WebModule,*).  I changed this by overriding the default discovery settings with (*:*). And I changed the discovery interval.
– Now you can create JEE Monitors with the pre-defined Management pack templates.

Debug SCOM Agent

Sometimes it’s unclear what the error messages are when the SCOM Agent is running an VB or PowerShell script. Or the event-log messages say nothing about the issue you actually facing. In this situation the Tracing.cmd could give you more information what is happening.

How to start the SCOM Agent Tracing:

  • Go to the Operations Manager Tools directory. Which is located: “C:\Program Files\Microsoft Monitoring Agent\Agent\Tools”
  • Run: StopTracing.cmd
  • Remove all the files located in the OpsMgr log folder: “C:\Windows\Logs\OpsMgrTrace”
  • Run: StartTracing.cmd VER
  • Wait till the problem reoccur, mostly an eventlog message that some script has runned.
  • Run: StopTracing.cmd
  • Format the logs in human readable information this can be done with the: FormatTracing.cmd
  • The logs are saved in the log directory.

I used SMS Trace to debug the logs.

The issue was found in the “TracingGuidsManaged.log”. Invoke-WebRequest was running under a user account witch not have runned the “IE First time run setup”. You can change a group policy for this issue or simply run the step with the actual account.

Example debug line:

[3]dd/mm/yyyy [AzureModule] [] [Error] :RunspaceController.WriteErrorLine{runspacecontroller_cs412}( 0000000000)PowerShell Script ‘ps1’ WriteErrorLine: Invoke-WebRequest : The response content cannot be parsed because the Internet

PowerShell Rest API programming

With the PowerShell invoke-restmethod command it’s possible to interact with a REST based API.
In the following script I’ve added a couple of examples how-to interact with methods as GET and POST.

Add VM to VEEAM Portal scope with PowerShell and the VEEAM Rest API

The steps taken in this script:
– Creating a new session with the given credentials.
– Search for the VMid (GET query).
– Search for the right account. (GET query)
– Add VM To portal scope (POST with XML body).

*note: No error/exception handling added, just a beginners script to show howto interact with the VEEAM Rest API with PowerShell.