代码之家 › 专栏 › 技术社区 › Alvaromon

为TFS生成和释放远程处理设置目标计算机

tfsbuild

1

Alvaromon · 技术社区 · 7 年前

花了很多时间试图找出如何设置一些vm以允许tfs构建代理远程访问它并运行powershell脚本。

您可能会遇到以下错误消息:

Connecting to remote server (IP Address here) failed with the following error message : 
WinRM cannot complete the operation. Verify that the specified computer name is valid, 
that the computer is accessible over the network, and that a firewall exception for the 
WinRM service is enabled and allows access from this computer. By default, 
the WinRM firewall exception for public profiles limits access to remote computers within 
the same local subnet. For more information, see the about_Remote_Troubleshooting Help 
topic.

Connecting to remote server (IP Address here) failed with the following error message : 
Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. 
 ---> System.Management.Automation.RuntimeException: Connecting to remote server 
(IP Address here) failed with the following error message : Access is denied. For more 
information, see the about_Remote_Troubleshooting Help topic.

1 回复 | 直到 7 年前

1

Alvaromon 7 年前

以下是配置生成代理的步骤:

共享文件夹

param
(
  [string]$sharePath = $(Read-Host "Please enter the path that you want to create the share"),
  [string]$username = $(Read-Host "Please enter the username of the account to share the folder with")
)

$majorVersion = [Environment]::OSVersion.Version.Major;

if(!(Test-Path $sharePath)){
New-Item $sharePath -type directory;

if($majorVersion -eq 6){
  net share SharedData=C:\SharedData /grant:$env:COMPUTERNAME\$Username`,full
}

elseif($majorVersion -eq 10){
  New-SMBShare -Name "SharedData" -Path $sharePath -FullAccess $username;
  Write-Host "Shared created."
}
}
else{
  Write-Host "Share already existed."
}

必须配置winrm

Winrm quickconfig -quiet
目标计算机在生成代理的受信任主机列表中

winrm s winrm/config/client '@{TrustedHosts="xx.xx.xx.xx"}'

xx.xx.xx.xx is the Target Machineâs IP address

以下是配置目标计算机的步骤:

共享文件夹-如上所述,因此不会在此处添加代码

连接的网络必须是专用的

$RegPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles";

$ValName = "Category";

$Value = "1";

$ValName2 = "CategoryType"

$Value2 = "0";

foreach($RegObj in Get-ChildItem $RegPath)
{
    $RegKeyName = $RegObj.PSChildName;  
    New-ItemProperty -Path $RegPath\$RegKeyName -Name $ValName -Value $Value -PropertyType DWORD -Force | Out-Null;
    New-ItemProperty -Path $RegPath\$RegKeyName -Name $ValName2 -Value $Value2 -PropertyType DWORD -Force | Out-Null
}

$majorVersion = [Environment]::OSVersion.Version.Major;
$NetAdapters = netsh interface show interface;
[String]$NetAdapters -match "(?<=Dedicated).*";

foreach($Adapter in $matches)
{
  if($majorVersion -eq 6)
  {
    netsh interface set interface name=($Adapter[0]).Trim() admin="disable";
    Start-Sleep 3
    netsh interface set interface name=($Adapter[0]).Trim() admin="enable";
 }
 elseif($majorVersion -eq 10)
 {
   Restart-NetAdapter -Name ($Adapter[0]).Trim();
 }
}

必须配置winrm-与上面相同,因此不会在此处添加代码
必须启用powershell远程处理

Enable PSRemoting -force
生成代理位于受信任主机的列表中-与上面相同,因此不会在此处添加代码
对于Windows 7,在防火墙本地组策略中添加规则,以允许通过指定端口进行TCP连接

要开始执行此操作,请选择Windows按钮键入策略并选择“编辑组策略”。遍历“计算机配置”>“Windows设置”>“安全设置”>“具有高级安全性的Windows防火墙”>“具有高级安全性的Windows防火墙”>“入站规则”。右键单击并选择New Rule…。按照这些选择,选择端口,单击下一步,选择TCP,输入5985(HTTP)或5986(https)特定的本地端口,选择“允许连接”,选择我选择的所有3种网络类型,输入名称,然后单击完成。